Menu

MasterPass Sandbox Testing

In order to access the necessary information to test in the sandbox environment, you must submit an approval request to the merchant and obtain a sandbox consumer key as explained earlier in the guide. Testing can be conducted in the sandbox environment, using the test consumer account.

Your code must gracefully handle the error states and scenarios listed here.

NOTE: You cannot add cards to a sandbox account. Only shipping addresses can be added to sandbox accounts.

The sandbox consumer accounts are shared by all sandbox testers. If you experience difficulty using these accounts, wait at least 30 minutes and try again.

Sandbox Accounts Test Account 1 Test Account 2 3DS Test - MasterCard SecureCode 3DS Test - Visa Verified by Visa
Login Email [email protected] [email protected] [email protected] [email protected]
Password abc123 abc123 tester123 tester123
Security Question Pet's Name Pet's Name Pet's Name Pet's Name
Security Answer fido fido fido fido

Select the Remember me and Remember this device options when testing so that you do not have to rekey the entire test account information every time you login to MasterPass.

Once you are redirected to the sandbox environment, select MasterPass wallet to sign-in to Sandbox Consumer Wallet Account.

3-D Secure Test Cases

MasterCard SecureCode

Use the “3DS Test - MasterCard SecureCode” from the Sandbox Consumer Account table above to test Maestro® and MasterCard SecureCode 3-D Secure functionality.

The following table provides the expected outputs for each of the test cases for MasterCard SecureCode:

Test Cases Scenario Enrolled ACSUrl Payload Error No ECI Flag Error Description PARes Status Sig Ver Eci Flag Xid Cavv Error No Error Description 2
1 Full Auth Y <url> <value> 0 <blank> Y Y 2 <Xid Value> <Cavv Value> 0 <blank>
2 Sig Ver Fail Y <url> <value> 0 <blank> Y N 2 <Xid Value> <Cavv Value> 0 <blank>
3 Failed Auth Y <url> <value> 0 <blank> N Y 1 <Xid Value> <blank> 0 <blank>
4 ADS; Consumer Declines Y <url> <value> 0 <blank> A Y 1 <Xid Value> <blank> <blank>
5 Timeout <blank> <blank> <blank> Error sending / receiving XML message cmpi_authenticate message does not apply
6 Not Participating N <blank> <blank> 0 1 <blank> cmpi_authenticate message does not apply
7 Error U <blank> <blank> 0 1 <blank> cmpi_authenticate message does not apply
8 Error <blank> <blank> <blank> 1001 1 Error processing message request cmpi_authenticate message does not apply
9 Look up error U <blank> <blank> 1001 1 Error processing message request cmpi_authenticate message does not apply
10 Authenticate unavailable Y <url> <value> 0 <blank> <blank> <blank> 1 <blank> <blank> 1050 Error processing PARes
11 Authenticate unavailable Y <url> <value> 0 <blank> U Y 1 <Xid Value> <blank> 0 <blank>
12 Attempts Y <url> <value> 0 <blank> A Y 1 <Xid Value> <Cavv Value> <blank>

NOTE: With our 16.Q4 Release, SecureCode downgrades any transaction to Non-SecureCode if the CAVV is not submitted in Authorization (DE48, SE43). This is true in MasterPass if the Security Level Indicators in DE48, SE42 equal 221, 222, or 223.

Once you have logged into the “3DS Test - MasterCard SecureCode” account, choose the test case card nickname that corresponds to the test case number from the table above.

Verified by Visa

Use the “3DS Test - Visa Verified by Visa” Sandbox Consumer Account from the table above to test Visa’s Verified by Visa 3-D Secure functionality.

The following table provides the expected outputs for each of the test cases for Verified by Visa:

Test Cases Scenario Enrolled ACSUrl Payload Error No ECI Flag Error Description PARes Status Sig Ver Eci Flag Xid Cavv Error No Error Description 2
1 Full Auth Y <url> <value> 0 <blank> Y Y 05 <Xid Value> <Cavv Value> 0 <blank>
2 Sig Ver Fail Y <url> <value> 0 <blank> Y N 05 <Xid Value> <Cavv Value> 0 <blank>
3 Failed Auth Y <url> <value> 0 <blank> cmpi_authenticate message does not apply 0 <blank>
4 Attempts Y <url> <value> 0 <blank> A Y 06 <Xid Value> <Cavv Value> 0 <blank>
5 Timeout <blank> <blank> <blank> Error sending / receiving XML message cmpi_authenticate message does not apply
6 Not Participating N <blank> <blank> 0 06 <blank> cmpi_authenticate message does not apply
7 Error U <blank> <blank> 0 07 <blank> cmpi_authenticate message does not apply
8 Error <blank> <blank> <blank> 1001 07 Error processing message request cmpi_authenticate message does not apply
9 Look up error U <blank> <blank> 1001 07 Error processing message request cmpi_authenticate message does not apply
10 Authenticate unavailable Y <url> <value> 0 <blank> <blank> <blank> 07 <blank> <blank> 1050 Error processing PARes
11 Authenticate unavailable Y <url> <value> 0 <blank> U Y 07 <Xid Value> <blank> 0 <blank>

Once you have logged into the “3DS Test - Visa Verified by Visa” account, choose the Test Case Card nickname that corresponds to the test case number from the table above.

Q/A Checklist

This topic provides information on the Q/A checklist.

Checklist for MasterPass Asset Placement

  • Verify your adherence to the MasterPass Merchant Branding Requirements document found on the MasterPass - Merchant Checkout Services - Documentation page.
  • Verify that you are linking to MasterPass visual assets rather than hosting your own.

In-Wallet Experience

  • Verify that the consumer can only select card/addresses that are supported by the merchant.
  • Merchants requesting liability shift for MasterPass transactions should use Advanced Checkout within MasterPass.

Post Wallet Experience

  • After clicking the Finish Shopping button, verify the consumer is taken to a valid page.
  • Verify that MasterPass acceptance mark is displayed for all MasterPass transactions.
  • It is recommended to not allow consumers to edit the payment information returned by MasterPass.
  • Verify that your code gracefully handles consumers returning without selecting a card and address (as a result of user choice or login failure).
  • Verify that your code handles the return of a consumer with an expired request token.

NOTE: The Request Token is valid for 15 minutes therefore if the process is not completed within the timeout, the request token will expire and the checkout will need to be restarted.

  • Verify that your code is able to parse and ingest the returned data.
  • Verify that any post wallet page has a clear call to action (for example, select preferred shipping method), versus simply having the consumer review the data they just selected in the wallet.
  • Verify that consumer is not required to enter CVC/CVV in order to complete the transaction.
  • Verify that the card PAN has not been provided to any entity that does not have the appropriate security in place for storage and transmission of card data (per PCI guidelines).
  • Verify that if merchants are provided with the PAN, this value is not displayed on screen.
  • Verify that your system can handle the PostalCode element of up to nine characters; this element is sent by MasterPass as part of the BillingAddress and the ShippingAddress elements in checkout XML.

Postback

  • Verify that the transaction ID submitted as part of a postback was sourced from the associated MasterPass™ transaction.
  • Verify that the transaction result (Postback) is reported immediately after card authorization.