Copyright © 2008-2017 Auric Systems International. All rights reserved.

Contact with any questions regarding this software.

Auric’s current service offerings are available at


The CN!Express® payment application is sunset. Please see the sunset FAQ. 14 October 2016


  • Support for new Mastercard BIN Range 222100-272099.

  • Added Transfer Chunk Size setting to Advanced/PaymentVault™ tab. Controls maximum number of tokens (UTIDS) bulk-transferred to the PaymentVault™ service.

  • Increased PaymentVault™ bulk transfer wait timeout from 60 to 120 seconds. Helps with clients experiencing locally slow network connections while transferring large number of bulk tokens.

  • Correct problem where ICV YYMM flag being set False would cause export failure.

  • Do not return UTID if ACCT (credit card number) is blank.

  • Reduces confusion when processing processor-based tokens.

  • In some situations, two UTIDs were being generated for the same transaction.

  • Force SSL outbound SSL connections to TLSv1 now that SSLv3 is deprecated.

  • Previous versions will still properly negotiate up to TLSv1 — this version starts there.

  • Upgrade OpenSSL to 0.9.8zc


  • Change Litle&Co.. references to Vantiv

  • Added support for Vantiv tokens.

Payflow Pro

  • Added support for Payflow Pro CAPTURECOMPLETE flag on deposits.

  • CN!Express® field is CAPCOMPL and can be found in the configuration utility under the Additional Credit Card field. 06 March 2014


  • Corrected problem with new binrange checking code that kept CVV/CID values from being transmitted when UTIDs were submitted instead of Accounts.

  • Also caused CVV/CID transmission failure for American Express cards. 24 February 2014


  • Special Debugging Build with modified masking of CVV codes. Now displays first character and length of data transmitted.

  • Changes to front-end web log and back-end gateway log. 17 October 2013


  • Card type (Method of Payment) is now determined via a lookup table stored in the .\bins directory. Bins can now be updated without code modification. Currently recognizes MasterCard, Visa, American Express, Discover and JCB. Other card types (methods of payment) must be specified explicitly in the transaction.

  • Upgraded the Firebird database to latest 2.1.5. Possible data corruption has been reported in the field with 2.1.4 so this upgrade is recommended. Firebird has also corrected a possible buffer overflow when using the remote server. Most CN!Express® users use the embedded server which does not have this security issue.

  • Installer would overwrite the certs\.PEM files. Usually not a problem because most people use the default self-signed certificates. However, would cause problems with custom certs.

  • Official support for Windows Server 2012

  • Additional information logged during start-up and daily maintenance:

    • Firebird database version

    • CN!Express® version

    • Operating system

    • Length of time connected to PaymentVault™ (if activated)

    • Length of time CN!Express® has been running (maintenance time only)

  • These are all designed to provide additional technical support feedback.

  • UTIDs now generated on success and failure. This allows even declined cards to be converted to UTID tokens

  • Improved Token (UTID) logging:

    • if connection to PaymentVault™ should fail, now automatically retries connection ever hour.

    • clarifies that the UTIDs being deleted are locally-cached UTIDs, not the UTIDs in the PaymentVault™ itself.

    • during maintenance displays how long the connection to PaymentVault™ has been active.

    • The audit log now distinguishes between UTID-LOOKUP (which is from local database) and UTID-RETRIEVE (which is from PaymentVault™ service).

    • All logged tokens are now sanitized to first and last six. This avoids having lists of valid token values around.

    • Sanitized UTID value is appended to end of Transaction log record.

  • Default from address on emails sent from CN!Express® are now, not CN!

  • /asi01/ping is new monitoring URL. Just do a standard GET to that URL and CN!Express® returns a normal 200 if it is up. Also returns the length of time (in seconds) CN!Express® has been up — as well as the length of time the current PaymentVault™ connection has been up (assuming PaymentVault™ is configured to be active) 09 April 2013


  • Correct parse error in console.


  • IMPORTANT: Prior versions of the Payfuse division allowed you to enter a client id or an alias in the Alias field in the configuration utility. Client IDs were always numeric, Aliases were always non-numeric. This needed to change because TSYS is now issuing numeric values for Alias. The TSYS recommendation is to remove support for Alias and just support the ClientID field. The current release converts the Alias field in to the ClientID field. After upgrading, open the CN!Express® configuration utility and make a minor change to a setting in order to force a save. Once the new save occurs the ClientID is accessible. Before upgrading, please check to see if you have an Alias or a Client ID declared in your configuration as you may need to change the data in the field. Failure to do so will cause transactions to fail to process.

