2C2P Security Measures
Security is one of the most important items to consider when processing online transactions and payment processes. Therefore we have put security at the center of everything we do.
Below you can find a selection of security measures applied by 2C2P.
If you have further questions after reading this, please contact us.
PCI DSS Certification
2C2P is fully compliant with PCI DSS 3.2 and certified as a Level 1 Service Provider, which is the key security standard within the payments industry.
Our company is regularly assessed for PCI DSS Compliance by Trustwave, a QSA for the Payment Card Industry Security Standards Council.
PA DSS and how our services are secured at the application level
PCI DSS is a generic protocol that covers the entire cardholder data ecosystem and addresses security of payment applications. PA DSS does take data security to the next level and validates data security for specific applications that are sold to / provide services to 3rd parties.
Items that are typically included in the scope of PA DSS are:
- Do not retain full magnetic stripe, card validation code or value, PIN or PIN block data.
- Protect stored cardholder data (encryption)
- Provide secure authentication features.
In the case of 2C2P the applications that are certified under PA DSS are the:
- Payment Gateway (payment processing) and the
- Card Issuing Service
For further details please see the following document here
HTTPS to ensure Secure Communication
2C2P enforces the use HTTPS for all services using TLS (SSL). This includes the following:
- 2C2P merchant portal
- API’s are served only over TLS
We regularly audit the details of our implementation: the certificates we serve, the certificate authorities we use, and the ciphers we support.
Data Encryption and Safety Measures
2C2P does encrypt all card numbers internally using AES encryption protocol. Card numbers and other sensitive data are stored, decrypted, and processed in an environment separate from the rest of the infrastructure (e.g. API, websites).
2C2P applies anti-DDOS solutions on all payment services and uses HSM for secure key management.
Fraud Protection and 3DSecure
2C2P uses an integrated fraud protection engine to detect and track fraudulent payments in real time. We use the 3DSecure protocol in its various iterations, such as Verified by Visa, MasterCard Secure Code and J/Secure to ensure that you and your customers are protected from e-commerce fraud.