vSafe v3.

x
Sandbox Test Cards and Test Cases

April 04, 2017

Document Version: 1.3

Vesta Proprietary and Confidential

vSafe v3.x Sandbox Test Cards and Test Cases

This document contains confidential and proprietary information of Vesta Corporation. Recipients
(i) reproduction or use for any purpose other than business discussions between the parties and/or
(ii) disclosure to any third party through any means are prohibited without the express written
consent of Vesta Corporation.

Americas Europe Asia

Vesta Corporation Vesta Payment Solutions Ltd. Vesta China Subsidiaries
11950 SW Garden Place Vesta Building No. 6 Ji Qing Li Road, Unit B603
Portland, OR 97223-8248 USA Finnabair Business Park Chaoyang District, Beijing
Tel: +1 503.790.2500 Dundalk 100020 P.R. China
Fax: +1 503.790.2525 Co. Louth info.china@trustvesta.com
info@trustvesta.com Ireland A91 E934
vsafe.support@trustvesta.com Tel: +353 (0) 42 939 4600
Fax: +353 (0) 42 933 4121
4400 Alexander Drive
info.ireland@trustvesta.com
Alpharetta, GA 30022-3753 USA
Tel: +1 678.222.7200
Fax: +1 770.772.0600
www.trustvesta.com
info@trustvesta.com
Av. Amricas 1536 1A
Col. Country Club
C.P. 44637
Jalisco, Mxico
info@trustvesta.com

4/4/2017 Vesta Proprietary and Confidential ii

vSafe v3.x Sandbox Test Cards and Test Cases

Release History
Version Date Contributor Notes

1.0 March 16, 2016 Vesta Market Solutions Initial publication.

1.1 April 1, 2016 Vesta Market Solutions Clarified test case description and
added footnote for test card
4628610683834808.

1.2 March 2, 2017 Vesta Product Management Updated document to address

Vesta Service Delivery guaranteed and non-guaranteed partners
using vPortal.

1.3 April 4, 2017 Vesta Service Delivery Removed test card 5133040901320015
from Table 3.

4/4/2017 Vesta Proprietary and Confidential iii

vSafe v3.x Sandbox Test Cards and Test Cases

Contents
Tables v
Introduction 1
vPortal Sandbox URLs 1
Partner Information 1
Test Cards 2
Test Routing and Account Number 3
Pended Transaction Test Cases 4
Account API Call 4
ChallengeQuestionAnswer API Call 5

4/4/2017 Vesta Proprietary and Confidential iv

vSafe v3.x Sandbox Test Cards and Test Cases

Tables
Table 1. Payment API, Tokenization API, and Fingerprint API URLs 1
Table 2. Partner Information 1
Table 3. Test Cards 2
Table 4. Test Routing and Account Number 3
Table 5. ChallengeQuestionBegin API Call Test Case 4
Table 6. ChallengeQuestionAnswer API Call Test Cases 5

4/4/2017 Vesta Proprietary and Confidential v

vSafe v3.x Sandbox Test Cards and Test Cases

Introduction
This document is a reference guide for software developers and architects who will be
implementing, testing, and validating card-not-present (CNP) transactions using the
ChargeAuthorize, ChargeSale, CheckSale, and ValidateChargeAccount API calls.

vPortal Sandbox URLs

The URLs in Table 1 provide access to the vPortal payment, tokenization, and fingerprint APIs.
Table 1. Payment API, Tokenization API, and Fingerprint API URLs
Application URL

Payment API https://vsafesandbox.ecustomersupport.com/GatewayV4Proxy/Service

Tokenization API https://vsafesandboxtoken.ecustomersupport.com/GatewayV4ProxyJSON/Service
Fingerprint API https://fingerprint.ecustomerpayments.com/ThreatMetrixUIRedirector

Partner Information
The vPortal sandbox supports testing for both Vestas vGuaranteed and non-guaranteed
products. To simulate vGuaranteed transactions, you must use the MerchantRoutingIDs
specified for vGuaranteed partners listed in the Product column in Table 2; likewise, if you are
using Vestas non-guaranteed product, you must use the MerchantRoutingIDs specified for non-
guaranteed partners listed in the Product column in Table 2.
If you do not know which product you are using, please contact vsafe.support@trustvesta.com.
Table 2. Partner Information
Data Product Test Case Value

MerchantRoutingID vGuaranteed CNP credit SandboxCredit01

MerchantRoutingID vGuaranteed CNP debit SandboxDebit01
MerchantRoutingID Non-guaranteed CNP credit NISandboxCredit01
MerchantRoutingID Non-guaranteed CNP debit NISandboxDebit01
MerchantRoutingID Non-guaranteed CNP Check NISandboxCheck01

4/4/2017 Vesta Proprietary and Confidential 1

vSafe v3.x Sandbox Test Cards and Test Cases

Test Cards
Use the test-card numbers in Table 3 to simulate different responses from the vSafe API calls.
Table 3. Test Cards
Data Test Case Rail Acquirer
4614201234597890 Bank declined. Credit Chase
5501340012335678 Bank declinedNSF. Credit Chase
4628610683834808 Vesta pended for ChargeSale and ChargeAuthorize. Credit Chase
Success for ValidateChargeAccount.*
4273615061201114 Vesta declinedpre-auth. Credit Chase
4200300642228633 Vesta declinedpost-auth. Credit Chase
340001234527890 Success. Credit Chase
6440342124883084 Success. Credit Chase
5101012832031720 Success. Credit Chase
4200123456719012 Success. Credit Chase
5101016736044762 GSFauth timeout. Credit Chase
4444444444444444 Card not Mod-10. Credit Chase
444444424444 Invalid card length. Credit Chase
5100270123456789 Success. Credit, Chase
Debit
4000280123486789 Bank declined. Credit, Chase
Debit
6220010123486789 Vesta declinedpre-auth. Debit Chase
6221640123416789 Vesta declinedpost-auth. Debit Chase
*This account number will return a successful response for ValidateChargeAccount and pend the transaction for
ChargeSale and ChargeAuthorize. This is to support the test case where the user successfully validates a card
and saves it as a permanent token, and then the permanent token is used to pend the transaction with
ChargeSale or ChargeAuthorize.

