Encryption of Card Information

2C2P provides merchants with tools such as the JavaScript SDK to further protect sensitive information such as card data (e.g., expiry date, CVV).

With these tools, merchants do not need to undertake a complex and time-consuming PCI-DSS certification process. All the sensitive information is protected at 2C2P with the most advanced security that is compliant with PCI-DSS standards.


Import 2C2P JavaScript SDK

<script type="text/javascript" src="https://demo2.2c2p.com/2C2PFrontEnd/SecurePayment/api/my2c2p.1.6.9.min.js"></script>
<script type="text/javascript" src="https://t.2c2p.com/SecurePayment/api/my2c2p.1.7.3.min.js"></script>


Prepare Card Data Fields

To prepare card data for encryption, follow the HTML fields below. Add data-encrypt fields into the form to capture card information securely.

<form id="2c2p-payment-form" action="[MERCHANT BACKEND URL ENDPOINT]" method="POST"> 
    <input type="text" data-encrypt="cardnumber" maxlength="16" placeholder="Credit Card Number"><br/>
    <input type="text" data-encrypt="month" maxlength="2" placeholder="MM"><br/>
    <input type="text" data-encrypt="year" maxlength="4" placeholder="YYYY"><br/>
    <input type="password" data-encrypt="cvv" maxlength="4" autocomplete="off" placeholder="CVV2/CVC2"><br/>
    <input type="submit" value="Submit">
data-encrypt="cardnumber"To capture the credit card number encrypted
data-encrypt="month"To capture the credit card expire month encrypted
data-encrypt="year"To capture the credit card expire year encrypted
data-encrypt="cvv"To capture the credit card security code encrypted


Submit Form

Submit the form via the 2C2P SDK. Validation will be performed by 2C2P.

If successfully validated, the form will be submitted to the merchant backend server. Otherwise, errors will be returned: refer to the table below for details on specific error codes.

<script type="text/javascript">
    My2c2p.onSubmitForm("2c2p-payment-form", function(errCode,errDesc){
            alert(errDesc+" ("+errCode+")");
Error CodeDescription
1Card number is required
2Card number is invalid
3Expiry month is required
4Expiry month must be two numbers
5Expiry year is required
6Expiry year must be four numbers
7Card already expired(year)
8Card already expired(month)
9Expiry month is invalid
10CVV2/CVC2 is invalid


Receiving the Encrypted Card Information

Below show data received in merchant backend server when the form post is successfully sent.

encryptedCardInfoEncrypted card info

This data is required to pass in to parameter securePayToken in Do Payment API if merchant is using direct integration.
maskedCardInfoMasked card number
expMonthCardInfoExpiry month
expYearCardInfoExpiry Year
	//Encrypted card data
	$encCardData = $_POST['encryptedCardInfo'];

	//Retrieve card information for merchant use if needed
	$maskedCardNo = $_POST['maskedCardInfo'];
	$expMonth = $_POST['expMonthCardInfo'];
	$expYear = $_POST['expYearCardInfo'];

	//Proceed to prepare do payment request...
public void PreparePaymentRequest()
     //Encrypted card data
     var encCardData = HttpContext.Current.Request.Params["encryptedCardInfo"];
     var maskedCardNo = HttpContext.Current.Request.Params["maskedCardInfo"];
  	 var expMonth = HttpContext.Current.Request.Params["expMonthCardInfo"];
     var expYear = HttpContext.Current.Request.Params["expYearCardInfo"];

     //Proceed to prepare do payment request...