I had a bit of a scare at work today, thinking that a site that accepts credit card payments was allowing them to go through without running the charge through the payment gateway. I hadn’t touched that part of the site in quite a while, and was trying to figure out if the gateway supported American Express cards. To quickly check if the gateway was being used or bypassed when in a test mode, I threw in ‘12345’ as a card number. When the form went through its processing and sent me to the thank you page, I ran the same number in production mode. To my surprise, it went through again.

I spent some time throwing in debug statements to find out where the code was getting to and why it wasn’t running the charge, only to find that past me had set it up to bypass the gateway all the time for my user, even in production mode. I don’t normally do a test like that, and wouldn’t think I’d want to leave it there if I did. So, to save stress on future me, I commented out the bit of code that did that.