A while ago I answered the following question on SearchSoftwareQuality.com’s Ask The Software Quality Expert: Questions & Answers.

Are there any automated test tools that can be used to test a payment gateway?

Here is a clip from my answer:

There are many tools out there that will aid you in the testing of the connection and transport. A couple of tools that come to mind are Mindreef SOAPscope, IBM Rational for SOA Quality, and SoapUI. Each of those will allow you to build test beds of request and response XMLs for testing a Web service. If your payment gateway isn't a Web service (and it very well may not be), you'll need to find or build a tool that allows you to connect to that interface. In most cases, building a lightweight tool to aid with manual testing or to allow for regression testing isn't too difficult.

If you're testing authorization, most likely you're just designing test cases focused on that aspect of system functionality or data. If you have the right amount of test data available, you can automate the generation of the test cases based on a model, but most likely just thinking about the problem and designing and executing the right tests will be less cumbersome than worrying about automation. If you are just looking for regression tests for authorization, use the same tool you use for testing the connection and transport.

If you want to test the encryption, there are a number of tools that can help, but I don't know of any that automate that testing. (Disclaimer: this doesn't mean automated encryption testing tools don't exist.) I would start by looking at Wireshark or WebScarab. I've used both and found them easy to get set up and started with.

You can find the full posting here.

I'd be interested to know what tools others have used for these types of things. I've also worked with a lot of homegrown tools for things like this, and I know there are several large commercial security testing suites out there that I've not used yet which might solve these problems.