  • Add AUD, CHF, and GBP Currency support.

  • Change Payfuse test URL to new Payfuse address.

  • Add ACH (Sale and Refund)

  • Add InventoryNumber and PO Number fields to all transactions.

  • Santize the password field in the return data from PayFuse. 22 March 2013

Chase Paymentech

  • Surfaced Singapore Dollar and Brazilian Real in Config. Already present in CN!Express® itself. 03 October 2012


  • Modified import of single-transaction batch files to remove race condition in regards to who has full access to the file.

  • Modified export of single-transaction files to export with a temporary extension and then rewrite the file to the proper export when done. This was how large files were exported, but not small files. With quicker systems comes more possibility of race condition.

  • CN!Express® Configuration utility allows you to encrypt specific passwords. Useful for configuring Remote PaymentVault™ installations.

  • Update Discover BIN range.

  • Support both base64 and non-base64 encoded File Encryption keys. Storage format changed from CN!Express® 4 to CN!Express® 5.

Chase Paymentech

  • Upgrade deposit transaction to PTI47 specification. Corrects issue where failed deposits were noted as successful. Specification PTI42 did not return a success/failure response code. StatusMsg needed to be interpreted (although specification had no guidance as to what was success/failure. PTI47 specification has explicit response code that we can now interpret.


  • Corrected problem when using UTIDs where card type was not properly decoded. 16 July 2012


  • Upgrade to OpenSSL DLLs.

  • On startup, log whether or not we’re running with a local or a remote database.

  • Interfaces now support UTF-8 (previously only ASCII was allowed). Since no payment processor currently supports non-ASCII interfaces, the UTF-8 is converted to ASCII.Any characters that cannot be converted from UTF-8 to ASCII are ignored. This change is for both batch files and web interface.SysLog configuration flag added. Useful only when configuring files for Linux.

Chase Paymentech

  • Support Orbital tokenization for auth, sale, and refund transactions — not just separate tokenization transaction.


  • Support Account Updater.

  • Support Gift Card Filters. 23 April 2012


  • Include Visual C runtime libraries in lib directory as well as main executable directory. Required for the OpenSSL dlls. 13 April 2012


  • Modify the way in which Visual C libraries are packaged into the final distribution.

Chase Paymentech

  • Correct problem where RESPTEXT not always returned. Problem was introduced by stateless changes. RESPTEXT can come from StatusMsg, RespMsg, or CustomerProfileMessage. CustomerProfileMessage (which is usually blank) was overwriting the other two. 06 April 2012


  • Modify the way in which Visual C libraries are packaged into the final distribution.

Chase Paymentech

  • Correct problem where RESPTEXT not always returned. Problem was introduced by stateless changes. RESPTEXT can come from StatusMsg, RespMsg, or CustomerProfileMessage. CustomerProfileMessage (which is usually blank) was overwriting the other two. 06 January 2012


  • Add explicit ‘started’ message during start-up.

  • Add explicit success when XML config file is re-read while CN!Express® is running.

  • Support FirstData Tokenization fields. – If error occurs during UTID migration to PaymentVault, include UTID in error message (but only if a single UTID was being migrated).

  • Skip UTID generation when no account is provided. Change was required because PayPal uses reference numbers and not accounts.

Chase Paymentech

  • Provide ability to disable primary Orbital URL. Useful during testing w/Chase Paymentech.

  • Corrected problem where CheckType was not sending correct indicator for Consumer vs. Commercial Checking account.

  • Corrected problem with Alternative Tax vield in Purchase Card Level III transactions for Chase Pa

  • Support for Orbital customer reference functionality.


  • Support gateway tokenization. 07 September 2011

Chase Paymentech

  • Include tokenization support 16 January 2011


  • Inclusion of new documentation.

  • Change URL encoding so only elements are encoded, not the separators. 12 January 2011


  • Better AKMP™ error messages. 10 January 2011


  • Initial version supporting Windows 7, Server 2008, and AKMP™ key manager.

4.0.14.a: 8 December 2010


  • Response code 27 was noted as Decline, should have been Success. 27 September 2010


  • Modify proxy to be tunneling proxy as per field feedback. 21 September 2010

See CN!Express® Addendum document for specifics.(available with Download)


  • UTID format changed. Last four characters are now the last four characters of the tokenized account number. UTID is now shorter (39 bytes vs. 52 bytes). Using base64 url-safe encoding of 160-bit sha1 hash plus additional information.

