Encryption of Card Information

2C2P provides merchants with tools such as the JavaScript SDK to further protect sensitive information such as card data (e.g., expiry date, CVV).

With these tools, merchants do not need to undertake a complex and time-consuming PCI-DSS certification process. All the sensitive information is protected at 2C2P with the most advanced security that is compliant with PCI-DSS standards.

 

Import 2C2P JavaScript SDK


<script type="text/javascript" src="https://demo2.2c2p.com/2C2PFrontEnd/SecurePayment/api/my2c2p.1.6.9.min.js"></script>
<script type="text/javascript" src="https://t.2c2p.com/SecurePayment/api/my2c2p.1.7.3.min.js"></script>

 

Prepare Card Data Fields


To prepare card data for encryption, follow the HTML fields below. Add data-encrypt fields into the form to capture card information securely.

<form id="2c2p-payment-form" action="[MERCHANT BACKEND URL ENDPOINT]" method="POST"> 
    <input type="text" data-encrypt="cardnumber" maxlength="16" placeholder="Credit Card Number"><br/>
    <input type="text" data-encrypt="month" maxlength="2" placeholder="MM"><br/>
    <input type="text" data-encrypt="year" maxlength="4" placeholder="YYYY"><br/>
    <input type="password" data-encrypt="cvv" maxlength="4" autocomplete="off" placeholder="CVV2/CVC2"><br/>
    <input type="submit" value="Submit">
</form>

Attribute

Description

data-encrypt="cardnumber"

To capture the credit card number encrypted

data-encrypt="month"

To capture the credit card expire month encrypted

data-encrypt="year"

To capture the credit card expire year encrypted

data-encrypt="cvv"

To capture the credit card security code encrypted

 

Submit Form


Submit the form via the 2C2P SDK. Validation will be performed by 2C2P.

If successfully validated, the form will be submitted to the merchant backend server. Otherwise, errors will be returned: refer to the table below for details on specific error codes.

<script type="text/javascript">
    My2c2p.onSubmitForm("2c2p-payment-form", function(errCode,errDesc){
        if(errCode!=0){
            alert(errDesc+" ("+errCode+")");
        }
    });
</script>

Error Code

Description

0

Success

1

Card number is required

2

Card number is invalid

3

Expiry month is required

4

Expiry month must be two numbers

5

Expiry year is required

6

Expiry year must be four numbers

7

Card already expired(year)

8

Card already expired(month)

9

Expiry month is invalid

10

CVV2/CVC2 is invalid

 

Receiving the Encrypted Card Information


Below show data received in merchant backend server when the form post is successfully sent.

encryptedCardInfo=00acRSoTsZx%2BDlqelHafee8A12o5E9obn%2BURaCDt7R7cqEE4wh1n2KE7Z%2Bf4Fmk%2BtYBHNNnJKbF1dDVx8fdT4mEAXBPFfzH9yVlg5AvDirBOu1HfCHvIFUVuoBvf6pRNQ8FJXri9TfL2jQjwgRbLzJUak8Vs8Jey38J3gbKYSFbehQg%3DU2FsdGVkX19VzgmRia0WfU9TMwrKI072oifX7JLzbH57IKcwlgEUNAX7NY9YRCEm&maskedCardInfo=411111XXXXXX1111&expMonthCardInfo=12&expYearCardInfo=2025

Parameter

Description

encryptedCardInfo

Encrypted card info

This data is required to pass in to parameter securePayToken in Do Payment API if merchant is using direct integration.

maskedCardInfo

Masked card number

expMonthCardInfo

Expiry month

expYearCardInfo

Expiry Year

<?php 
    //Encrypted card data
    $encCardData = $_POST['encryptedCardInfo'];

    //Retrieve card information for merchant use if needed
    $maskedCardNo = $_POST['maskedCardInfo'];
    $expMonth = $_POST['expMonthCardInfo'];
    $expYear = $_POST['expYearCardInfo'];

    //Proceed to prepare do payment request...
    
?>
[HttpPost]
public void PreparePaymentRequest()
{
     //Encrypted card data
     var encCardData = HttpContext.Current.Request.Params["encryptedCardInfo"];
     var maskedCardNo = HttpContext.Current.Request.Params["maskedCardInfo"];
     var expMonth = HttpContext.Current.Request.Params["expMonthCardInfo"];
     var expYear = HttpContext.Current.Request.Params["expYearCardInfo"];

     //Proceed to prepare do payment request...
}