PSD 2 - 3D Secure Testing

Hey Clubmembers,

we, as probably a lot of other companies, are facing the implementation of the PSD 2 directive, hence the use of 3D Secure measures in our e-commerce channels.

I am currently in the process of defining e2e scenarios and functional test cases, try to identify the delta to our “old” payment processing and challenge our PO´s in regards to adaption if their stories and use cases.

Does anyone in this community have an experience in regards to setting up the test management for this sort of situation? Is there any experience with different providers?
What are situations you have to have a specific look upon?

Happy for any feedback, even if it is: Sorry, no idea :wink:

Looking forward to receive valuable feedback


Remark: I tried the 30 days E-Commerce, but this really for an initial start (based on my review of the content - I know the different card test numbers on credit cards etc.).

Hi Bjoern

I’m currently working on this too and found it so hard to know where to start!

Firstly, your payment provider/whoever you’re using to implement PSD2/3D Secure should give you a range of test cards with expected responses specifically to 3DS2. That’s a really important place to start.
Then I just started to look at all the areas around checkout flows and look at exploratory testing that you can do around the flows - especially the periodic table of testing heuristics to direct my exploratory tests :slight_smile:

I really hope that helps! There was no testing help to be found online when I started this and now I’m coming to an end with it so I really hope this helps give you and anyone else looking for help on this a bit of a start :slight_smile:

Hi marissa,
thanks, at least I am not alone :wink:
The periodic table of the testing heuristics is already in development.
The checkout flows alone are killing me (incremental charges are just one of the scenarios).
I will report my “experiences” once the project is over.


Hi Bjoern, we set up and tested this quite a while ago and have just retested with the upcoming changes so I can share a little of what we did.

In terms of pre-requisites we had to make sure our e-commerce number was set up for 3D Secure, I believe most if not all are now but 3 1/2 years ago it was a thing. The cards provided are also enabled for 3DS so our approach was along the lines of;
E-commerce number / card set up true and false
Then for our payment flow it was;
Successful payment with/without
Unsuccessful payment failed for 3DS reasons / non 3DS reasons

We basically went through those variants on multiple devices

I hope that helps a little?

And do you have a link to the periodic table of testing heuristics? I have something similar so I’m interested to see what else is out there, thanks :slight_smile:

This is the table I use:

I found out about it at Software Testing Clinic - not sure exactly where it came from

The biggest areas I’m testing are ensuring I get the expected responses from the test cards and exploratory testing to ensure security/accessibility. Then regression check the rest of our checkout

Ah, thank you. I was aware of that one.

This is mine: