Paylink + 3DS
This pack validates a Paylink hosted ecommerce checkout with 3DS enabled. It separates token creation and evidence lookup from hosted-flow completion so CityPay can automate the risky state transitions without relying on a browser runner.
Use this pack when:
- checkout uses Paylink Hosted Form
- the payment is an ecommerce cardholder-initiated transaction
- hosted 3DS is in scope
- you need to validate token flow, hosted challenge handling, and return-path evidence
| ID | Scenario | Lane | Profile | Severity | Pass criteria | Evidence |
|---|---|---|---|---|---|---|
P3-01 | Create token for approved Visa flow | Automated | TD-VISA-APPROVAL-01 | Critical | token is created successfully and remains traceable | paylink_token, timestamp, identifier |
P3-02 | Create token for approved Mastercard flow | Automated | TD-MC-APPROVAL-01 | Critical | token is created successfully and identifiers are captured | paylink_token, timestamp, identifier |
P3-03 | Hosted-flow completion returns approval | Synthetic | approval profile | Critical | hosted payment flow completes successfully without browser-driving | paylink_token, trans_no, timestamp |
P3-04 | Hosted-flow completion returns generic decline | Synthetic | TD-VISA-DECLINE-01 | Critical | decline path is explicit and traceable | paylink_token, trans_no, timestamp, response summary |
P3-05 | Hosted-flow negative mappings behave as expected | Synthetic | mapped negative profiles | Important | AVS, CSC, fraud, or comms path produces the expected outcome | paylink_token, trans_no, timestamp |
P3-06 | Frictionless hosted 3DS path succeeds | Synthetic | frictionless outcome | Critical | hosted 3DS completes without visible challenge and final result is traceable | paylink_token, trans_no, timestamp, auth result |
P3-07 | Challenge-required hosted path succeeds | Synthetic | challenge outcome | Critical | hosted challenge path produces one final success outcome | paylink_token, trans_no, timestamp, auth result |
P3-08 | Duplicate-prevention behaviour is safe across Paylink attempts | Automated | approval profile | Critical | merchant reference and token flow do not create ambiguous duplicate payment attempts | paylink_token, trans_no where available, timestamp |
P3-09 | Evidence bundle is sufficient for support lookup | Automated | any completed scenario | Critical | support can trace the hosted flow using the pack identifiers | paylink_token, trans_no where available, timestamp |
P3-10 | Paylink page renders with expected fields | Manual only | n/a | Important | tester can see the hosted page and required fields | tester notes, screenshots if needed |
P3-11 | Visible challenge smoke path works in hosted checkout | Manual only | challenge path | Important | tester can observe the hosted challenge handoff and outcome page | tester notes, timestamp |
P3-12 | Redirect / return behaviour is visible and understandable | Manual only | approved or declined path | Important | tester can observe the user-visible return path | tester notes, timestamp |
Manual checks for this pack should cover:
- hosted page rendering
- visible field presence
- one hosted challenge smoke path
- visible redirect or return behaviour
Do not try to replace these with browser automation in v1.