What is Tokenization?
Tokenization or stored card feature is a method to replace sensitive data like credit card details with
non-sensitive data. Whenever card is stored in 2C2P system payment API returns card token to merchant. This card token can be used in subsequent payment request. This allows merchant to build shopping experience where customer don’t need to enter card information every time during checkout.
Using 2C2P Tokenization merchant does not require complex and time consuming PCI-DSS certification process. All the sensitive information is only at 2C2P with most advance security and PCI-DSS compliance.
How does it work?
The merchant initially send a normal payment request with indicator to tokenize the card details.
In the payment response message 2C2P sends a random string of alphanumerical characters that represent the card details.
This Token can be stored in merchant database and can be used for later transactions. In subsequent payment request merchant does not require send card number at all. Stored card token presents card number what is sent in payment request.
Creating a token
When using this option, Merchant should ask for the card holder's consent to store the card details for future payment.
After the approval from the card holder (e.g. a check box), merchant sends an extended payment request to enable the option by adding the 'storeCard' variable.
Payment with token
Using the Token
A follow-on payment request can use the storeCardUniqueID as a replacement for the actual card number. You will still need to ask the user to enter the securityCode value as this item cannot be stored.
It is good practice to provide the masked pan (included in the initial response as pan) to the customer and implement a secured data entry to collect the CVV code as it cannot be stored.
The card holder can select the card he wants to use (if more then one) and add the CVC / CVV code in the selection screen. This code cannot be stored and will need to be added for a recurring transaction. You can use the same encrypted card detail setup to collect the CVC only.
It is then submitted with the relevant Token to the 2C2P payment service.
Integrate with 3DS/Non-3DS payment
What is 3D-Secure
3D-Secure is authentication protocol for e-commerce transaction where card is not present on time of the purchase. Initially developed by VISA and known as Verified by VISA. 3D-Secure is adapted by all the major card schemes such as MasterCard, Amex, JCB and Discovery.
Merchant customers with 3D-Secure enabled credit/debit card will be redirected to bank website to complete authentication. Typically cardholder enter OTP (One-Time-Password) in bank website to authenticate as genuine holder of the card that is being used.
After authentication process is done the user is redirected back to 2C2P payment gateway with authentication result.
- Prevent fraudulent use of credit/debit cards in online payments
- Increase customer confidence in online payments with 3D-Secure merchant
- Protect merchant on chargeback cases with liability shift when 3D-Secure authentication is used
process flow of 3D-Secure transactions:
Alternative Payment Methods
'Alternative Payment Method' allows merchant to collect payment with alternative methods such as bank transfer, iBanking, mBanking, webPay, Kiosk, ATM machines, cash over the counter and over bank branches.
2C2P works with more than 100 partners covering 320,000 physical payment location across SEA in a rapidly growing network.
Agents and Channels list can be found in the link below:
Process flow of Offline APM payment:
Process flow of Online APM payment: