Testing Guide
Test environment
Make sure all the testing is done against one of our sandbox accounts. Testing on a live account can cause problems such as:
- Unnecessary downtime
- Live transaction corruption/loss
- Chargebacks
- PCI DSS implications
Setting up the test environment
You should ensure that your test environment is configured as close as possible to your live environment, particularly:
- Web server (IIS/Apache) version
- Web server configuration, especially the language interface (PHP/ASP etc.) and session timeout
- Database connectivity
- Firewall
- Latest versions of our shopping carts and SDKs
Background validation
If you're using our Hosted Pages solution, you should seriously consider implementing Background Validation.
With background validation you can provide a webhook to which our host will send the result of every transaction in addition to the response you already get from the page. This ensures that your order system accurately reflects the transaction result even in the case where the cardholder redirect fails.
Security concerns
The PCI DSS states that you should never use live cards in a test environment, otherwise this environment is also subject to PCI audit and DSS rules.
What to test
All cases
- Host is unavailable (i.e. use invalid sandbox URL)
- Incorrect parameters in the request
- The hash string sent by the gateway in the response is properly validated
- Make sure your application is able to handle the different types of responses
- Refreshing the receipt page does not re-perform the transaction/resend the receipts
- PCI DSS guidelines are met in all scenarios
- All required currencies are processed correctly
Per integration method
Hosted Payment Page
- Customer doesn't complete transaction (e.g. closes browser window)
- The Receipt Page URL is misconfigured in your terminal
- Customer takes over 60 mins to complete transaction
- Simultaneous transactions do not interfere with each other
- Background validation is successful for all transactions and responses, if applicable
REST API
- API Key is valid
- Access tokens are re-generated before they expire
- Only digits with no spaces are sent into Card number/CVV fields
- Host returns a Bad Request error due to incorrect content in the JSON request
- Host returns an Unprocessable Entity error to indicate a business rule or constraint violation
When using shopping carts
Testing will be quite specific depending on the shopping cart and plug-in being used. You should cover all the relevant test above for your integration method, even though the functionality is obscured by the plug-in you are using, the issues outlined above can still occur.
Other shopping cart issues that should be tested are:
- Only digits with no spaces are sent into Card number/CVV fields
- Order status is updated correctly in shopping cart
- Customer e-mails are populated correctly
- Customers get the right number of e-mails (our host may also send an e-mail to the customer depending on the plug-in)
- Session timeouts do not cause transactions to be dropped
- Transactions over 1,000 and 1,000,000 Euro/Pounds/Dollar etc. are handled correctly
Testing resources
Sandbox
Initial testing doesn't require a dedicated test account, you can use our sandbox to get started. Ready to play around? Sign up for a sandbox account.
Credit Cards
Test cards that can be used on our host are:
CARD SCHEME | CARD NUMBER | REQUIRES CVV |
---|---|---|
American Express | 3400000000000000 | Y |
Debit MasterCard | 5100270000000007 | Y |
Diners | 3600000000000008 | N |
Discover | 6011000000000004 | Y |
JCB | 3528000000000007 | Y |
Maestro | 5000330000000000 | Y |
MasterCard | 5001650000000000 | Y |
Switch | 6301144000000009 | N |
Visa Credit | 4539858876047062 | Y |
Visa Debit | 4000060000000006 | Y |
Visa Electron | 4001020000000009 | N |
Electronic Benefit Transfer (EBT) Cards
Currently, EBT processing is only supported by FiServ and TSYS processors.
CARD NUMBER | BENEFIT CATEGORY | PIN |
---|---|---|
6007602801003837964 | Food Stamp | 1234 |
6007602801003837965 | Food Stamp | 1234 |
6007602801003837967 | Cash Only | 1234 |
6007602801003837968 | Cash Only | 1234 |
6007602801003837969 | Cash Only | 1234 |
6007602801003837971 | Inactive card | 1234 |
4-digit
(Amex) or 3-digit
(other brands) numeric code.
Response Codes
Simulate responses by using different cent amounts for transactions. The cent values and their respective responses are:
Cent Value | Response |
---|---|
0.01 | Declined |
0.02 | Referral |
0.03 | CVV failure (Decline) |
Any other | Authorised |
Meaning that if you enter 5.01
, 99.01
or 1754.01
you will get a decline, for example.
Advanced solutions
For large merchants, Worldnet will be happy to provide you with specialized test scripts and help with any struggle you may go through during integration. Feel free to contact our team of experts.