diff --git a/app/controllers/spree/admin/payment_methods_controller.rb b/app/controllers/spree/admin/payment_methods_controller.rb
index acd8de697b..d82ea21aec 100644
--- a/app/controllers/spree/admin/payment_methods_controller.rb
+++ b/app/controllers/spree/admin/payment_methods_controller.rb
@@ -15,7 +15,7 @@ module Spree
         @payment_method = params[:payment_method].
           delete(:type).
           constantize.
-          new(payment_method_params)
+          new(PermittedAttributes::PaymentMethod.new(params[:payment_method]).call)
         @object = @payment_method
 
         invoke_callbacks(:create, :before)
@@ -92,17 +92,6 @@ module Spree
 
       private
 
-      def payment_method_params
-        params.require(:payment_method).permit(
-          :name, :description, :type, :active,
-          :environment, :display_on, :tag_list,
-          :preferred_enterprise_id, :preferred_server, :preferred_login, :preferred_password,
-          :calculator_type, :preferred_api_key,
-          :preferred_signature, :preferred_solution, :preferred_landing_page, :preferred_logourl,
-          :preferred_test_mode, distributor_ids: []
-        )
-      end
-
       def force_environment
         params[:payment_method][:environment] = Rails.env unless spree_current_user.admin?
       end
@@ -164,7 +153,7 @@ module Spree
       # Also, remove password if present and blank
       def params_for_update
         gateway_params = params[ActiveModel::Naming.param_key(@payment_method)] || {}
-        params_for_update = payment_method_params.merge(gateway_params)
+        params_for_update = params[:payment_method].merge(gateway_params)
 
         params_for_update.each do |key, _value|
           if key.include?("password") && params_for_update[key].blank?
@@ -172,7 +161,7 @@ module Spree
           end
         end
 
-        params_for_update
+        PermittedAttributes::PaymentMethod.new(params_for_update).call
       end
     end
   end
diff --git a/app/services/permitted_attributes/payment_method.rb b/app/services/permitted_attributes/payment_method.rb
new file mode 100644
index 0000000000..bfe3238fb8
--- /dev/null
+++ b/app/services/permitted_attributes/payment_method.rb
@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+module PermittedAttributes
+  class PaymentMethod
+    def initialize(params)
+      @params = params
+    end
+
+    def call
+      @params.permit(
+        [:name, :description, :type, :active,
+         :environment, :display_on, :tag_list,
+         :preferred_enterprise_id, :preferred_server, :preferred_login, :preferred_password,
+         :calculator_type, :preferred_api_key,
+         :preferred_signature, :preferred_solution, :preferred_landing_page, :preferred_logourl,
+         :preferred_test_mode, :calculator_type, { distributor_ids: [] },
+         { calculator_attributes: [:id, :preferred_currency, :preferred_amount] }]
+      )
+    end
+  end
+end