In the last session I provided an overview of the gift cards industry. In this blog, I am planning to share more in-depth details for actual testing of gift cards system. Gift cards and payment is a very vast industry to cater, as a Tester/QA person here are few starting points to keep in mind.
- Which protocol is being used?
- Security, is the user information secured?
- Transaction Channels, how the transactions are acquired.
Need to understand the protocol that is being used for these transactions.
- ISO 8583 Most of the card base transactions are carried out using this protocol. More details about the protocol http://j8583.sourceforge.net/desc8583en.html
- How the requests are composed.
- How the TCP/IP request flows with the request and response.
- How the response are read.
- Which fields to review in the request and response?
As you could see below a sample message type, this will depend on the specification defined by the organization.
Sample Message types
The most common message types are:
0200 Activation Request,
0210 Activation Response,
0400 Request for activation reversal.
0410 Response of Activation Reversal.
0800 Echo request
0810 Echo response
As Gift card transactions over the net are more vulnerable to attacks. Some pointers to ensure security is meeting the industry standards and customer expectations.
- Make sure that transactions are acquired in secured manner and abide to PCI norms.
- During testing make sure that the card numbers of the acquired transactions are encrypted.
- PIN is provided as scratch PIN option.
- Information regarding acquired card has to be encrypted in Dbase, there are various encryption software available like Ingrian, MEO, etc.
- Only first 6 and last 4 digits of the card can be left un-encrypted for searching and revoking the transactions.
And the last point to check is how the gift card transaction is being acquired.
These are typical Channels for acquiring Gift Card transactions.
- Terminal also called as POS (Point of sales)
- HTML any web application developed for acquiring these transactions
- XML API’s are exposed to client who in terms can have a wrapper to send these transactions.
- IVR (Interactive voice recognition) software can be used in Gift Cards activation.
In the next edition let’s focus on gift card transactions over Point Sale Terminal (POS).