How to test online payment application? - asp.net

We have ASP.NET application where you can purchase something. Of course, at the end of process there's a screen where you have to populate credit card number and other standard stuff. But, we don't have any real credit card number and I can't pass that step to test it further.
How can I test it?

You can use http://www.codeproject.com/Tips/515367/Validate-credit-card-number-with-Mod-10-algorithm tutorial to understand better the credit card number theory and can apply the same in your application for testing.. Or, you can use any kind of payment gateways like PayPal to test.

Related

Cybersource Secure Acceptance test cards

Does anyone know if there are test card numbers that simulate failed transactions for Cybersource secure acceptance? I have searched the docs and can only find successful payment card numbers
Credit card numbers do not trigger errors. Instead it is usually the amount of the transaction. You can see a list of errors and their triggers here: https://developer.cybersource.com/api/developer-guides/dita-cybs-so-test-data/so_overview.html
Note that errors are grouped by the payment processor you are setup for. The default for a test account is Chase Paymentech.
You can use "4111111111111112" to trigger an invalid card number response. Source: testing guide

NopCommerce PCI

Running NopCommerce 3.40
I think i read somewhere that NopCommerce's Shopping cart is PCI compliant. It also looks like NopCommerce's shopping cart stores Credit card data.
1.) So what does this PCI process do?
2.) Is it just a fashion of encryption of data as it passes to the database?
3.) Is it my fault if the hosted database say from GoDaddy gets hacked for a bunch of credit cards?
I don't know why NopCommerce is storing Credit Cards. I think I have to figure out how to disable that part. I mean if I don't then I need to purchase a PCI Certificate?
EDIT :
I did some more reading. It looks like if I use Stripe or another third party gateway no Credit card information gets stored. I think only Manual Payments credit card information gets stored. Is this right?
1) PCI-DSS stands for Payment Card Industry Data Security Standard. The standard guides you so you know what are you doing with the cards data and that it is secure enough, given your transaction volume, data collected and stored, etc.
2) It is not. Basically, it says that if the card data (CC number, CVV code) ever pass near your system (in a logical sense), then you are in the PCI scope, and have to comply or the acquirers (banks) won't talk to you.
3) I think you'd be liable, look into GoDaddy disclaimers.
I doubt there's anything like 'PCI compliant shopping cart'. This is how you process the payment, as in, can your javascript access the CC number input box, can your router see the unencrypted CC number, etc.
In your case, I assume a small e-commerce, I'd look to outsource the payment page. Be it Stripe, PayPal, Skrill, Neteller, whatever makes you never see the data except for the income amount.

How do I get my sandbox paypal account to accept a CSC number with my fake snadbox credit card?

How do I get my sandbox paypal account to accept a CSC number with my fake sandbox credit card number ?
I created a sandbox account with a sandbox credit card number and Expiration date. Paypal did not provide me with a CSC 4 digit number that I need for the Master Card number and Expiration date it generated for my sandbox account.
I did research and read other questions on stak overflow. From the answers I received I was told that all you need to do is provide a CSC number with 0's or any digit and it should go through and process the transaction for testing.
I also made sure that the credit card was not associated with an existing PayPal account and used faxe credit card numbers with a fake address and name but it did not work.
kind of new to doing this as a developer and running tests.
Any help would be greatly appreciated.
When testing through the sanbox only the paypal test creditcard numbers will work. The CSV matching those numbers you can make up yourself.
The list of testing numbers is shown here:
http://www.paypalobjects.com/en_US/vhelp/paypalmanager_help/credit_card_numbers.htm

How to get credit card details of Paypal Recurring payments profile

I am creating a Recurring payment profile using Direct payment(credit card details entered during registration are not stored in database). I want to update/change the bill amount for every bill cycle(because billing is done per user per month).
I am using UpdateRecurringPaymentsProfileDetails API method to change the amount, but the method needs credit card details again(for each time it is called). I am getting the credit card details using GetRecurringPaymentsProfileDetails, but this method just returns the last 4 digits of credit card(and does not return CVV2, but this is not major issue here).
Is there any other option to get the full credit card details(at least credit card number) using Paypal APIs or should I have to store credit card numbers in my database? Any help would be highly appreciated.
It's unlikely that you'll be able to get the full credit card number from PayPal; that's why people use PayPal.
Storing credit card information in your database is a huge liability, and should be avoided if at all possible. Once you start storing that information, your company is responsible for keeping that information secure (and that includes developers). Use another third party component if you must, but don't take on such an enormous liability.
I don't know what company you work for, but that's not a decision that a developer should be making on their own. Entire companies have been shut down for mishandling credit card information. The law around that stuff is extremely murky, and even the smallest mistake can result in massive fines.

Recurring billing variable amount without storing credit card information

I have implemented few payment websites using PayPal Standard, PayPal Website Pro, PayPal Express and Authorize.Net.
Now I'm implementing a website which requires recurring billing. My only problem is variable amount, since I do not store credit card information, and amount is not fixed in each cycle.
Can we use either PayPal or Authorize.Net for my project? If not, could you please recommend any reliable payment gateway ($US for payment, and gateway located in US please) for that matter?
You can use a service like Authorize.Net's Customer Information Manager (CIM) to store the credit card and billing information for you and then you create your own scheduling engine that charges against the payment method you have stored for them using CIM. CIM also allows you to make off-cycle payments at any time as well.
Well the variable amount to bill shouldn't be a problem if you can put together whatever formula would be used in code. However if you aren't storing the actual credit card info (and I can understand why), then I don't see how you'd be able to charge the customer every month. Normally you need a credit card or bank information to do a direct transfer.
If you absolutely cannot store the information, then the only thing I can imagine is putting together an automated calculation and notification system that can send the customer an email with a link that brings them to a form so they can enter the information as simply as possible. Otherwise you'll need to save their credit card info somewhere secure and simply bill them every month, which isn't uncommon.
Have you looked into PayPal's IPN variables?
https://www.paypal.com/cgi-bin/webscr?cmd=p/acc/ipn-subscriptions-outside
Typically you have to cancel then reapprove a new subscription... but perhaps you can use the variables some how to do that programmatically.
I found a solution. PayPal calls ProcessReferencePayment.
At first, I need to charge the credit card using DoDirectPayment, and store the successful transaction number.
After that, I just call DoReferenceTransaction along with OrderTotal and ReferenceID (the previous transaction number).
DoReferenceTransactionRequestDetailsType
DoReferenceTransactionReq

Resources