Scrub Payment Methods

Knowledge Center > Billing and Payments > Payment Methods > Scrub Payment Methods

Scrub Payment Methods

The General Data Protection Regulation (GDPR) enforced in May 2018 stipulates that the personally identifiable information (PII) of EU citizens must be stored in enterprises using pseudonymization or full anonymization. In compliance with GDPR, Zuora provides you with a new REST API operation called Scrub payment method to handle the PII related to payment methods. By using this API operation, you can replace all sensitive data related to a payment method with anonymized values that will be stored in Zuora databases.

Prerequisites

You must ensure that the Scrub Sensitive Data of Specific Payment Method payments permission is enabled in your user role in order to use the Scrub payment method operation. Contact your tenant administrator if you want to enable this permission. See Payments Roles for more information.

Sensitive Data related to Payment Methods

Generally, the sensitive data related to payment methods includes the following categories of data:

  • The address data for all payment methods
  • The data specific to different payment method types:
    • CreditCard: Account Number
    • ACH or Bank Transfer:
      • Bank Account / IBAN
      • Routing Number
    • PayPal:
      • Billing Agreement ID
      • Email

Scope of Scrub Payment Method API

The Scrub payment method API scrubs all sensitive data by replacing the actual value with dummy values in the following Zuora business objects: 

When scrubbing a payment method, this API will also soft-delete the payment method at the same time. Therefore, the scrubbed payment method will not be displayed from UI and you cannot perform any transaction using this payment method via API or UI.

Note that you cannot undo the scrub action. The scrubbed payment methods cannot be scrubbed again.

New Payment Method Status

You can scrub the payment methods of the Active or Closed status and the soft-deleted payment methods.

A new status called Scrubbed is introduced to indicate a payment method has been scrubbed. The Scrubbed status is the final status of a payment method, and it cannot be changed back to the Active status or the Closed status.

Payment method status machine

Relationship with Billing Account

After you have scrubbed a payment method, this payment method will be removed from your billing account. If this payment method is the default payment method, the default payment method of your account will be set to empty.

If you have selected the auto-pay check box in your billing account, this API will clear this check box.

Other Impacted Actions and Components

If you have used the Scrub payment method API to scrub a payment method, the following actions related to this payment method cannot be completed:

  • Activate payment method: The scrubbed payment method cannot be activated.
  • Close payment method: The scrubbed payment method cannot be closed.
  • Update payment method: The scrubbed payment method cannot be updated.
  • Get payment method: The scrubbed payment method cannot be queried.
  • Delete payment method: The scrubbed payment method has been deleted already.
  • Create payment: The scrubbed payment method cannot be used to create payments.
  • Create/Update Billing Account: The scrubbed payment method cannot be used to create an account or be associated with an account.

The following related components are also impacted: 

  • Payment Method Updater: PMU jobs will not update scrubbed payment methods.
  • Gateway Reconciliation: GR will not update or have any effect on scrubbed payment methods.

Limitations

  • The Scrub payment method API only handles one payment method and its related logs at one time. It does not support batch update.
  • This API requires the payment method Id as a parameter. For soft-deleted payment methods, you cannot get payment method Id by yourself. In this case, contact Zuora Global Support to retrieve your payment method Id and then make the "Scrub payment method" request.
  • If payments or refunds associated with a payment method are in the Processing status, this API will not perform the "scrub" action. An error response message will be displayed. You need to handle the processing payment or refund before scrubbing the information.
Last modified

Tags

Classifications

(not set)