Having your payment calls go through the HTTPS protocol is the best way. In fact, even if you found a better way to obfuscate the data you are sending, if the counterpart does not share the same logic it will be useless.
All sensible and risky data like this should live only under the HTTPS protocol.