  • Support for HTTPS Proxy Servers.

  • UTID migration now occurs every 60 seconds instead of once a day during maintenance cycle.

  • UTIDs are always generated when requested whether call was successful or not and regardless of action code requested. This is now compatible with how Trevance®works.

  • CN!Express® now supports Instant Tokenization. 09 August 2010


During a recent security audit it was discovered that CN!Express® can store unencrypted account information imported using file mode. (The problem does not exist in the real-time web interface). This is now corrected. During our review, we also determined that account information returned via real-time processor responses was held for longer than necessary. This is now corrected as well. Auric recommends a timely upgrade to CN!Express® 4.0.12 or later. 28 June 2010

Only CN!Express® Config has changed in this release. Now at CN!Express® still at


  • Moved currency field from other to common category. Made it one of the default fields.

Chase Paymentech

  • Provide support for AED, CNY, and HKD currencies. 17 May 2010


  • Provide ability to set default XCLASS

Cardinal Commerce

  • Support 3D Secure participation call.

Chase Paymentech

  • ability to issue refunds using only Transaction IDs.

Merchant e-Solutions/TRANSCOM

  • Support multi currency and foreign exchange.

  • Support Bill Me Later 31 December 2009


  • Remove outdated MasterCard check for UK cards. Was incorrectly returning cards as UK-based when they were not. 29 December 2009


  • Updated installer documentation.

2009 8 December


  • Append on log rollover failure, don’t overwrite.

Chase Paymentech

  • Don’t send Orbital Level III unless detail records have been imported.


  • accept ‘&’ in division name. 1 October 2009


  • Found scenario in which unmasked account numbers could be exported. Corrected.

Chase Paymentech

  • Added Swiss Franc to Orbital/Salem.


  • Initial release of support for Litle&Co. (pending docs)


  • Corrected problem where shifting from not sending division id, to sending division id, caused look-up failure of Qualified Data. ‘Qualified Data’ is data maintained by CN!Express® that needs to be sent back to the processor. Typically evidenced by an error stating CN!Express® was unable to find the PROCDIV. Change allows transactions processed before the switch to be found. Problem may still occur if merchant had been sending an arbitrary PROCDIV or DIVISION for auth requests in the previous request that did not match the actual processor division id. 2 June 2009


  • Log start-up user and encryption user in logs.

  • Make user check case insensitive.

  • Improved checking in configuration utility when config file edited by different Windows user.

Chase Paymentech

  • Add support for Purchase Card Level III MasterCard and Visa transactions.

First Data

  • Official release of First Data Global Gateway support. 14 May 2009

First Data

  • Beta release support for First Data Global Gateway. 13 April 2009

Chase Paymentech

  • ‘&’ character was not escaped properly during xml logging.

  • Improved retries. Specific retry scenario would cause failure due to time element not being passed to function call.

  • Clip address fields to maximum size. Previously, address fields that were rejected.


  • Initial eBillme Standard and Express support.


  • Corrected AVS return failure due to case sensitivity issue. 16 January 2009


  • Always lookup AUTHAMT if not present.

  • Hold Qual Data even when using CNXTID transactions. (allows multiple capture on single auth using cnxtid field)

  • Importing large number of single-transactions files (more than 100) caused import error due to a full internal queue. Now properly deferring imports when real-time queue is full.

  • Hold Qual data for 60 vs. 30 days.

  • Provides additional support for merchants using cnxtid for settling transactions.

  • Recommend all existing sites change expiration from 31 to 60 in the CN!Express® Settings manager: Advanced Tab: Database Maintenance Service section. Discard Saved Authorization Information after 60 days. 2 December 2008


  • Support ability to import remotely-authorized transactions for both Chase Paymentech and TransFirst using same import template.

Chase Paymentech

  • Support for UK Domestic Maestro (Switch)

  • When generating order numbers (i.e., order numbers are not imported), they must be unique in the first 8 characters. Changed generation from being ORD-cnx0-T4303 to 4303-cnx0-ORDT. Only affects imports where order number is not presented in the import.

  • Add AUD (Australian Dollar) 11 November 2008


  • Implement ability to send refund with or without PROCORDR 23 October 2008


  • Transactions with blank CHKTYPE or ROUTENUM field were being rejected.