4/4/2017 Vesta Proprietary and Confidential 2

vSafe v3.x Sandbox Test Cards and Test Cases

Test Routing and Account Number

Use the checking account and bank routing numbers in Table 4 to simulate successful responses
from the vSafe CheckSale API call.
Table 4. Test Routing and Account Number
Data Product Test Case Value

CheckAccountNumber Non-Guaranteed CheckSale 021000021

BankRoutingNumber Non-Guaranteed CheckSale 323274458

4/4/2017 Vesta Proprietary and Confidential 3

vSafe v3.x Sandbox Test Cards and Test Cases

Pended Transaction Test Cases

Vesta uses knowledge-based authentication (KBA) to resolve pended transactions. Pended
transactions can result after calling the ChargeAuthorize and ChargeSale APIs.

Account API Call

The Account API call collects additional information from the customer for identification. After the
Account API has been called, the ChallengeQuestionBegin API will return either the first question
to ask the customer or a request for more information if the customer could not be located. When
PaymentStatus=2 is returned, the transaction has been pended for more information. If the
customer cannot be found, the transaction will be declined. If the customer is found, present the
first question, capture the response, and then respond with ChallengeQuestionAnswer.
Note: You can control the KBA use cases by changing the postal code entered when creating a
pended transaction through a ChargeAuthorize or ChargeSale API call. You can then control the
KBA test cases by entering a DOB using the information in Table 5.
TM
Table 5 includes postal code and DOB year combinations used to exercise vGuaranteed test
cases.
Table 5. ChallengeQuestionBegin API Call Test Case
Postal DOB Questions
Test Case vSafe Result
Code Year Returned?
System timeoutpayment 12345 N/A No Payment is canceled
canceled. (PaymentStatus=4).
Match not foundrequest 12345 N/A No On first attempt, ActionCode=3 is
DOB. returned prompting for DOB. On second
attempt, payment is canceled
(PaymentStatus=4).
Match not foundcorrect 12345 1900 Yes Success. Challenge questions are
DOB entered. returned.
Match not found 12345 Any No On first attempt, ActionCode=3 is
incorrect DOB entered. returned prompting for DOB. On second
attempt, payment is canceled
(PaymentStatus=4).
Multiple matches found 97224 N/A No On first attempt, ActionCode=3 is
request DOB. returned prompting for DOB. On second
attempt, payment is canceled
(PaymentStatus=4).
Multiple matches found 97224 1900 Yes Success. Challenge questions are
correct DOB entered. returned.

4/4/2017 Vesta Proprietary and Confidential 4

vSafe v3.x Sandbox Test Cards and Test Cases

Table 5. ChallengeQuestionBegin API Call Test Case (cont.)

Postal DOB Questions
Test Case vSafe Result
Code Year Returned?
Multiple matches found 97224 Any No On first attempt, ActionCode=3 is
incorrect DOB entered. returned. On second attempt, payment is
canceled (PaymentStatus=4).
Successful response. Any N/A Yes Success. Challenge questions are
returned.

ChallengeQuestionAnswer API Call

The ChallengeQuestionAnswer API call submits a card holders answer following the
ChallengeQuestionBegin call or following the previous use of the ChallengeQuestionAnswer API
call. The ChallengeQuestionAnswer API call is intended for repeated use on a single transaction.
Each time ChallengeQuestionAnswer is called, vSafe collects the answer from the previous
question and provides another challenge question with multiple-choice answers. When the
response contains a PaymentStatus code, the challenge session has completed, and the code
specifies the outcome. If the cardholder completes the challenge successfully, the transaction is
either authorized (if it was pended from ChargeAuthorize) or processed (if it was pended from
ChargeSale). Table 6 includes answer values to specific questions to exercise vGuaranteed test
cases.
Table 6. ChallengeQuestionAnswer API Call Test Cases
Question Answer
Test Case vSafe Result
Number Number
Correct answer. 1 1, 2, or 3 Proceed to the next question. When all questions are
completed, payment will be successful.
Wrong answer limit 1 4 Proceed to the next question. When standard
matched. questions are completed, additional question will be
returned.
Wrong answer limit 1 5 Proceed to the next question. When questions are
exceeded. completed, payment will be denied.
Correct answer. 2 1, 2, 3, 4, Proceed to the next question.
or 5
Correct answer. 3 1, 2, 3, 4, Evaluate KBA questions:
or 5 l If AnswerNumber was 1, 2, or 3 for question

number 1, payment is successful

(PaymentStatus=10).
l If AnswerNumber was 4 for question number
1, an additional question will be returned.
l If AnswerNumber was 5 for question number

4/4/2017 Vesta Proprietary and Confidential 5

vSafe v3.x Sandbox Test Cards and Test Cases

Table 6. ChallengeQuestionAnswer API Call Test Cases (cont.)

Question Answer
Test Case vSafe Result
Number Number
1, payment is denied (PaymentStatus=3).
Correct answer, 4 1, 2, 3, Payment is successful (PaymentStatus=10).
additional question. or 4
Wrong answer, additional 4 5 Payment is denied (PaymentStatus=3).
question.

4/4/2017 Vesta Proprietary and Confidential 6