Copyright © 2009-2017 Auric Systems International. All rights reserved.

Contact with any questions regarding this software.

Auric’s current service offerings are available at


The Trevance® payment application is sunset. Please see the sunset FAQ.

Version 24 Oct 2016


  • Add support for new MasterCard BIN ranges (October 2016).

  • Removed field reference from Trevance®Console.

  • Restrict the UTIDMigrateBlockSize parameter to between 5 and 300.

  • Add SMTP Connection and Read timeout of 20 seconds.

  • Tested on Windows Server 2008R2, 2012R2, and 2016.

Chase Paymentech

  • RQCRDINF in real-time Sale incorrect generated PCTI02 record on Deposit.

Version: 02 Apr 2016


IMPORTANT: Custom Deployment

If ACCOUNT field was too long, the full account number could be displayed in responses and/or logs. This is corrected.

Chase Paymentech

  • Add verbose output to SFTP download to help client debug connectivity.

  • Delete files after download vs. rename.

  • Daily logs were conflicting with .MAU files generated on server. This caused the renames to fail, which triggered the overall download process to fail.

Version 24 March 2014

  • 2013 PCI PADSS Validation

  • Modify embedded HTTPS to remove SSLv2 and lower

  • Upgrade database to Firebird 2.1.5

  • Upgrade client-side components to IBO v5

  • Increase encryption key cache

  • Improved UTID (token)Caching

  • Improve handling of UTIDs with blank data

  • Update Discover BIN range

Chase Paymentech

  • Support new Visa CR/CZ methods of payment.

Version 14 December 2012


  • Upgraded to latest OpenSSL DLLs: 0.9.8x

Version 29 October 2012


  • Upgraded the backup and repair tools in ./repair directory.

  • Upgrade core framework (ASTA).

Version 26 September 2012


  • Generated tokens (UTID) values are now sent to the PaymentVault™ almost immediately after generation. Prior releases would send periodic batches of tokens. This modification allows tokenization to be supported in a load-balanced environment.

  • Correct error in real-time UTID deletion where UTIDs were not being deleted (batch-based deletes operated properly).

  • HTTP 404 errors no longer return requested URL. This removes potential XSS issue and allows for cleaner PCI security scans.

  • Restored Management Console link removed in previous installer.

  • Provide ability to downgrade to smaller version based on serial number.

Version 11 July 2012


  • Option to use Legacy Encryption when upgrading Trevance. Provides a smoother upgrade path in environments running multiple Trevances. Selecting legacy encryption also sets legacy UTID format.

  • If Trevance®is waiting for a batch file for more than 60 minutes, it writes a log entry and sends an email.

  • Address issue with overflow of tick counter. Was benign, but this reduces some log chatter.

  • HTTPS setup was modified to reflect necessary DLLS and sample certificates being distributed.

  • Supports ‘tokenize only’ batches. Requires specially-formatted and named batch files.

  • Trevance®now returns a UTID even if the account number is rejected locally (for example, cannot pass LUHN-10).

  • Support for Check UTID action which checks if a particular UTID/token exists.

  • Support for Delete UTID action to explicitly delete a UTID/token.

Chase Paymentech

  • Support for Card Type Indicator (debit, gift, credit, etc.).

First Data Compass

  • Do not transmit the AVS Response field on Deposits.

24 April 2012 Version


  • Support for Windows Server 2008 RC1, SP2.

  • Extended internal ASI02 interface for custom embedding environments.

  • Improved handling of HTTPS sessions when pausing and resuming.

  • Correct Console problem when importing batch encryption key when original key encrypting that data is no longer available.

  • Correct problem where undefined division without explicit currency may send blank currency to payment processor.

  • Generate log error whenever batch waits for more than one (1) hour for download.

Chase Paymentech

  • Support for Extended Fraud fields.

  • Support for real-time encrypted socket via VPN/dedicated line.

  • Upgrade batch connections via VPN/dedicated line to be password-based S-FTP. Before upgrading, you must coordinate with Chase Paymentech in order to configure your account to support S-FTP batch transfers via VPN/dedicated line.

  • Support Debit Card Sales and Refunds in CN-4250.

  • Support CustomerMessage field for PINless debit. Acceptable via real-time and batch.

  • Additional reporting when real-time socket fails over.

  • Do not remove qual data on Debit reversal request (since merchant may want to resend reversal).

  • Reduce real-time timeouts to Chase Payment to 23 seconds, as per current Chase Paymentech advise.


  • Conversion from First National Merchant Solutions → TSYS.

  • Support for S-FTP to TSYS.

  • Do not delete S-FTP file after download.

Version 7 December 2011


  • PCI 2.0 Compliant Key Management

  • Window Server 2008 R2 support

  • Versions and greater require installation of n-key.

Version 27 December 2010


  • Modified priority for batch thread during long operations.

  • Modify watch dog timer to know a long operation is occurring and should not be shut down early.

  • Aligned queue and thread pool sizes (reduced thread pool size).

  • Fixed mutex detection for Vista and newer.

  • Identify a database deadlock situation when closing large batches with high-volume active online captures occurring. Changed the end of day queries to use a read committed rather than snapshot isolation level.

  • Handle missing dfr_rules file.

  • Improve deadlock handling when very large real-time to batch file conversions occurs (over 300,000 transactions).

  • Correct UTID base64 validation issue that occurred in test mode.

  • Timed batch and encrypted DFR in progress.

  • Properly generate UTID in batch mode.

  • PCI: ACCT was returned in some instance where UTID was being returned. ACCT and UTID should never be returned together.

  • Sanitize account expiration dates.

Chase Paymentech

  • In batch mode, now sends default currency vs. 840 when importing blank currency field.

  • Fraud support

  • Extend log sanitization to include FTP password.

  • Added ability to check for data reports multiple times per day. New config setting allows for hourly checks

  • PCI: DFRs are now categorized as sensitive and insensitive and downloaded to different directories. Sensitive DFRs are encrypted if encryption key is set


  • Correct problem where real-time crash occurs when URL is not set.

Version 11 November 2010


  • Corrected validation problem with new UTID format validation.


  • Corrected crash problem when real-time URL was not set.

Version 28 October 2010


  • Change to new UTID format.

  • Watch dog timer thread now monitors the main thread (batch imports, exports, uploads, downloads, and maintenance). If it should hang, automatically restarts.

  • When constant batches are run the Console does not time out. This is now corrected. This is not being issued as a security alert since it is only in test modes such things would happen. None of the payment processors allow highly-repetitious batch submission.

Chase Paymentech

  • Gift Cards

  • Correct FTP issue where errors would not time out. Could cause transfers to hang.

First Data

  • Add support for Secure Transport (DataWire) communications.

First National Merchant Solutions

  • Correct FTP issue where errors would not time out. Could cause transfers to hang.

Version 11 May 2010


  • Corrected problem with starting up under domain controller in some situations. Problem caused because name check could be returned in four different formats and Trevance®was not handling all formats.

Version 12 November 2009

First Data

  • Initial support for Compass platform.

Version 29 September 2009


  • Initial Release of TransFirst support.

Version 19 June 2009


  • Ability to generate UTID without any payment processor interaction. Just send action code of U and account field — all other import fields are ignored. Just export the UTID field. U transaction works only via real-time interface.

  • PaymentVault™ server configuration information was not being updated after pause/resume.

  • When UTID is requested, but Account field is blank or missing, UTID is not generated.

Version 5 June 2009


  • Failover support for PaymentVault.

  • On startup, log user we are running as and user who ran initial encryption.

Chase Paymentech

  • Support Account Check (otherwise known as $0.00 auth for MasterCard and Visa).