[go: up one dir, main page]
Scribd
Upload
359 views26 pages

Cmi Emerchant Certification V1.1

The document describes tests to verify a merchant website's compliance with online payment regulations. This includes checking that the merchant website correctly handles callbacks from the payment processor, processes payments for cards requiring and not requiring authentication, prevents duplicate orders, and properly handles refunds and cancellations. Test data needs to be provided by the merchant to complete testing. Expected results are outlined for each test case.

Uploaded by

Home & Family
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
359 views26 pages

Cmi Emerchant Certification V1.1

The document describes tests to verify a merchant website's compliance with online payment regulations. This includes checking that the merchant website correctly handles callbacks from the payment processor, processes payments for cards requiring and not requiring authentication, prevents duplicate orders, and properly handles refunds and cancellations. Test data needs to be provided by the merchant to complete testing. Expected results are outlined for each test case.

Uploaded by

Home & Family
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 26

Test description

Compliance with online payment regulation and recommendations

When a customer processes successfuly a transaction in CMI payment


page, a callback request is sent back to the merchant website with the
transaction result data.
The merchant website is supposed to take in consideration CMI's callback
request and to return back a valid response.
When the transaction is successfuly processed in CMI payment page, the
customer clicks on a Return link to return back to the merchant website.

The purpose of this test is to verify the merchant website behaviour when
a transaction fails in CMI platform side.

When the customer is redirected from the merchant website to CMI


platform, he uses a payment card that does not require cardholder
authentication (non 3D Secure).
The merchant must have the possibility to know that the payment card
used by the customer is non-authenticable, either:
. via the information sent back by CMI platform to the merchant website
in the callback request, or
. via CMI back office.
When the customer is redirected from the merchant's website to CMI
platform, he uses a payment card that requires cardholder authentication
(3D Secure).
The merchant must have the possibility to know that the payment card
used by the customer is non-authenticable, either:
. via the information sent back by CMI platform to the merchant website
in the callback request, or
. via CMI back office.

The merchant website's Order/Cart identifier is sent to CMI platform in the


payment request via the "oid" parameter.
The "oid" parameter's value is unique in CMI platform. So a transaction
can't use the same "oid" value that was used in a previous successful
transaction.
The purpose of this test is to see what happens when a merchant's website
uses a same value for "oid" parameter in two different transactions.

It's necessary that the merchant websie sends to CMI platform customer's
name and email in the payment request. The goal of this test is to be sure
that these information exist in the payment request.

Using special characters (like "é", "ç", "â"), especially in customer's name
or address, can cause a hash calculation error in the in payment request
that is sent by the merchant website to CMI platform. The goal of this test
in to verify if the merchant website manages correctly the special
characters in the payment request.
characters in the payment request.

This test is dedicated to merchants that show amounts with other


currencies than MAD (like EUR or USD) in their websites. (So if your
website uses just MAD currency, this test does not concern you.)
The "amount" parameter, of the payment request sent by the merchant
website to CMI platform, must contain the MAD conversion of the amount
that is shown in the merchant website with another currency.
The amount that is shown in the merchant website with another currency
can also be displayed in CMI payment page. To do so, the merchant
website must use the parameters "amountCur" for the amount and
In this test, the merchant will cancel (void) a transaction whose customer
must not be debited. A transaction / An order in CMI platform can not be
cancelled unless its status is PRE. To cancel a transaction, the merchant
uses its CMI back office.

In this test, the merchant will process a total refund of a transaction. A


transaction / An order in CMI platform can not be refunded unless its
status is POST. To refund a transaction, the merchant uses its CMI back
office.
In this test, the merchant will process a partial refund of a transaction. A
transaction / An order in CMI platform can not be refunded unless its
status is POST. To refund a transaction, the merchant uses its CMI back
office.
Test data

The "Turms of Sale" page URL:

URL of the page that shows CMI, VbV and MasterCard


SecureCode logos:

. Merchant Order Id:

. Merchant Order status before CMI callback:


. Merchant Order Id:

. Return link URL (okURL):

To process this test, you are supposed to use an invalid store hash key.

. Merchant Order Id:

. Merchant Order status before CMI callback:

. Return link URL (failURL):

. Merchant Order Id:

. Payment card number:


. Merchant Order Id:

. Payment card number:

Transaction 1 and Transaction 2 are processed with the same oid.

. Merchant Order Id:

. Merchant Order Id:


. Customer name:
. Customer email:

. Merchant Order Id:


. Customer name:
. Customer address:
. Merchant Order Id:
. amount:
. amountCur:
. symbolCur:

. Merchant Order Id:

. Merchant Order Id:

. Merchant Order Id:


Test data

(to be completed by the merchant)

(to be completed by the merchant)

(to be completed by the merchant)

(to be completed by the merchant)


(to be completed by the merchant)

(to be completed by the merchant)

to use an invalid store hash key.

(to be completed by the merchant)

(to be completed by the merchant)

(to be completed by the merchant)

(to be completed by the merchant)

(to be completed by the merchant)


(to be completed by the merchant)

(to be completed by the merchant)

ocessed with the same oid.

(to be completed by the merchant)

(to be completed by the merchant)


(to be completed by the merchant)
(to be completed by the merchant)

(to be completed by the merchant)


(to be completed by the merchant)
(to be completed by the merchant)
(to be completed by the merchant)
(to be completed by the merchant)
(to be completed by the merchant)
(to be completed by the merchant)

(to be completed by the merchant)

(to be completed by the merchant)

(to be completed by the merchant)


Expected test result

A page "Turms of Sale" or "Conditions Générales de Vente " or "‫وط‬


‫ "اﻟﺒﻴﻊ اﻟﻌﺎﻣﺔ‬exists in the merchant website and the customer is asked
to read and accept the information that are on the page before
beeing redirected to the payment page.

Presence of CMI, VbV and MasterCard SecureCode logos in the


merchant's website, especially in the cart page where the customer
clicks on the payment button to be redirected to CMI platform for
payment.
The merchant website must 1st verify if CMI request's hash is
correct.

The merchant website must then identify the concerned order on its
database and verify if its amount is identical to CMI request's
amount.

The merchant website must then verify, in CMI request, if the


ProcReturnCode value is 00.

The merchant website must then update its order's status and
register all the payment information contained in CMI request (such
as TransId, acqStan, mdStatus, txstatus, EXTRA.CARDBRAND,
EXTRA.CARDISSUER, ...).

The merchant website must then return back one of the following
responses to CMI platform:
. ACTION=POSTAUTH: To ask CMI platform to confirm the
transaction and debit the customer.
. APPROVED: To inform CMI that the callback request was received,
but don't debit the customer. In this case, the transaction
confirmation to debit the customer will be managed manually by the
merchant via CMI platform.
. FAILURE: To inform CMI that the customer must not be debited
because the transaction can't be accepted by the merchant website.

An informative message is shown to the customer when the


operation is finished.
When the customer returns back to the merchant website, he finds a
web page with a confirmation message and detail about his paid
order.

An error message is shown to the customer in the payment page


(Une erreur est survenue. Merci de cliquer sur le bouton pour
continuer.
3D-1004 - Code de sécurité eronné).
A callback request is sent by CMI platform to the merchant website.
When the customer clicks on the button and returns back to the
merchant website, he finds a web page with a message indicating
that the order payment has failed.

The cardholder is not asked to fill his authenticated secret code and
the transaction is processed successfuly.
The cardholder is asked to fill his authenticated secret code. When
the customer succeed to authenticate, the transaction is processed
successfuly.

Transaction 1 status: Successful


Transaction 1 status: Failed

Customer's name and email are shown correctly in CMI payment


page.

. When redirecting the customer from the merchant website to CMI


platform, the payment page is shown correctly.
. The Pre authorization transaction is processed successfuly.
. The Post authorization transaction is processed successfuly.
MAD amount and foreign currency amount and symbol are shown
correctly in CMI payment page.

The order status is VOID in CMI back office.

The order status is RFND in CMI back office.

The order status is PRND in CMI back office.


