PayConexDecryptxShieldConexTECS Platform
Release Notes
Request SandboxContact Us
Back to All

PayConex – 09.03.2025

11 days ago by Ryan Cox

In this release, we’ve introduced a series of updates and enhancements across the PayConex platform, including improvements to 3D Secure authentication flows, developer experience enhancements, infrastructure optimizations, and security & compliance updates. These changes aim to improve platform reliability, user experience, and compliance with industry standards. Below is a summary of the key changes included in this release.

Updates and Enhancements

3D Secure

Email Address Handling

Enhanced 3D Secure flows will properly handle customer email addresses. The 3DS SDK now supports required email fields, and the browser-based 3DS authentication service validates that an email address is present before proceeding.

eToken Shipping Email

Fixed an issue in the eToken iFrame integration where the shipping email provided during initialization was not being used. The 3DS process will now correctly utilize the provided shipping email address for authentication flows.

API Key Scopes in UI

The API Key Management UI now exposes 3D Secure scopes alongside other permissions. This gives administrator users the ability to add (and visibility of) which API keys have 3D Secure capabilities enabled.

3DS AMEX Setting

Resolved an issue where 3DS American Express configuration properties were required in processor settings regardless of relevance. This would inadvertently trigger a 3D Secure error. The processor settings now work correctly without causing false 3DS errors when Amex is turned off.

Access Control Server Timeout Handling

Fixed a bug in the 3DS SDK where an ACS (Access Control Server) timeout would prevent the browser authentication from continuing. The 3DS workflow now properly handles ACS timeouts and continues the auth process as expected.

PayConex QSAPI

Strict EBT Validation

QSAPI now strictly validates EBT transactions: if an EBT transaction is missing the required PIN, KSN, or card track data (or if a card number is mistakenly included), QSAPI will reject the request with a clear error message.

Reversal Amount Safeguards

QSAPI’s reversal logic has been adjusted to reject reversal attempts that exceed the original authorization amount (e.g., a $10 reversal on a $1 authorization) instead of relying on the processor to handle such cases.

PayConex UI

RapidConnect / RapidConnect-North – Phone & Website

In the RapidConnect and RapidConnect-North processor settings, the Phone Number and Website URL fields are now always visible and required for all merchants, regardless of industry type, ensuring transactions don’t get rejected for missing data.

Added Gratuity Field to Custom Reports

Added Gratuity as a reportable field in PayConex reports, improving visibility into tip amounts in relevant transaction reports.

Updated Password Policy

PayConex has been updated to enforce updated PCI password policy requirements—users are prompted to set stronger passwords that meet updated complexity requirements and other compliance criteria.

eToken iFrame Account Change Notifications

Whenever the eToken setting on a PayConex account is enabled or disabled, the system now sends a notification email to the account’s contact.

Login Disabled on Deactivated Accounts

If a PayConex merchant account is deactivated, all associated user logins are automatically disabled to prevent unauthorized access; access is restored upon reactivation.

Account Updater

Tokenization Workflow Update

The PayConex tokenization workflow for CardSync has been updated to avoid transaction downgrades by using a special $0 clone transaction when updating tokens, preserving full authorization details.

Faster Schedule Deletion

Improved the performance of deleting CardSync schedules—deletions that previously took over five minutes now complete quickly.

Bug Fixes and Enhancements

ACH/Antifraud Trace IDs

Internal ACH and anti-fraud logs now include the request_id and correlation_id fields for better traceability.

Webhook 2xx Classification

A misclassification in the webhook logs has been corrected—successful 2xx responses will no longer be logged as failures.

Settlement – FIS Batch Processing

Improved FIS settlements by correcting the usage of CDATA in batch files and enhancing failure reporting and observability to better monitor settlement outcomes.

Settlement – PTS File Generation

Fixed the PTS settlement file generation to include a valid Submission ID and correct amount rounding, ensuring files meet processor specifications.

Account Updater – 500 on Bad Subscription ID

Fixed an error when attempting to create a subscription with a non-existent ID, which previously caused a 500 response; it now returns a proper client error.

Account Updater – Preserve Token Zero-Padding

Ensured that token IDs retain any leading zeroes after the CardSync account-updater runs, maintaining consistency in token formats.

Dynamic Descriptors – Company Name Length

Corrected the handling of dynamic descriptors to prevent transactions from failing if a provided company name exceeds the allowed length for the descriptor address field.

Batch Reports – AVS/CVV Declines

Fixed a reporting issue where transactions declined due to AVS/CVV mismatches were causing incorrect entries in card batch reports. These decline transactions are now recorded properly so that batch reports remain accurate.

Risk Controls – IP Blocking Respects IP Source

Resolved an issue with the Block IP feature: it now respects the account’s configured IP source setting when the block is triggered from the transactions detail page.