My suggestion is you need to encrypt the payload using any encryption algorithm like AES or RSA so that attacker cannot get parameters easily or did not get.
Also you can apply following in client-server communication for better security,
1> Cryptographic algorithm with password based key.
2> Use of SSL