Sign up for The Paypers newsletter Follow The Paypers on LinkedIn Follow The Paypers on Twitter Follow The Paypers on Facebook Follow The Paypers on Google +
The Paypers, paypers, Insight in payments, News, Reports, Events
Expert opinion

Testing online payment systems – quick guide for online sellers

Thursday 14 September 2017 | 10:48 AM CET

Jason Lackey, IxiaTesting an online payment system involves similar steps to testing any other payment system, but with an even stronger emphasis on security

An online retailer or any other business that sells services online needs to ensure the performance and security of the system in use. The online shopping should be a seamless process for customers, that takes no longer than a few seconds. A Symantec research has showed that the cost of a data breach to an eCommerce retailer is now USD 172 per record. Thus, before allowing customers to share sensitive information, including credit card details, names and bank details, the system needs to be verified as secure.

Testing an online payment system involves similar steps to testing any other payment system, but with an even stronger emphasis on security. The payment gateway is a particular area that needs attention when testing. One has to test the basic functionality of the gateway, so that customers get charged the right prices, check that the payment gateway integrates with other important parts of the system, carry out network testing to make sure that the system can handle large numbers of users buying goods at the same time securely, and finally, perform a detailed security check of the entire system. Below you'll find an outline of these main steps to test an online payment system for your business.

Test Preparation

An important factor is to test the system at scale. By collecting proper test data, including dummy credit card numbers, you can test how your system works when a large number of people make a purchase.

A list of scenarios is also needed for analysis, in order to assess how the system behaves when the payment gateway stops responding, what happens if the payment process fails, and whether the gateway returns the user to the website or application after a successful transaction.


Testing the functionality provides an overall picture of whether the chosen payment gateway works according to the business’ request. This step involves checking that the payment gateway handles orders, calculates prices properly and adds taxes, all in a correct manner.

A good way to check functionality is by using a sandbox environment. Sandboxes are essentially testing environments that mimic the live payment gateway environment, allowing the assessment of the gateway’s functionality on the website and on mobile applications. Paypal's sandbox environment is one such example, but other gateways usually offer sandboxes.


Integration involves checking whether the payment gateway works harmoniously with the other parts of the payment system. The focus here needs to be on the user experience, ensuring that requests are completed without errors in the shortest time possible from the moment the customer submits their order.

It is also important to test if the gateway effectively communicates with the acquiring bank’s payment processor and with the customer within a quick time frame without any errors. Again, a sandbox environment can be useful for testing integration.

Network Testing

Network testing is a useful way to analyse both the performance and the security of the payment system. You need to ensure the network is highly secure and able to concurrently handle lots of payment requests. When customers order from an online store, their payment details typically are sent to the servers using SSL encryption. The servers then forward these encrypted details to the chosen payment gateway. The security of the network used for these connections makes or breaks any online payment system.

A good network testing service should emulate real-world conditions by measuring the quality of the network when many users attempt to browse the site/application and make a purchase. Thus, one may assess real-time performance metrics that validate the quality of the user experience before the system goes live.

Aside from its performance benefits, network testing is also crucial for security. Modern solutions simulate real-world traffic, including testing how the network responds to potentially dangerous traffic looking to find exploits in the system through DDoS, network exploits or malware. Network testing services should be scalable, allowing the verification of the integrity of your security infrastructure with large traffic numbers.

Image source:

To summarise, testing an online payment system should involve a multifaceted approach that includes at least the following steps:

● Preparing properly for the testing process by collecting required data and planning a list of scenarios to see how the system behaves under different circumstances.
● Using a sandbox environment to test the functionality of the chosen payment gateway and how well it integrates with other parts of the system
● Carrying out network testing to assess the system’s performance with lots of traffic and verify the rigidity of the security infrastructure.

About Jason Lackey

Jason Lackey serves as Director of Digital Marketing for Ixia in Santa Clara, California. A lifelong technophile, Lackey has held a variety of technical and marketing roles at companies including Cisco, Extreme Networks, Pluribus Networks and others. Prior to relocating to the San Francisco Bay Area, he taught English in Osaka and Kyoto, Japan and has a bachelors in psychology from the University of Kansas.

 About Ixia

Ixia provides IP network validation and network visibility solutions for equipment manufacturers, service providers and government agencies. The company seeks to deliver a powerful combination of innovative solutions and trusted insights to support your network and security products, from concept to operation.