Welcome to Zuora Product Documentation

Explore our rich library of product information

An example for securing a Payment Page 2.0

Learn how to implement security measures for Payment Page 2.0, including email and SMS MFA, CAPTCHA challenges, and configuring tenant-level settings.

Here is an example of implementing security measures for a Payment Page 2.0:

  1. To protect your user account, implement one of the following security measures to protect your user account signup and login from malicious use of fake email address or phone number to register as a new user:
    • Email MFA

    • SMS MFA

  2. Implement CAPTCHA challenges on your login page and any other pages that can navigate to the web page with Zuora Payment Page iFrame.
  3. When configuring the tenant-level Payment Page 2.0 settings, complete the following configurations:
    • Configure your own Google Cloud Enterprise account credentials.

    • If you use client parameters in your request for rendering or submitting a hosted payment page, enable Validate Client-Side HPM Parameters .

  4. When creating or editing a Payment Page 2.0, enable and configure the following security measures provided by Zuora:
    • Configure the Token Expiration feature by setting 3 for the Limit the number of submissions before blocking submission field.

    • Enable the Google reCAPTCHA Enterprise checkbox version on your hosted payment page by selecting the option and setting 0.85 for the Risk Score Threshold field.

    • If the gateway supports 3D Secure 2.0, enable it for your hosted payment page by selecting this option.

  5. Customize how you want to display the messages for the following error codes based on the fields that caused the error:
    • Attempt_Exceed_Limitation

    • ReCaptcha_Validation_Failed

    • Submit_Too_Quick

For detailed instructions on each step, see Protect your website and user accounts and Secure your Payment Pages 2.0 integration with Zuora security measures in the preceding sections. For more detailed information, see Security measures for Payment Pages 2.0.