Scrub Payment Methods
Certain applicable privacy laws, including the GDPR and the California Consumer Privacy Act (CCPA), require that personal data of data subjects must be deleted or permanently anonymized when no longer needed for the purposes for which it was obtained (such as processing credit card payments).
To support your compliance with applicable privacy laws, Zuora provides a REST API operation called Scrub payment method. You can use this operation to anonymize (or scrub) personal data related to payment methods when the data is no longer needed, or if a data subject requests that you delete personal data.
Prerequisites
You must ensure that the Scrub Sensitive Data of Specific Payment Method payments permission is enabled in your user role in order to use the Scrub payment method operation. Contact your tenant administrator if you want to enable this permission. See Payments Roles for more information.
Sensitive data related to payment methods
Generally, the sensitive data related to payment methods includes the following categories of data:
- The address data for all payment methods
- The data specific to different payment method types:
- CreditCard: Account Number
- ACH or Bank Transfer:
- Bank Account / IBAN
- Routing Number
- PayPal:
- Billing Agreement ID
Scope of Scrub payment method API
The Scrub payment method API scrubs all sensitive data by replacing the actual value with dummy values in the following Zuora business objects:
- Payment Method: For the scrubbed fields and dummy values, see Scrubbed Fields in Payment Method for more information.
- Payment Method Snapshot: For the scrubbed fields and dummy values, see Scrubbed Fields in Payment Method Snapshot for more information.
- Payment Transaction Log: For the scrubbed fields and dummy values, see Scrubbed Fields in Payment Transaction Log for more information.
- Payment Method Transaction Log: For the scrubbed fields and dummy values, see Scrubbed Fields in Payment Method Transaction Log for more information.
- Refund Transaction Log: For the scrubbed fields and dummy values, see Scrubbed Fields in Refund Transaction Log for more information.
When scrubbing a payment method, this API will also soft-delete the payment method at the same time. Therefore, the scrubbed payment method will not be displayed from UI and you cannot perform any transaction using this payment method via API or UI.
Note that you cannot undo the scrub action. The scrubbed payment methods cannot be scrubbed again.
New payment method status
You can scrub the payment methods of the Active or Closed status and the soft-deleted payment methods.
A new status called Scrubbed is introduced to indicate a payment method has been scrubbed. The Scrubbed status is the final status of a payment method, and it cannot be changed back to the Active status or the Closed status.
Relationship with billing account
After you have scrubbed a payment method, this payment method will be removed from your billing account. If this payment method is the default payment method, the default payment method of your account will be set to empty.
If you have selected the auto-pay checkbox in your billing account, this API will clear this checkbox.
Other impacted actions and components
If you have used the Scrub payment method API to scrub a payment method, the following actions related to this payment method cannot be completed:
- Activate payment method: The scrubbed payment method cannot be activated.
- Close payment method: The scrubbed payment method cannot be closed.
- Update payment method: The scrubbed payment method cannot be updated.
- Get payment method: The scrubbed payment method cannot be queried.
- Delete payment method: The scrubbed payment method has been deleted already.
- Create payment: The scrubbed payment method cannot be used to create payments.
- Create/Update Billing Account: The scrubbed payment method cannot be used to create an account or be associated with an account.
The following related components are also impacted:
- Payment Method Updater: PMU jobs will not update scrubbed payment methods.
- Gateway Reconciliation: GR will not update or have any effect on scrubbed payment methods.
Limitations
- The Scrub payment method API only handles only one payment method and its related logs at a time. It does not support processing payment methods in batches.
- This API requires the payment method Id as a parameter. For soft-deleted payment methods, you cannot get payment method Id by yourself. In this case, contact Zuora Global Support to retrieve your payment method Id and then make the Scrub payment method request.
- If payments or refunds associated with a payment method are in the Processing status, this API will not perform the scrub action. An error response message will be displayed. You need to handle the processing payment or refund before scrubbing the information.