# March 2026 Pre-Release Notes source: https://developer.mastercard.com/authentication-facilitator/documentation/pre-release-notes/march_2026_pre_release_notes/index.md ## Release Change Summary {#release-change-summary} The MDES March 2026 release will support Advanced Encryption Standard (AES) Galois/Counter Mode (GCM) cipher mode for enhanced security. It will be supported in addition to the existing Cipher Block Chaining (CBC) mode as part of the wrapped encrypt/decrypt supported Authentication Facilitator APIs. ##### Impacted APIs: {#impacted-apis} * Deliver Authentication Code ## Release Timeline {#release-timeline} * MTF - 25 February 2026 * Production - 25 March 2026 ### Impacted Market {#impacted-market} * Availability: Global ## Change 1 - Enhanced the EncryptedPayload object {#change-1---enhanced-the-encryptedpayload-object} Three new fields are added to the encrypted payload object. * algorithmCipherMode * tag * aad In addition, the existing parameter iv has been updated to support the field size changes required to support GCM encryption. | Field and Description | Data Type | Min Length | Max Length | Required | |-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------|------------|------------|--------------------------------------------------------------------------------------| | **algorithmCipherMode** The AES cipher mode used for the encrypted data. Must be one of the following value: CBC - When CBC cipher mode to be used GCM - When GCM cipher mode to be used | String | 3 | 3 | Conditional -- Required when algorithmCipherMode used is GCM. | | **tag** Tag to verify during data decryption. | String | 1 | 36 | Conditional -- Required when algorithmCipherMode used is GCM, not present otherwise. | | **aad** Additional authentication data used in GCM mode. Hex-encoded data (case-insensitive). | String | 1 | 36 | Conditional -- optional when algorithmCipherMode used is GCM, not present otherwise. | | **iv** Initialization vector used when encrypting data using the onetime use AES key. Must be exactly 12 bytes (24 character hex string) when using GCM and 16 bytes (32 character hex string) when using CBC to match the block size. Hex-encoded data (case-insensitive). | String | 24 | 32 | No | ### API Specification for Reference {#api-specification-for-reference} API Reference: `GET /deliverAuthenticationCode` ## Impact {#impact} ### Existing Customers {#existing-customers} By default, the CBC cipher mode will be used for requests and responses from Mastercard. Existing customers who wish to upgrade their implementation to support the GCM cipher mode must submit a CIS project. ### New Customers {#new-customers} New customers can either choose to support the GCM or CBC encryption mode to encrypt the payload. These customers will need to follow the configuration details before using this functionality. ### Personal data \& Privacy Note {#personal-data--privacy-note} Issuers are reminded that the information presented via the Authentication Facilitator API includes personal data which is subject to data privacy laws. Issuers must satisfy themselves that the processing of such personal data is compliant with applicable privacy laws.