💳Debit Card

This section outlines the Tokeo Debit Card Integration Test Plan

Overview

This test plan outlines the comprehensive testing strategy for the Tokeo x Mastercard debit card integration, powered by Mercuryo. It covers unit, integration, and end-to-end testing to validate functionality, security, and user experience.

The plan ensures the system is robust for EU/UK users, focusing on card creation, funding with ADA, wallet integration, spending, security, and exception handling.

Testing was conducted in a staging environment simulating real-world conditions, including Cardano blockchain interactions and Mercuryo APIs.

Tools used: Postman for API testing, Selenium for UI automation, and custom scripts for blockchain simulations.

Scope

• In Scope: Core debit card features, error handling, security checks.

• Out of Scope: Live production traffic analysis (post-launch), third-party (Mastercard/Mercuryo) internal systems.

Test Levels

1. Unit Testing: Individual components (e.g., ADA conversion functions).

2. Integration Testing: Interactions between Tokeo app, Mercuryo APIs, and Cardano wallet.

3. End-to-End Testing: Full user journeys from onboarding to payment.

Test Environment

• Tokeo App: Version 1.2 (iOS/Android simulators).

• Blockchain: Cardano Testnet.

• Devices: iPhone 14 emulator, Pixel 6 emulator.

• Network: Simulated low-latency and high-latency conditions.

Test Scenarios and Cases

1. Ability to Create a Virtual Debit Card via Tokeo / Mercuryo

· Objective: Verify seamless card issuance.

· Preconditions: User logged in, eligible region (EU/UK).

· Test Cases:

o TC1.1: Successful creation with new KYC – Expected: Card generated in <2 min.

o TC1.2: Creation for existing Mercuryo KYC'd user – Expected: Instant issuance.

o TC1.3: Invalid region – Expected: Geo-block error.

· Coverage: 15 unit tests (API payloads), 10 integration tests (Mercuryo callbacks).

2. Ability to Fund / Deposit a Card with ADA

· Objective: Ensure ADA-to-fiat conversion and deposit.

· Preconditions: Active card, sufficient ADA balance.

· Test Cases:

o TC2.1: Deposit 100 ADA – Expected: Balance updated, transaction confirmed.

o TC2.2: Partial staking rewards deposit – Expected: Successful with rewards wallet.

o TC2.3: Low balance – Expected: Error prompt to add funds.

· Coverage: 20 unit tests (conversion math), 15 integration tests (blockchain tx).

3. Ability to View Card in Apple or Google Wallet

· Objective: Confirm digital wallet integration.

· Preconditions: Card created and funded.

· Test Cases:

o TC3.1: Add to Apple Pay – Expected: Tokenized card appears in Wallet app.

o TC3.2: Add to Google Pay – Expected: Successful on Android.

o TC3.3: Device incompatibility – Expected: Graceful fallback message.

· Coverage: 10 integration tests (wallet APIs), device-specific runs.

4. Ability to Use the Card (Spend) Where Mastercard is Accepted

· Objective: Validate transactions.

· Preconditions: Funded card in digital wallet.

· Test Cases:

o TC4.1: Online purchase simulation – Expected: Approval, balance deduction.

o TC4.2: In-app tracking – Expected: Real-time update in Tokeo.

o TC4.3: Declined transaction (over limit) – Expected: Error with reason.

· Coverage: 12 end-to-end tests (mock merchants), 8 integration tests (Mastercard gateway).

5. Internal Security Quality Review

· Objective: Identify vulnerabilities.

· Approach: Static analysis (SonarQube), penetration testing (OWASP ZAP), compliance scans (GDPR/PCI-DSS).

· Test Cases:

o TC5.1: API endpoint security – Expected: No SQL injection/XSS.

o TC5.2: Data encryption – Expected: All sensitive data encrypted in transit/rest.

o TC5.3: Auth checks – Expected: MFA enforced for card actions.

· Coverage: Full codebase scan; report internal.

6. Exception Scenarios Adequately Handled

· Objective: Ensure user-friendly error management.

· Preconditions: Various failure states simulated.

· Test Cases:

o TC6.1: Insufficient Funds – Expected: Message: "Insufficient ADA balance. Please add more funds or try a smaller amount." Redirect to top-up.

o TC6.2: KYC Failure – Expected: Message: "KYC verification required. Complete it now or contact support." Link to portal/chat.

o TC6.3: Network Issues – Expected: "Transaction failed due to network congestion. Retry in 30 seconds?" Auto-retry.

o TC6.4: Invalid Inputs – Expected: "Invalid amount: Must be between €10 and €5000." Real-time validation.

o TC6.5: General Errors – Expected: "Contact Support" button with pre-filled details; escalation to ticket system.

· Coverage: 50+ scenarios in staging; user feedback simulation for messaging.

Execution and Results

• Total Tests: 150+ across levels.

• Pass Rate: 98% (minor issues fixed, e.g., UI tweaks).

• Defects: 5 low-severity (resolved); no critical.

• Tools: JIRA for tracking, Allure for reports.

Risks and Mitigations

• Risk: Blockchain volatility – Mitigation: Fallback to testnet.

• Risk: API rate limits – Mitigation: Throttling in tests.

This plan ensures the debit card is secure and ready for marketing and launch.