A couple of things ...
1. the string you posted is a valid string, and works fine in DevTest. I still presume that the full stops are representing unprintable characters, so return a byte array from "NEW_DDA" in your script and run it in ITR to see what the non-printable characters are.
2. The value isn't encrypted. It's just base-64 encoded, and can be decoded. When this is done (using whatever the full stops are marking as delimiters), you get:
{"alg":"none"}
{"sub":"f0b9998ea97d535e1e265554666e2e3adaf7e25780329a24e6773399f953f41c","iss":"com.pnc.retail.deposit-account","enc":true}
I would expect that your client requires a unique value for "sub", or perhaps that value is used for correlation? In either case, you should add a response-side scriptable DPH to decode the base-64 encoding during record and encode the values during replay, concatenating the base-64-encoded values with your unprintable character.
Rick