Types Of Payment Gateway and Testing

A payment gateway is an e-commerce service that encrypts payment information, authorizes the payment and securely pass information from buyer site to merchant site. The transaction between buyer and merchant is considered successful when money is transferred to merchant’s account and order is placed successfully.

Payment gateway requires rigorous testing as it involves testing with different aspects such as authorization, data encryption, web service connectivity and data security.

Types of Payment Gateway System

1. Hosted Payment Gateway:

Hosted payment gateway redirects customer from e-commerce site to payment gateway link. Once payment is done, it will redirect customer back to the e-commerce site. E.g. Paypal, WorldPay etc.

2. Shared Payment Gateway:

Shared payment gateway involves payment via payment page on site itself and customer is not redirected to an external link.

Payment gateway testing includes functional testing, integration testing, database testing, security testing and performance testing.

1. Functionality

A tester should make sure below points while executing functional testing for payment gateway:

• All options for payment are listed and working properly such as Credit Card, Debit Card, Net Banking, Cash Card.
• Region-specific charges and taxes calculation is done properly or not.
• Notification through email is done to a customer and the owner about the transaction
• Appropriate buffer time is taken between checkout and confirmation page.

2. Integrations

Verify integration of payment gateway with different credit cards and banking services. Make sure below points are tested properly:

• Web services are connected to the right bank/financial services.
• A system is requesting and responding right information to and from the banking server.
• The correct amount for complete order is processed in right currency format and in the correct sequence.

3. Security

Security is the most important aspect of payment gateway testing. Transactions should be kept safe from penetration activities, cyber-attacks, and vulnerabilities. Following should be kept in mind while doing security testing:

• Verify if the system is safe from cross-site scripting, spoofing and SQL injections.
• URL is accessed based on user roles and authorization management.
• Proper SSL certificates and safety access points are implemented at each transaction stage.

4. Database

Database testing should be done and below points should be kept in mind:

• Customer details like name, address, contact number are maintained properly and there is no chance of leakage of personal data.
• Bank details, credit card, and cash wallet entries are collected and stored properly.
• Database files are accessible by authorized users from intended places only.

5. Performance

Performance testing should be done and make sure of below points:

• The application is stable during load times.
• Working well across different environments.
• The system contains proper memory, space and network across server for proper functioning.