Client Side Encryption

eWAY’s Client Side Encryption securely encrypts sensitive credit card information in the customer’s browser so that a non-pci compliant merchant can accept the form data on their system and then process the payment directly with eWAY using Rapid 3.1 API  Direct Connection.

This allows merchants to handle the front end of the payment process completely and then process the payment in their back end. Customers have a uniform payment experience on the merchant’s website creating confidence and improving sales.


Asymmetric encryption is used to encrypt the sensitive data using a public key from an RSA public/private key pair. The data is then only able to be decrypted by eWAY’s servers using the stored private key. The public key is made available to the merchant for encryption, however the private key is retained by eWAY so that only eWAY is able to decrypt sensitive data.

In this way a merchant can simply encrypt the sensitive data in the client browser, then pass it through their server and make the direct payment with eWAY

PCI DSS Review of the eWAY API

Become an eWAY merchant today.

With 24/7 support, over 250 integrations and 20+ years experience – the team at eWAY are here to provide you with the leading all-in-one payments solution.