home

Zuora Payments

Zuora BillingZuora PaymentsZuora PlatformZuora CPQZephrZuora RevenueAccounts ReceivableRelease NotesBasicsEntitlementsSupport and policies
Zuora BillingZuora PaymentsZuora PlatformZuora CPQZephrZuora RevenueAccounts ReceivableRelease NotesBasicsEntitlementsSupport and policies

Welcome to Zuora Product Documentation

Explore our rich library of product information

Show Contents

thumbnailZuora Payments

Security measures for Payment Pages 2.0

Protect your user accounts and website

This guide offers strategies for securing user accounts and websites, including implementing Multi-Factor Authentication and Google reCAPTCHA Enterprise.

This section provides suggestions on the implementation of your own necessary security infrastructure to protect your website and user accounts.

Protect login procedures with Multi-Factor Authentication

Multi-Factor Authentication (MFA) is a security measure to confirm identity to gain access to a user’s online account. It requires the user to provide two or more verification factors rather than just asking for a username and password before logging in to a user account. Some MFA options include but are not limited to the following:

  • Email

  • SMS

  • Physical token

  • Random pin

  • Biometrics such as fingerprint

  • Authenticator application

Zuora recommends that you implement MFA on your login pages.

Protect your website with Google reCAPTCHA Enterprise

Due to the increased sophistication of fraudsters and botnet owners, new tools have been developed to distinguish between bots and humans. This technology can detect and block requests originating from a bot, while allowing legitimate traffic to pass. One example of this technology is Google reCAPTCHA Enterprise. As described by Google , Google reCAPTCHA Enterprise provides comprehensive protection against bot-based online fraud attacks while enabling real web user interactions to proceed seamlessly.

We strongly recommend that you utilize your own Google reCAPTCHA license to maximize the effectiveness of the reCAPTCHA algorithm on your web pages. As a part of Zuora’s constant effort to protect the security of Zuora’s hosted payment pages, Zuora recommends that you install Google reCAPTCHA Enterprise.

Data privacy and security in Google reCAPTCHA

Google reCAPTCHA will collect hardware and software information, such as device and application data, and send the data to Google for analysis. The information collected will be used for providing, maintaining, and improving Google reCAPTCHA functionality and for general security purposes. Google reCAPTCHA will only be used by Zuora to fight spam and abuse of the Payment Pages 2.0 functionality. Google reCAPTCHA will not be used for any other purposes, such as determining credit worthiness, employment eligibility, financial status, or insurability of an end user. The data collected by the tool will not be used for personalized advertising by Google. Zuora does not use our customer’s data for any purpose other than to provide our services, such as Payment Pages 2.0.

We strongly encourage all Zuora’s customers to review Google reCAPTCHA’s terms of use and privacy policy as they include a requirement that applicable end users are explicitly informed that Google reCAPTCHA is being used on your page in accordance with Google’s Privacy Policy and Terms of Use . Each customer is also encouraged to work with your respective legal counsel to consider whether any changes are required to your current privacy compliance program in light of Google reCAPTCHA.

Last updated: March 30, 2026