On This Page

Testing the Payment Services

To ensure that requests are processed correctly, you must test the basic success and error conditions for each service you plan to use.

Requirements for Testing

IMPORTANT
Before you can test, you must contact customer support to activate the credit card services and configure your account for testing. You must also contact your processor to set up your processor account.
IMPORTANT
When building your connection to the
Cybersource
 payment gateway, ensure that you have implemented controls to prevent card testing or card enumeration attacks on your platform. For more information, see the Best Practices Guide. If we detect suspicious transaction activity associated with your merchant ID, including a card testing or card enumeration attack,
Cybersource
 reserves the right to enable fraud management tools on your behalf in order to mitigate the attack. The fraud team might also implement internal controls to mitigate attack activity. These controls will block traffic that is perceived as fraudulent. Additionally, if you are using one of our fraud tools and experience a significant attack, our internal team might modify or add rules to your configuration to help prevent the attack and minimize the threat to our infrastructure. However, any actions taken by
Cybersource
 would not replace the need for you to follow industry standard best practices to protect your systems, servers, and platforms.
Follow these requirements when you test your system:
  • Use your regular merchant ID.
  • Use a real combination for the city, state, and postal code.
  • Use a real combination for the area code and telephone number.
  • Use a nonexistent account and domain name for the customer’s email address.
  • REST API test endpoint:
    POST
    https://apitest.cybersource.com
    /pts/v2/payments

Test Card Numbers

Use these payment card numbers to test the authorization, capture, and credit services. Remove the spaces from the test card numbers when sending them to the test system. Do not use real payment card numbers. To test card types that are not included in the list, use an account number that is in the card’s BIN range. For best results, try each test with a different service request and with different test payment card numbers.
  • American Express—3782 8224 6310 005
  • Discover—6011 1111 1111 1117
  • JCB—3566 1111 1111 1113
  • Maestro (International)
    • 5033 9619 8909 17
    • 5868 2416 0825 5333 38
  • Maestro (UK Domestic)—the issue number is not required for Maestro (UK Domestic) transactions.
    • 6759 4111 0000 0008
    • 6759 5600 4500 5727 054
    • 5641 8211 1116 6669
  • Mastercard
    • 2222 4200 0000 1113
    • 2222 6300 0000 1125
    • 5555 5555 5555 4444
  • UATP—1354 1234 5678 911
  • Visa—4111 1111 1111 1111

Using Amounts to Simulate Errors

You can simulate error messages by requesting authorization, capture, or credit services with specific amounts that trigger the error messages. These triggers work only on the test server, not on the production server.
Each payment processor uses its own error messages.
For more information, see: REST API Testing Guide .

Test American Express Card Verification

Before using CVN with American Express, it is strongly recommended that you follow these steps:
  1. Contact customer support to have your account configured for CVN. Until you do this, you will receive a
    1
     in the
    processorInformation.cardVerification.resultCode
     response field.
  2. Test your system in production using a small currency amount, such as one currency unit. Instead of using the test account numbers, use a real payment card account number, and send an incorrect CVN in the request for authorization. The card should be refused and the request declined.