We’ve been working in the Paypal sandbox and Authorize.net test account lately and neither really feel like the real thing. Paypal’s sandbox is slow as molasses, among other very irritating foibles. Testers need to login separately in the sandbox, while this really should be done through code and be transparent to the users testing the frontend of a web application. The fake credit card numbers provided with the sandbox also most often don’t work properly. It feels like pulling teeth to test an end-to-end transaction.
At the end of the day we decided Paypal was too amateurish in lots of ways. Their Payflow gateway has a dismal service reputation since they acquired it from Verisign so we’re going with the whole Authorize.net + merchant account shebang instead. Our tests there look better though, here again, you don’t get the feeling the test account behaves fully like the real thing. Also, despite being one of the leading payment gateways, Authorize.net doesn’t seem to have a health status page a la trust.salesforce.com.
Web service vendors and API providers, if you’re providing a sandbox, please, make it work like your full-fledged product, and don’t run it off an old Pentium in your basement.