Encryption of Card Information
2C2P provides merchants with tools such as the JavaScript SDK to further protect sensitive information such as card data (e.g., expiry date, CVV).
With these tools, merchants do not need to undertake a complex and time-consuming PCI-DSS certification process. All the sensitive information is protected at 2C2P with the most advanced security that is compliant with PCI-DSS standards.
Import 2C2P JavaScript SDK
<script type="text/javascript" src="https://demo2.2c2p.com/2C2PFrontEnd/SecurePayment/api/my2c2p.1.6.9.min.js"></script>
<script type="text/javascript" src="https://t.2c2p.com/SecurePayment/api/my2c2p.1.7.3.min.js"></script>
Prepare Card Data Fields
To prepare card data for encryption, follow the HTML fields below. Add data-encrypt fields into the form to capture card information securely.
<form id="2c2p-payment-form" action="[MERCHANT BACKEND URL ENDPOINT]" method="POST">
<input type="text" data-encrypt="cardnumber" maxlength="16" placeholder="Credit Card Number"><br/>
<input type="text" data-encrypt="month" maxlength="2" placeholder="MM"><br/>
<input type="text" data-encrypt="year" maxlength="4" placeholder="YYYY"><br/>
<input type="password" data-encrypt="cvv" maxlength="4" autocomplete="off" placeholder="CVV2/CVC2"><br/>
<input type="submit" value="Submit">
</form>
| Attribute | Description |
|---|---|
| data-encrypt="cardnumber" | To capture the credit card number encrypted |
| data-encrypt="month" | To capture the credit card expire month encrypted |
| data-encrypt="year" | To capture the credit card expire year encrypted |
| data-encrypt="cvv" | To capture the credit card security code encrypted |
Submit Form
Submit the form via the 2C2P SDK. Validation will be performed by 2C2P.
If successfully validated, the form will be submitted to the merchant backend server. Otherwise, errors will be returned: refer to the table below for details on specific error codes.
<script type="text/javascript">
My2c2p.onSubmitForm("2c2p-payment-form", function(errCode,errDesc){
if(errCode!=0){
alert(errDesc+" ("+errCode+")");
}
});
</script>
| Error Code | Description |
|---|---|
| 0 | Success |
| 1 | Card number is required |
| 2 | Card number is invalid |
| 3 | Expiry month is required |
| 4 | Expiry month must be two numbers |
| 5 | Expiry year is required |
| 6 | Expiry year must be four numbers |
| 7 | Card already expired(year) |
| 8 | Card already expired(month) |
| 9 | Expiry month is invalid |
| 10 | CVV2/CVC2 is invalid |
Receiving the Encrypted Card Information
Below show data received in merchant backend server when the form post is successfully sent.
encryptedCardInfo=00acRSoTsZx%2BDlqelHafee8A12o5E9obn%2BURaCDt7R7cqEE4wh1n2KE7Z%2Bf4Fmk%2BtYBHNNnJKbF1dDVx8fdT4mEAXBPFfzH9yVlg5AvDirBOu1HfCHvIFUVuoBvf6pRNQ8FJXri9TfL2jQjwgRbLzJUak8Vs8Jey38J3gbKYSFbehQg%3DU2FsdGVkX19VzgmRia0WfU9TMwrKI072oifX7JLzbH57IKcwlgEUNAX7NY9YRCEm&maskedCardInfo=411111XXXXXX1111&expMonthCardInfo=12&expYearCardInfo=2025
| Parameter | Description |
|---|---|
| encryptedCardInfo | Encrypted card info This data is required to pass in to parameter securePayToken in Do Payment API if merchant is using direct integration. |
| maskedCardInfo | Masked card number |
| expMonthCardInfo | Expiry month |
| expYearCardInfo | Expiry Year |
<?php
//Encrypted card data
$encCardData = $_POST['encryptedCardInfo'];
//Retrieve card information for merchant use if needed
$maskedCardNo = $_POST['maskedCardInfo'];
$expMonth = $_POST['expMonthCardInfo'];
$expYear = $_POST['expYearCardInfo'];
//Proceed to prepare do payment request...
?>
[HttpPost]
public void PreparePaymentRequest()
{
//Encrypted card data
var encCardData = HttpContext.Current.Request.Params["encryptedCardInfo"];
var maskedCardNo = HttpContext.Current.Request.Params["maskedCardInfo"];
var expMonth = HttpContext.Current.Request.Params["expMonthCardInfo"];
var expYear = HttpContext.Current.Request.Params["expYearCardInfo"];
//Proceed to prepare do payment request...
}
Updated over 2 years ago