diff --git a/src/main/java/com/mastercard/developer/oauth/OAuth.java b/src/main/java/com/mastercard/developer/oauth/OAuth.java
index f95a7c7..5c79d66 100755
--- a/src/main/java/com/mastercard/developer/oauth/OAuth.java
+++ b/src/main/java/com/mastercard/developer/oauth/OAuth.java
@@ -12,7 +12,6 @@
 import java.util.Map;
 import java.util.SortedMap;
 import java.util.TreeMap;
-import java.util.UUID;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
@@ -29,6 +28,8 @@ private OAuth() {
 
   private static final Logger LOG = Logger.getLogger(OAuth.class.getName());
   private static final String HASH_ALGORITHM = "SHA-256";
+  private static final int NONCE_LENGTH = 16;
+  private static final String ALPHA_NUMERIC_CHARS = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
 
   /**
    * Creates a Mastercard API compliant OAuth Authorization header
@@ -171,13 +172,15 @@ static String toOauthParamString(SortedMap<String, List<String>> queryParamsMap,
    * Generates a random string for replay protection as per
    * https://tools.ietf.org/html/rfc5849#section-3.3
    *
-   * @return concatenation of 3 characters from the most significant bits and 13 characters from the least significant bits without dashes.
+   * @return random string of 16 characters.
    */
   static String getNonce() {
-    UUID uuid = UUID.randomUUID();
-    String least = Long.toString(uuid.getLeastSignificantBits(), Character.MAX_RADIX).replace("-", "");
-    String most = Long.toString(uuid.getMostSignificantBits(), Character.MAX_RADIX).replace("-", "").substring(0, 3);
-    return most + least;
+    SecureRandom rnd = new SecureRandom();
+    StringBuilder sb = new StringBuilder(NONCE_LENGTH);
+    for (int i = 0; i < NONCE_LENGTH; i++) {
+      sb.append(ALPHA_NUMERIC_CHARS.charAt(rnd.nextInt(ALPHA_NUMERIC_CHARS.length())));
+    }
+    return sb.toString();
   }
 
   /**