By default, in Payment Pages 2.0, Zuora tenant enables the client-side encryption of credit card fields using the Public Key for additional security, even while being transmitted via HTTPS.
In the credit card type Payment Pages, construct the string for the encrypted_values field using the following information:
  • Credit card number (field_CreditCardNumber)
  • Credit card security code (field_CreditCardSecurityCode)
  • Credit card expiration month (field_CreditCardExpirationMonth)
  • Credit card expiration year (field_CreditCardExpirationYear)
The encrypted_values string should be formatted as:


You need to encrypt the above string with the public key and set the encrypted string to field ‘encrypted_values’. You can use the RsaEncrypter.encrypt java function defined in the Zuora security library to encrypt the string.

The following is a sample code to encrypt credit card information. The code below depends on several libraries. You can find those libraries in Payment Pages 2.0 sample code repository.

import org.apache.commons.codec.binary.Base64;
String unencrypted_values = "#" + creditCardNumber + "#" + cardSecurityCode + "#" + creditCardExpirationMonth + "#" + creditCardExpirationYear;
String encrypted_values = RsaEncrypter.encrypt(new String(Base64.encodeBase64(unencrypted_values.getBytes())), publicKey);

Supporting References: