Testing

Test your Opayo Direct requests using test data to return the correct responses.

Test 3D Secure

The following table lists our magic CardHolder values. When you test your Opayo Direct transaction request, these simulate 3D-Authenticated transaction responses.

 

 

Magic Value

3DSecureStatus

3D Secure Rule

Description

SUCCESSFUL

OK

Passes all rules

Returned for a frictionless flow where authentication is successful.

NOTAUTH

NOTAUTHED

Accept 3d auth failure

Returned for a frictionless flow where authentication is unsuccessful.

CHALLENGE

Status=3DAUTH

3DSecureStatus=OK

-

Returned for a challenge flow. The cardholder will be re-directed to the ACS to enter two-factor authentication. A CReq, VPSTxId, ACSURL and StatusDetail will also be returned.

Once you re-direct to the ACSURL, entering the correct password displayed on the site will simulate a successful authentication, entering any other password will simulate an unsuccessful authentication.

NOTENROLLED

NOAUTH

Accept card not in scheme

Authentication could not be performed

PROOFATTEMPT

ATTEMPTONLY

Passes all rules

The cardholder attempted to authenticate themselves, and the process did not complete. A CAVV is returned and this is treated as being successfully authenticated.

REJECT

NOTAUTHED

Rejects before rulebase check

Authentication rejected by Issuer.

TECHDIFFICULTIES

INCOMPLETE

Accept issuer not in scheme

3D-Secure authentication was unable to complete. No authentication occurred.

ERROR

ERROR

Accept MPI failure

Simulates an error condition where 3D-Authentication cannot be performed due to data errors or service unavailability in one of the parties involved in the check. It can also result if you have not submitted the creq to the ACSURL within thirty seconds, or your customer has not entered 2FA on the ACS’s authentication page within ten minutes.

 

Test 3D Secure Passwords

Important. All other phrases will fail authentication.

3DS2

3DS2 Secure Password Responses

Value

Description

challenge

Successful authentication. (All other phrases will fail authentication).

 

Test Address Values

To test your failure pages use a Test Card. The test will always return an OK response and an Authorisation Code. All other card numbers will be declined.

Test your Rule Base and fraud-specific code by omitting the following codes. The transaction will authorise and you will receive NOTMATCHED messages in the AVS/CV2 checks.

  • Billing Address 1: 88
  • Billing Post Code: 412

Test Payment Cards

You can use the following Test Card details using any Expiry date and the CVV: 123 (1234 for Amex cards).

Available test payment cards for 3D Secure testing

Payment Method

Card Number

Card Type

Visa

4929000000006

Visa

Visa

4929000005559

Visa

Visa

4929000000014

Visa

Visa

4929000000022

Visa

Visa Corporate

4484000000002

Visa

Visa Debit

4462000000000003

VisaDebit

Visa Electron

4917300000000008

VisaElectron

MasterCard

5186150660000009

MasterCard

MasterCard

5186150660000025

MasterCard

MasterCard

5186150660000108

MasterCard

MasterCard

5186150660000207

MasterCard

Debit MasterCard

5185690060000001

DebitMasterCard

Maestro (UK Issued)

6759000000005

Maestro

Maestro (German Issued)

6705000000008

Maestro

Maestro (Irish Issued)

5185570760000008

Maestro

Maestro (Spanish Issued)

6766000000000

Maestro

American Express

374200000000004

AmericanExpress

Diners Club / Discover

36000000000008

Discover

JCB

3569990000000009

JCB

PayPal Testing

PayPal is available to the Opayo test environment. You can test without using a live PayPal account.

Important: ONLY test your PayPal integration when your site can correctly send and process the messages exchanged between your site and ours for a standard Opayo Direct transaction.

Set Up

  1. Sign in to https://developer.paypal.com. 
  2. Create one or more Sandbox accounts including at least one each of:
    • Personal (buyer account)
    • Business (merchant account)
Note: An Email address is issued for each account you create.
  1. Sign in to your Business (merchant account) and under API Access, add the following test-only Third Party Permission Username:
    ppdev_1256915571_biz_api1.sagepay.com
  2. You should grant all available permissions.

Start Testing

  1. Sign in to your Test MyOpayo, and then add the Email address for the Business (merchant account) you created.
  2. Choose, either a Mark or Express Checkout option, and then send the Transaction Registration post with the CardType set to PAYPAL.
  3. Our response to your Transaction Registration Post will return a Status of PPREDIRECT and provide a simulated PayPalRedirectURL.

Check Results

  1. Ensure your code stores the VPSTxId and redirects the test customer’s browser to the PayPal Sign In page.
  2. Where you have provided them, the BasketXML information is shown with your company logo. Sign in using the Personal (buyer account) to complete the transaction process with PayPal
  3. Opayo will send a message to your PayPalCallbackURL along with the customer. Ensure your script can handle a PAYPALOK Status. You can choose to:
    • Accept the transaction based on the PayerStatus and or AddressStatus (as the result of these fields can dictate if the transaction is eligible for PayPal Seller Protection)
    • Modify the Amount by +/- 15% of the original value (if the delivery price changes as a result of the address selected

Complete the Transaction

  1. To proceed with the transaction, send a POST to the PayPal Completion URL with a value of YES in the Accept field. This will return a Status of OK in the final response to your servers.
    • When the AddressStatus is UNCONFIRMED, and the PayerStatus UNVERIFIED, you may not wish to continue.
    • If you do NOT wish to proceed, you must still send a POST to the Opayo servers to complete the transaction. Enter a value of NO in the Accept field to cancel the transaction. This will return a Status of NOTAUTHED in the final response to your servers.
  2. When you receive this final response from Direct (here), and depending on the Status of the transaction, you should redirect your customer to the relevant completion page on your site.
  • A Status of OK should redirect the user to a success page.
  • An ERROR, NOTAUTHED, REJECTED, MALFORMED or INVALID Status should redirect to the relevant error handling page.
Important. Please visit PayPal’s website for localised Seller Protection terms and conditions.

Support

Email the Opayo Support team for help with your debugging issues.