I'm always more than a little leary of testing anything related to financial services with a test flag set unless I'm absolutely sure that the inputs and outputs of my code work as expected. As for real accounts, yikes!

I think it might be a good idea to combine unit testing and mock objects with Roadster001's solution above ( sanitizer -> CC processor). Roadster001 provides a good starting point for breaking down the testing problem into unit tests. Perl has a very rich set of testing modules to get you started on creating both mock objects and test suites.

For the unit testing, you should have at least two test suites. The first would make sure that each and every method of your sanitizer generates the correct sanitized code and handles bad and evil data well. If you are not familiar with taint mode, check the perl docs and consider using it in your application and test suites. The second set of unit tests would make sure that the web requests coming out of your CC processor look exactly as they should (well formed, all fields properly filled in, including the test flag :-), and so on). Again, make sure you have tests that input garbage as well as good data.

Two other hints I find helpful when constructing unit tests are:

• always test for stupid mistakes - usually we are scared of the complex stuff, but often we get the complex stuff right because we need to think hard to write it in the first place. The throw away/pro-forma code is usually where most of the mistakes lurk in the form of cut and paste errors, typos in parameter values, failure to account for undefined values and the like.
• test to prove your code is wrong, not right - it is only natural for us to want our code to be right, but hypothesis confirmation is the fastest way to deception. There is even a psychological principle, "cognitive dissonance" which says that we will go out of our way to make things we have put effort in (i.e. our code) seem right (we don't like dissonance).

As for Perl resources, start by exploring Test::Simple and Test::More if you don't know them already. They provide a great way to compare actual and expected values from your methods. There is also a whole set of objects for simulating interaction with web servers. A search on CPAN for "Test::WWW" might be a good place to start. Putting in "Test Mock" into the CPAN search box should also yield some helpful results.

Best, beth