Raw credit card data is being included in the HTTP request body alongside encrypted data when client-side encryption is enabled in the Magento 2 module.

[basanskii]

Environment:

• Module "sapient/module-worldpay" version 2.4.5-p10123
• Type of the credit card form integration: Direct

Preconditions:

A. In the Adobe Commerce admin panel navigate to Stores -> Configuration -> Sales -> WorldPay -> Credit Cards B. Set Client Side Encryption Enabled to “Yes” C. Save configurations and flush cache

Steps to reproduce

1. On the Adobe Commerce storefront add a product to cart
2. Proceed to checkout
3. On payment step open browser console > network tab
4. Place order
5. Pay attention to the payload sent to /rest/default/V1/carts/mine/payment-information endpoint

Actual Result:

When client-side encryption is activated, the HTTP request body contains both encrypted data and raw credit card information, potentially exposing sensitive cardholder data:

Expected Result:

The HTTP request body, when client-side encryption is enabled, should solely contain encrypted data without any inclusion of raw credit card information. This ensures the secure handling of sensitive credit card data and compliance with data protection standards.