Skip to main content

How do I allow customers to modify their stored payment methods?


How do I allow customers to modify their stored payment methods?

A payment method in Zuora can be either electronic or external. An electronic payment method is the actual information, for example credit card number, used to process an electronic payment with a gateway or processor.  External payments are payments which occurred through a different system and are recorded in Zuora. Examples of external payment methods include check or wire transfer. Payment methods are stored on each Zuora customer account. You have the option to identify which payment method is default (more than one payment method can be stored in a customer account), but you can use any payment method to process a payment. Each payment method has a unique ID (a token) in Zuora. It is not possible to display the full account information (such as the unencrypted credit card number or ACH account number), however, it is possible to use this unique ID to retrieve and display certain payment method information, such as address and expiration date.


Payment methods can be created via the Zuora user interface, Z-Force, API, or using Zuora's Hosted Payment Pages (a premium feature). Zuora is PCI compliant so you can use our Z-Payments page embedded on your website to allow your customer to enter and store new electronic payment method information directly into Zuora. Regardless of how you enter the the payment method in Zuora, Zuora will provide a unique id/token that you can use to manage the payment methods or create new payments.

For customers that are not PCI compliant, Zuora's best practice is to use PCI-compliant hosted payment method page or Zuora user interfaces to create new payment methods.

For customers that are PCI compliant, best practice is to use Zuora APIs in addition to any of the above means.

Once the Payment Method is created, you can allow your customer to manage their payment method without having to be concerned with PCI compliance. The most common use cases are:

  • Update Payment Method expiration date: By using the token to identify a specific Zuora credit card payment method, you can allow your customer to modify that method's expiration date.  However, it is not possible to update the credit card number when you update the payment method. Zuora also has added the flexibility to automatically re-validate the payment method with the updated credit card information with your Zuora gateway.  By allowing your customer to update their payment method expiration date online, you can increase the likelihood that future payments will be successfully processed for this customer.
  • Update Payment Method Address: If you are using the address as part of your validation, by using the Address Verification Service (AVS) with the gateway, it is recommended that you allow your customer to update the address associated with that payment method.
  • Select default payment method: For most subscription businesses, changing the default payment method is really replacing the payment method. Unless you have a specific use case, the goal of the default payment method is to have a payment method on file for recurring payments. This is very different from the product based world where you may choose to purchase one order with one credit card (for example, your personal card) and a follow on order with another card (for example, your corporate card). With this in mind, many customers only create new payment methods to replace the existing default payment method. Nevertheless, Zuora supports a model where you can store multiple payment methods and allow your customers to select their own default payment method at any time.

Zuora also supports automated services such as the payment method updater where you can request automatic updates of Visa and/or MasterCard information.