By default, in Payment Pages 2.0, Zuora tenant enables the client-side encryption of credit card fields using the Public Key for additional security, even while being transmitted via HTTPS.
- Credit card number (field_CreditCardNumber)
- Credit card security code (field_CreditCardSecurityCode)
- Credit card expiration month (field_CreditCardExpirationMonth)
- Credit card expiration year (field_CreditCardExpirationYear)
You need to encrypt the above string with the public key and set the encrypted string to field ‘encrypted_values’. You can use the RsaEncrypter.encrypt java function defined in the Zuora security library to encrypt the string.
The following is a sample code to encrypt credit card information. The code below depends on several libraries. You can find those libraries in Payment Pages 2.0 sample code repository.
String unencrypted_values = "#" + creditCardNumber + "#" + cardSecurityCode + "#" + creditCardExpirationMonth + "#" + creditCardExpirationYear;
String encrypted_values = RsaEncrypter.encrypt(new String(Base64.encodeBase64(unencrypted_values.getBytes())), publicKey);