Our blog

Gift Cards in Retail Industry and Testing Challenges-II

In the last session I provided an overview of the gift cards industry. In this blog, I am planning to share more in-depth details for actual testing of gift cards system. Gift cards and payment is a very vast industry to cater, as a Tester/QA person here are few starting points to keep in mind.

  • Which protocol is being used?
  • Security, is the user information secured?
  • Transaction Channels, how the transactions are acquired.


Need to understand the protocol that is being used for these transactions.

  • ISO 8583 Most of the card base transactions are carried out using this protocol. More details about the protocol http://j8583.sourceforge.net/desc8583en.html
  • How the requests are composed.
  • How the TCP/IP request flows with the request and response.
  • How the response are read.
  • Which fields to review in the request and response?

As you could see below a sample message type, this will depend on the specification defined by the organization.

Sample Message types

The most common message types are:

0200 Activation Request,

0210 Activation Response,

0400 Request for activation reversal.

0410 Response of Activation Reversal.

0800 Echo request

0810 Echo response



As Gift card transactions over the net are more vulnerable to attacks. Some pointers to ensure security is meeting the industry standards and customer expectations.

  • Make sure that transactions are acquired in secured manner and abide to PCI norms.
  • During testing make sure that the card numbers of the acquired transactions are encrypted.
  • PIN is provided as scratch PIN option.
  • Information regarding acquired card has to be encrypted in Dbase, there are various encryption software available like Ingrian, MEO, etc.
  • Only first 6 and last 4 digits of the card can be left un-encrypted for searching and revoking the transactions.

And the last point to check is how the gift card transaction is being acquired.

These are typical Channels for acquiring Gift Card transactions.

  • Terminal also called as POS (Point of sales)
  • HTML any web application developed for acquiring these transactions
  • XML API’s are exposed to client who in terms can have a wrapper to send these transactions.
  • IVR (Interactive voice recognition) software can be used in Gift Cards activation.

In the next edition let’s focus on gift card transactions over Point Sale Terminal (POS).

Interested in our Retail Services?

Contact Apexon +1 408-727-1100

By submitting this form, you agree that you have read and understand Apexon’s Terms and Conditions. You can opt-out of communications at any time. We respect your privacy.

Other stories you may enjoy...

Healthcare Apps and the Need for Security

One of the most exciting areas in tech right now promises to be “the most personal” ever. A key aspect of making wearable devices like the Apple Watch personal is through...

Developing an App for the 2020 General Election?

Here is a thought: With the UK General Election having just finished, could the next one in 2020 be the first to use a mobile app to allow people to vote? The polling...

Be honest. Describe the state of your test cases.

“There’s some dead wood in there.” “Hmmm…. Someone really needs to clean them up.” “A little outdated.” For those reading this in the northern hemisphere,...