September 10, 2013 by Roman Ožana

FAQs About Testomato’s Paymill Payment System


We’ve had some request this week from users to clarify exactly how our payment system works.

Your security is very important to our team. So, we wanted to make sure that it’s clear for anyone who is considering an upgrade.

Here are some of the questions that were most commonly asked:

What happens when I enter my credit card and CRC codes, and click SUBMIT? 

  1. We prepare an asynchronous HTTPS request to Paymill’s API. Any sensitive data is sent directly to Paymill, which returns a paymillToken or Error.
  2. Once we receive the paymillToken from Paymill’s API, we add the following input to our form:$form.append’<input type=”hidden” name=”paymillToken” id=”paymillToken” value”” + result.token + “”>’
  3. Afterwards, we send POST form data (e.g. billing address + paymillToken) to our server.

What happens to my sensitive inputs such as my “card-number” or “card-security-number”? 

These sensitive inputs do not name attributes. They are ignored and will not be present in the POST form data. For more information, please visit:

Will any of my credit card data be transferred, logged, or saved on your servers?

No, none of your credit card data will ever be transferred, logged, or saved to the Testomato servers! The paymillToken simply proves that you can pay for our services.

How exactly does the Paymill bridge work? 

To learn more about the bridge, please read Paymill’s documentation:

You can also check out this blog post to learn more about our paid plans.

Still have more questions? 

Don’t hesitate to get in touch here or on Facebook. Or, tweet us directly @testomatocom. You can also email us directly at

Is your website available? Testomato can check your website availability every 15 seconds from 10 different locations around the world and will send you an alert if the site is unavailable.

Keep track of the important parts of your website with simple checks that can run every minute. They can check plain words, HTML code, HTTP headers, redirects … and much more. Never miss anything.

Websites break, it happens all time. You'll be the first to know. Testomato has an extensive database of and will let you know if it finds any error on monitored url.