Obtained result Result data

. Test date:

. CMI Preauth transaction id:

. CMI Preauth transaction status:

. ProcReturnCode:

. ErrCode:

. ErrorMsg:

. acqStan:

. EXTRA.CARDBRAND:

. EXTRA.CARDISSUER:

. mdStatus:

. txstatus:

. CMI Postauth transaction id:

. CMI Postauth transaction status:

. Merchant Order status after CMI callback:


. Test date:

. Message shown to the customer when he


returns back to merchant website:

. CMI Preauth transaction id:

. Test date:

. Message shown to the customer when he


returns back to merchant website:

. CMI Preauth transaction id:

. CMI Preauth transaction status:

. ProcReturnCode:

. ErrCode:

. ErrorMsg:

. acqStan:

. EXTRA.CARDBRAND:

. EXTRA.CARDISSUER:

. mdStatus:

. txstatus:

. Merchant Order status after CMI callback:

. Test date:

. CMI Preauth transaction id:

. CMI Preauth transaction status:

. Parameters values received by the merchant website from CMI


platform in the callback request:
.. mdStatus:

.. txstatus:

. Parameter value in CMI back office:


.. Transaction Security:

. Test date:

. CMI Preauth transaction id:

. CMI Preauth transaction status:

. Parameters values received by the merchant website from CMI


platform in the callback request:
.. mdStatus:

.. txstatus:

. Parameter value in CMI back office:


.. Transaction Security:

. Transaction 1 date:

. Transaction 1 number:

. Transaction 1 status:

. Transaction 2 date:

. Transaction 2 number:

. Transaction 2 status:

. Transaction 2 error message:

. Test date:
. CMI Preauth transaction id:

. Test date:
. CMI Preauth transaction id:
. CMI Preauth transaction status:
. CMI Postauth transaction id:

. CMI Postauth transaction status:

. Test date:
. CMI Preauth transaction id:

. Test date:
. Order status in CMI platform:

. Test date:
. Order status in CMI platform:
. Refund transaction id:

. Test date:
. Order status in CMI platform:
. Refund transaction id:
Test result
status
(ok/ko)

(to be completed by
the merchant)
(to be completed by
the merchant)
(to be completed by
the merchant)
(to be completed by
the merchant)

(to be completed by
the merchant)
(to be completed by
the merchant)

(to be completed by
the merchant)
(to be completed by
the merchant)

(to be completed by
the merchant)
(to be completed by
the merchant)

(to be completed by
the merchant)
(to be completed by
the merchant)

(to be completed by
the merchant)
(to be completed by
the merchant)
(to be completed by
the merchant)
(to be completed by
the merchant)

(to be completed by
the merchant)
(to be completed by
the merchant)
(to be completed by
the merchant)

(to be completed by
the merchant)
(to be completed by
the merchant)
(to be completed by
the merchant)

(to be completed by
the merchant)
(to be completed by
the merchant)

(to be completed by
the merchant)
(to be completed by
the merchant)

(to be completed by
the merchant)
(to be completed by
the merchant)

(to be completed by
the merchant)
(to be completed by
the merchant)

(to be completed by
the merchant)
(to be completed by
the merchant)
(to be completed by
the merchant)
ved by the merchant website from CMI
(to be completed by
the merchant)
(to be completed by
the merchant)

(to be completed by
the merchant)

(to be completed by
the merchant)
(to be completed by
the merchant)
(to be completed by
the merchant)
ved by the merchant website from CMI

(to be completed by
the merchant)
(to be completed by
the merchant)

(to be completed by
the merchant)

(to be completed by
the merchant)
(to be completed by
the merchant)
(to be completed by
the merchant)
(to be completed by
the merchant)
(to be completed by
the merchant)
(to be completed by
the merchant)
(to be completed by
the merchant)
(to be completed by
the merchant)
(to be completed by
the merchant)

(to be completed by
the merchant)
(to be completed by
the merchant)
(to be completed by
the merchant)
(to be completed by
the merchant)
(to be completed by
the merchant)
(to be completed by
the merchant)
(to be completed by
the merchant)

(to be completed by
the merchant)
(to be completed by
the merchant)

(to be completed by
the merchant)
(to be completed by
the merchant)
(to be completed by
the merchant)
(to be completed by
the merchant)
(to be completed by
the merchant)
(to be completed by
the merchant)
Expiry
Brand PAN CVS Authentication code
Month Year
Visa 4000000000000010 12 (Any valid value) 000 (NA)
MasterCard 5191630100004896 12 (Any valid value) 000 123
MasterCard 5453010000066100 12 (Any valid value) 000 (NA)
Comment
Non-authenticable card
Authenticable card
Card not participating

You might also like