Rails AJAX PUT / PATCH错误

I'm trying to send a PATCH (or PUT, I've tried both) AJAX call from a coffeescript to a rails controller. I'm getting a NoMethodError:

Started PUT "/credit_cards/2" for 127.0.0.1 at 2014-03-22 22:12:02 -0500
Processing by CreditCardsController#update as JSON
  Parameters: {"credit_card"=>"{\"accountBalance\":49}", "id"=>"2"}
  CreditCard Load (0.2ms)  SELECT "credit_cards".* FROM "credit_cards" WHERE "credit_cards"."id" = ? LIMIT 1  [["id", "2"]]
Completed 500 Internal Server Error in 2ms

NoMethodError (undefined method `permit' for "{\"accountBalance\":49}":String):
  app/controllers/credit_cards_controller.rb:72:in `credit_card_params'
  app/controllers/credit_cards_controller.rb:44:in `block in update'
  app/controllers/credit_cards_controller.rb:43:in `update'

I set up my AJAX call like this:

accountJson = "{\"accountBalance\":#{@account.accountBalance}"
$.ajax "/credit_cards/#{@selectedCard}",
    type:'PUT'
    dataType:'json'
    data: 
        'credit_card' : accountJson
    error:(jqXHR, textStatus, errorThrown)->
        alert "AJAX Error: #{textStatus}"
        currentAtm.fundsNotWithdrawn()
    success: (data, textStatus, jqXHR) ->
        currentAtm.fundsWithdrawn()

The controller looks like this (I haven't modified it yet, so it should be stock):

class CreditCardsController < ApplicationController
  before_action :set_credit_card, only: [:show, :edit, :update, :destroy]

  # GET /credit_cards
  # GET /credit_cards.json
  def index
    @credit_cards = CreditCard.all
  end

  # GET /credit_cards/1
  # GET /credit_cards/1.json
  def show
  end

  # GET /credit_cards/new
  def new
    @credit_card = CreditCard.new
  end

  # GET /credit_cards/1/edit
  def edit
  end

  # POST /credit_cards
  # POST /credit_cards.json
  def create
    @credit_card = CreditCard.new(credit_card_params)

    respond_to do |format|
      if @credit_card.save
        format.html { redirect_to @credit_card, notice: 'Credit card was successfully created.' }
        format.json { render action: 'show', status: :created, location: @credit_card }
      else
        format.html { render action: 'new' }
        format.json { render json: @credit_card.errors, status: :unprocessable_entity }
      end
    end
  end

  # PATCH/PUT /credit_cards/1
  # PATCH/PUT /credit_cards/1.json
  def update
    respond_to do |format|
      if @credit_card.update(credit_card_params)
        format.html { redirect_to @credit_card, notice: 'Credit card was successfully updated.' }
        format.json { head :no_content }
      else
        format.html { render action: 'edit' }
        format.json { render json: @credit_card.errors, status: :unprocessable_entity }
      end
    end
  end

  # DELETE /credit_cards/1
  # DELETE /credit_cards/1.json
  def destroy
    @credit_card.destroy
    respond_to do |format|
      format.html { redirect_to credit_cards_url }
      format.json { head :no_content }
    end
  end

  private
    # Use callbacks to share common setup or constraints between actions.
    def set_credit_card
      @credit_card = CreditCard.find(params[:id])
    end

    # Never trust parameters from the scary internet, only allow the white list through.
    def credit_card_params
      params.require(:credit_card).permit(:accountBalance, :pin)
    end
end

I'm using Rails v4.0.4. Can someone tell me what I'm doing wrong?