You don't have to put any information in, push 'Pay' and it'll show you the encrypted text and the decrypted text. I know the key to decrypt are sent to the next page too, but ignore it, it wouldn't be there in the final release.
So as an eavesdropping cracker, how hard would it be to crack the encrypted text sent? I was thinking, does knowing the fact that the first part of the text sent is always "PayData_" allow one to crack the decryption number? You could run a brute-force attack until the decryption of the first 3 blocks returns "PayData_", and bingo, you have the key to get the rest of the data.
How secure would say this is? Good enough for use, or really easy to crack without breaking a sweat?