Sandbox

Are there Test Card Numbers to use in the Sandbox Environment?

PCI requires us and you to use test card numbers when testing. You should never use a real Card Number in the Sandbox Environment. We provide various test cards for various scenarios for your use.

How to generate an error in the Sandbox Environment? (Create Transaction)

For Create Transaction, the Amount is used to trigger various errors while processing the Create Transaction request in the Sandbox Environment (Accel uses a 3-digit Network Response Code):

Amount (USD) Response Code Actual Response Error Description
Status Code Network Response Code Resource Status Network Response Code Resource Status
0.01 200 ZZ (or 999) ERROR ZZ (or 999) ERROR Transaction Error
11.00
0.02 207   UNKNOWN   UNKNOWN Transaction Processing Failed
12.00
0.03 200 00 (or 000) COMPLETED 00 (or 000) COMPLETED Transaction Successful, but upstream processing was delayed for 30 seconds
13.00
0.04 207   UNKNOWN 00 (or 000) COMPLETED Transaction Successful, but upstream processing was delayed for 40 seconds
14.00

How to generate a Partial Approval in the Sandbox Environment? (Create Transaction)

Use amount 0.09 or 9.00. This will only trigger a partial approval if the network supports it (currently, only Visa and MasterCard are supported).


How to generate an error in the Sandbox Environment? (Delete Transaction)

For Delete Transaction, the Create Transaction Amount is used to trigger various errors while processing the Delete Transaction request in the Sandbox Environment (Accel uses a 3-digit Network Response Code):

Amount Create Transaction Response Delete Transaction Response Error Description
Status Code Network Response Code Resource Status Network Response Code Reversal Network Response Code Resource Status
0.07 200 00 (or 000) COMPLETED 200 ZZ (or 999) UNKNOWN Reversal Request failed
0.08 200 00 (or 000) COMPLETED 200 21 UNKNOWN Reversal Request failed, the Reversal was too late.
Not available when routed to any Regional Network: Currently only STAR and Accel.

How to generate an error in the Sandbox Environment? (AVS, CVV2)

For AVS, Query Card, the Zip Code, Address, and Security Code are used to trigger various conditions while processing an AVS request in the Sandbox Environment:

Request Response Comments
Zip Code
owner.address.zipcode
Line 1
owner.address.line1
Security Code Response Text Network Response Code Code
AVS Results Security Code Results
Any* Any* None NOT DECLINED 85 Y   Zip Code and Address were matched
Any* None None NOT DECLINED 85 Z   Zip Code was matched
Any* Any or Omit Any* DEPENDS DEPENDS DEPENDS M Depends upon if Zip Code and Address matches or not, but Security Code was matched
Any* Any or Omit 999 DECLINE 5 DEPENDS N Depends upon if Zip Code and Address matches or not, but Security Code was not matched
99990 Any or Omit Any or Omit DECLINE 5 U   Information not available
99991 Any or Omit Any or Omit DECLINE 5 R   AVS unavailable, retry
99992 Any* None DECLINE 5 A   Zip Code was not matched, but Address was matched
99992 None or 999 Bad None DECLINE 5 N   Zip Code and Address were not matched
99993 Any or Omit Any or Omit DEPENDS DEPENDS DEPENDS DEPENDS AVS Request delayed for 30 seconds
99994 Any or Omit Any or Omit UNKNOWN UNKNOWN UNKNOWN UNKNOWN AVS Request timed out
  • Any* - Any Zip Code that is not explicitly used to trigger a condition (99990-99994)
  • Any* - Any Address that is not explicitly used to trigger a condition (999...) - Address only checks the Street Number
  • Any* - Any Security Code that is not explicitly used to trigger a condition (999)

ANI Triggers in Sandbox

In Sandbox, the default ANI match code is M. The specific names (in your Query Card request) used to trigger various ANI match codes are in the list below:

  • To get a partial match ("P") on a name (first, middle, or last): Use "Ba"
  • To get a no match ("N") on a name (first, middle, or last): Use "Bad"
  • To get AVS.ANI.codeMatch: "U" use "Not" in the field "owner.name.last"
  • To get AVS.ANI.codeMatch: "N" use "No" in the field "owner.name.last"
  • Any other names (i.e. not one of: "Ba", "Bad", "Not", "No") will provide a match ("M")

*owner.name.last is required for ANI. owner.name.middle and owner.name.first can optionally be provided. No decisioning will be done on owner.name.first/owner.name.middle if it's not part of the ANI request


How to generate a RTP error in the Sandbox Environment?

For Create Transaction, the Account Number for RTP is used to trigger various errors while processing the Create Transaction request in the Sandbox Environment (RTP uses a 3-character Network Response Code):

Account Number Create Transaction Response Error Description
Status Code Network Response Code Resource Status
100000000...111111111 200 000 COMPLETED N/A
111111112 200 P04 ERROR Invalid Account
111111113 200 P11 ERROR Sender not authorized
111111114 200 P07 ERROR Participant blocked
111111115 200 P02 ERROR Invalid Account
111111116 200 P11 ERROR Transaction forbidden on this account
111111117 200 P23 ERROR Amount received is not the amount agreed or expected
111111118 200 P23 ERROR Amount exceeds limits
111111120 200 P21 ERROR Incorrect routing number
111111121 200 P14 ERROR Participant deceased

Is the Sandbox Environment PCI Compliant?

No. You should be using Test Card Numbers when testing in the Sandbox Environment. You should never use a real Card Number in the Sandbox Environment. We provide various Test Card numbers for various scenarios.

What is the Sandbox Environment SLA?

There should be no expectations on the Sandbox Environment.

Running Performance Test?

You can not run a Performance Test in the Sandbox Environment. The Sandbox Environment is a very small fraction of the Production Environment. It would be a waste of everyone's resources to do a Performance Test using the Sandbox Environment.

What happens if someone decides to run a Performance Test?

Your IPs will be blocked.

How quickly can we do a change (configuration) on the Sandbox Environment?

We are PCI Level 1 and SOC1 Type 1 and SOC2 Type 2 Compliant. So, what does that mean? We are procedure and process controlled.

Some companies require us to be PCI Level 1 and SOC Compliant (SOC1 Type 2 and SOC2 Type 2). And then some of those same companies still expect us to do things for them immediately (and even on Production).

Here is a real life example that recently occurred:

  • A Client demanded to change their limit on a weekend night immediately
  • After changing their Limit, the same Client later demanded to change their limit again and again on a weekend night immediately
  • After changing their Limit again, we see they never reached the Limits they demanded, in fact, they never even reached their original Limit
    Not everything is or can be an emergency!

Schedule for Sandbox changes:
(1) Have your request by Friday morning
(2) Changes will be implemented by end of day Monday (or Tuesday, if Monday is a Holiday)

So please plan ahead. This includes boarding new clients, changing limits, allowlisting IPs, etc.