  • CRTDATE generated for exports. 07 October 2008


  • Backwards compatibility changes for CX-6000

  • Export AUTHAMT as amount requested for Authorization. Previously was blank (in expectation of future partial auth support).

  • Support XCLASS (Transaction Class) long-name values. Previously supported single-character input.

    • M: MOTO

    • E: E-Commerce

    • I: Installment

    • R: Recurring

  • Write CN!Express® version to configuration files. 19 September 2008


  • Remove SSL connection handshake logging. Was causing problems in multiprocessor machines. Future: Upgrade PyOpenSSL which addresses the problem.

  • Remove full dump of backup logs when running in debug mode.

  • Improved support for upgrading very old CN!Express® installations that had active batches loaded during update.

Chase Paymentech

  • Improved support for QuickResponse error messages from Orbital.


  • Correct problem with switching between test and production transactions. 12 September 2008


  • Usernames are case insensitive; however the code check to allow Administrative access was only working when the user logs-in with lowercase username.

  • Added support for legacy ICVerify-style transaction formats (Version 1).

  • Upgrading from CN!Express® (original release) with transactions still in database causes export problem.

  • Importing a blank PROCTID caused the QualData lookup to fail.

  • Currency filed in configuration utility was saved, but not read/displayed properly.

  • Documentation updated for Orbital and PayFuse regarding how to settle externally authorized transactions.

Chase Paymentech

  • PROCTID field is composed of two Orbital Fields separated by a period: TxRefNum.TxRefIdx. To better support external Web auths sent to CN!Express, allow PROCTID field without trailing .TxRefIdx to import with default TxRefIdx of 0.

  • Account field now required only for Authorization and Sales transactions. This allows transactions authorized against the Orbital Gateway from outside CN!Express® to be processed without remembering the account number.


  • PROCORDR field used for settling external auths. 21 July 2008


  • Set up logging functionality earlier in process so start-up errors are logged.Particularly, recent change in start-up process moved errors generated by service not running as proper user sufficiently forward that error was being logged before log was set up.

  • Improved timeout handling for both processor and DNS look-up timeouts.Export file now contains all necessary information.

  • Add CN!Express_Field_Reference.html to docs\FieldReference directory.


  • Implement Force (voice) deposit.


  • Initial release.

  • Credit Card methods of payment.


  • Initial release.

  • Gift Cards. 30 May 2008


  • Add support for Firebird database running on remote server. Default installation continues to include embedded Firebird relational database. 30 April 2008


  • CN!Express® settings manager would not start on certain processor/operating system combinations. Problem was related to a third-party IP Range control added in Replaced control with Microsoft-standard control. Only settings manager changed. Now Released as part of installer 28 March 2008

PABP-Specific Updates

  • Email options are now:

    • System Errors (when they occur)

    • Login Report (when someone logs in)

    • All Logs (daily accumulation of all logs emailed out)

  • CN!Express® configuration remembers last four passwords and does not allow them to be reused.

  • Support HTTPS on Web Console port.

  • Added console_users log which shows successful and unsuccessful logins to web console.

  • Added Administrative Lockout to web console for users with access to System Maintenance tab.

  • Web Console users may now be restricted from the controls to pause/restart CN!Express.

  • Standard web console users may only monitor activity.

  • Pause Server button removed from web console status page and moved to Server Maintenance (which may be disabled based on user rights).

  • Add secure delete process to uninstaller. Securely deletes data and configuration files.


  • In Trevance, the following fields have the format xx — Text Description, where xx is the result code (Response, AVS, etc.).




  • CN!Express® did not have the “xx — ” portion. “xx — ” added to field for proper compatibility between Trevance®and CN!Express® formats.

  • Text status is now created on export.

  • Blank card type import field caused CVV/CID value to not be sent. CN!Express® treated blank import field as invalid card-type. Correct behavior is to override blank imported field with proper card type.

  • Allowed Hosts configuration now allows an IP range to be set. Previously, addresses needed to be added individually.

  • Database maintenance settings now set whenever configuration changes. Previously only being set when CN!Express® started.

Chase Paymentech

  • Support for Tampa/PNS.

  • Gateway log now shows HTTPS headers sent and received.

  • Improved retry logic handling. Feburary 2008

  • First official release.

  • Numerous bug fixes, improvements, and PABP modifications since early pre-releases.

  • Recommend upgrade from all pre- versions.