Last editedJan 20223 min read
Payment gateways are services that process credit and debit card information for online transactions. They securely encrypt sensitive information such as bank card and CVV numbers, as well as the account holder name, address and password. Obviously this sensitive information needs to be kept extremely secure, so how does an ecommerce business ensure their payment gateway is as secure as it needs to be?
The answer is to test the payment gateway yourself, and there are a number of ways to do this.
Types of payment gateway
There are two main types of payment gateway for ecommerce businesses. These predominant payment gateway types are:
Self-hosted payment gateway
Shared or non-hosted payment gateway.
Self-hosted payment gateway
A self-hosted payment gateway does require a merchant ID as it redirects the customer away from the website’s checkout page via the Pay Now button. The customer is redirected to a payment service provider page such as PayPal Standard, Payza, 2Checkout or Setcom. The customer then inputs their payment details and then they are directed back to the website page.
Shared payment gateway
Shared payment gateways direct the customer to a payment page within the website itself. This gateway is customisable and thus can be controlled at every step of the way by the ecommerce business. However, the business also has the burden of ensuring all security measures have been followed in order to protect each customer’s data.
When you choose a payment gateway, you must know which one is the most suitable for your business and undertake the thorough testing process as described below.
Payment gateway testing checklist
There are several test case scenarios for payment gateway security testing. Obviously the security of the transferred data must be verified, but you also need to check the functionality of the gateway. You do this to see if the application works exactly as it should when processing orders and calculating prices, including the likes of shipping and taxes.
The integration of your payment gateway with your credit card service will also need to be verified. Finally, to complete the payment gateway testing checklist, you will need to see how well the functionality, credit card service integration and data encryption perform during periods of high demand.
Let’s look closer at how to complete this payment gateway testing checklist.
Payment gateway functionality
Functional testing is especially needed when using a less established payment gateway, though it is advisable to do it even for established gateways. You must be certain that the application will behave the way it is supposed to behave when processing transactions. This means running every kind of order through the system, deleting and adding items to baskets before finalising, changing the language halfway through an order, and ensuring all calculated totals and sub-totals are correct.
Credit card service integration
The integration of a credit card service with your payment gateway will also need to be thoroughly tested. Your website or app must be working perfectly with the credit card service provider, so check the transaction flow of each test payment. Place an order and pay, then check that the funds have been received in the merchant account. Finally, you will want to check if the transaction can be refunded or made void.
Data security testing
The customer’s sensitive information must be protected so make sure that it is only transferred to process a transaction after it has been encrypted. Your channel must be secure so no data is transferred without full encryption first.
Payment gateway performance
The performance of the payment gateway is the final item on the payment gateway testing checklist. You will need to process multiple orders at the same time to ensure the payment processor does not fail under increased demand. Hopefully your business will be booming, so be prepared for multiple users completing transactions at the same time.
We can help
Users can try the GoCardless sandbox environment. The sandbox environment enables you to test the full GoCardless platform, without payments being submitted to the banking system for processing.
These accounts are great for running tests if building an integration with our API but can be just as useful if you simply want to test out the different features within the dashboard without processing any payments as you would in a live environment.
Learn more about using scenario simulators for testing in sandbox.
If you’re interested in finding out more about how to make a dummy payment gateway for testing, or any other aspect of your business finances, then get in touch with our financial experts at GoCardless. Find out how GoCardless can help you with ad hoc payments or recurring payments.