Card testing

APICurrentLast updated: August 4th 2023, @ 3:40:00 pm

Test your card integration in the sandbox environment by simulating:

Successful payments for advanced checkout integrations using test card numbers.
Card error scenarios by using rejection triggers.
3D Secure authentication scenarios.
Recommended use cases for advanced checkout integration.

Tip: Use the credit card generator to generate test credit cards for sandbox testing.

Simulate successful payments

To simulate a successful card capture with advanced checkout integration in sandbox:

Ensure the integration is in sandbox mode, with a sandbox client ID, and connected to api-m.sandbox.paypal.com endpoints.
Use a test card number with a future expiration date and a 3-digit CVV, or a 4-digit CVV for American Express.

Test static card numbers

Test card numbers

Test advanced checkout payments and saved payment method use cases with these test card numbers:

Tip: Enter a future expiration date and a 3-digit CVV, or 4-digit CVV for American Express, to proceed.

Test number	Card type
371449635398431	American Express
376680816376961	American Express
36259600000004	Diners Club
6304000000000000	Maestro
5063516945005047	Maestro

Test generated card numbers

Credit card generator

Generate additional credit cards for sandbox testing and Standard payments. You can add generated credit cards to a PayPal sandbox account or use them to test credit card payments.

Input

Card Type

Country or region

Generated credit card details

Bank account (IBAN) generator

Generate bank accounts for sandbox testing.

Input

Country or region

Generated bank account details

Simulate card error scenarios

Enter a rejection trigger in the First Name or Name on Card to simulate credit card error scenarios in advanced checkout integrations.

Note: Test using a Visa card number, such as 4012 8888 8888 1881, with a future expiration date and any 3-digit CVV.

Simulate card error

Rejection triggers

Rejection test simulations show a response_code that changes based on the test trigger you use. Rejection trigger values are case-sensitive.

Note: All rejection scenarios return the AVS code as globally unavailable and the CVV code as not processed.

Test name	Trigger	Processor response code	Code description
Card refused	`CCREJECT-REFUSED`	`0500`	`DO_NOT_HONOR`
Fraudulent card	`CCREJECT-SF`	`9500`	`SUSPECTED_FRAUD. Try using another card. Do not retry the same card.`
Card expired	`CCREJECT-EC`	`5400`	`EXPIRED_CARD`
Luhn Check fails	`CCREJECT-IRC`	`5180`	`INVALID_OR_RESTRICTED_CARD. Try using another card. Do not retry the same card.`
Insufficient funds	`CCREJECT-IF`	`5120`	`INSUFFICIENT_FUNDS`
Card lost, stolen	`CCREJECT-LS`	`9520`	`LOST_OR_STOLEN. Try using another card. Do not retry the same card.`
Card not valid	`CCREJECT-IA`	`1330`	`INVALID_ACCOUNT`
Card is declined	`CCREJECT-BANK_ERROR`	`5100`	`GENERIC_DECLINE`
CVC check fails	`CCREJECT-CVV_F`	`00N7`	`CVV2_FAILURE_POSSIBLE_RETRY_WITH_CVV or CVV2_FAILURE`

Venmo rejection triggers

Test name	Trigger	Code description
Suspected Fraud	`CCREJECT-SF`	`Try using different funding source.`
Insufficient funds	`CCREJECT-IF`	`Not enough funds.`
Account closed	`CCREJECT-AC`	`Account is closed.`
ACCOUNT FROZEN	`CCREJECT-AR`	`Account is frozen.`
GENERIC DECLINE	`CCREJECT-EL`	`Generic Decline.`

Sample response

The response shows that the order is successfully created, but because a refusal was passed, the card payment status is DECLINED:

Line 18 shows status=DECLINED. The card was refused.
Line 51 shows avs_code=G. The card is globally unavailable.
Line 52 shows cvv_code=P. The card wasn't processed.
Line 53 shows response_code=5400. The card is expired.

1{
2  "id": "3M049991JF5624929",
3  "status": "COMPLETED",
4  "payment_source": {
5    "card": {
6      "last_digits": "6889",
7      "brand": "VISA",
8      "type": "CREDIT",
9    },
10  },
11  "purchase_units": [
12    {
13      "reference_id": "default",
14      "payments": {
15        "captures": [
16          {
17            "id": "2FB04508RA686960W",
18            "status": "DECLINED",
19            "amount": {
20              "currency_code": "USD",
21              "value": "500.00",
22            },
23            "final_capture": true,
24            "disbursement_mode": "INSTANT",
25            "seller_protection": { "status": "NOT_ELIGIBLE" },
26            "seller_receivable_breakdown": {
27              "gross_amount": { "currency_code": "USD", "value": "500.00" },
28              "paypal_fee": { "currency_code": "USD", "value": "13.44" },
29              "net_amount": { "currency_code": "USD", "value": "486.56" },
30            },
31            "links": [
32              {
33                "href": "https://api-m.sandbox.paypal.com/v2/payments/captures/2FB04508RA686960W",
34                "rel": "self",
35                "method": "GET",
36              },
37              {
38                "href": "https://api-m.sandbox.paypal.com/v2/payments/captures/2FB04508RA686960W/refund",
39                "rel": "refund",
40                "method": "POST",
41              },
42              {
43                "href": "https://api-m.sandbox.paypal.com/v2/checkout/orders/3M049991JF5624929",
44                "rel": "up",
45                "method": "GET",
46              },
47            ],
48            "create_time": "2022-08-09T22:20:05Z",
49            "update_time": "2022-08-09T22:20:05Z",
50            "processor_response": {
51              "avs_code": "G",
52              "cvv_code": "P",
53              "response_code": "5400",
54            },
55          },
56        ],
57      },
58    },
59  ],
60  "links": [
61    {
62      "href": "https://api-m.sandbox.paypal.com/v2/checkout/orders/3M049991JF5624929",
63      "rel": "self",
64      "method": "GET",
65    },
66  ],
67}

Processor response and error codes

To understand why a card payment was declined, review the Orders v2 processor response object in the Orders API response.

For more information about card payment decline reasons and possible values, see:

Card decline errors.
Error responses for CVV and AVS.
Processor response codes for non-PayPal payment processors.

Simulate 3D Secure card payments

Use 3D Secure to authenticate cardholders through card issuers. When your customer submits their card details on your website for processing, you can trigger 3D Secure. When triggered, customers are prompted by their card-issuing bank to complete an additional verification step to enter a one-time or static password, depending on the issuer's method.

For more information about including 3D Secure authentication in your payment flow, see:

Learn more about 3D Secure for advanced checkout using the Orders API.
Simulate 3D Secure-supported scenarios using 3D Secure test cards to verify your card integration.

Test integration

Test the recommended use cases for advanced checkout integration before you go live.

Accept payment

Test a successful card payment:

Go to the checkout page for your integration.
Choose a test card from this list.
Enter the card details in the hosted field, including the name on the card, billing address, and 2-character country code. Then submit the order.
Confirm that the order was processed.
Log in to your merchant sandbox account and navigate to the activity page to ensure the payment amount shows up in the account.

Decline payment

Decline a test card payment from the checkout page:

Go to the checkout page for your integration.
Choose a test card from this list.
Select a rejection trigger from this list and enter it in the card's name field.
Enter the other card details in the card fields, including the card number, billing address, and a 2-character country code.
Submit the order.
Verify that the declined payment error message shows up.

Authorize payment

Test authorization and capture of a card payment:

Make a create order call with intent as AUTHORIZE that includes a payment_source object with a valid card number.
Authorize the order.
Complete the authorized order using capture authorized payment call.
Confirm that the capture status is COMPLETED in the authorization response.