# Announcements
source: https://developer.mastercard.com/business-payment-controls/documentation/announcements/index.md

## October 2025 {#october-2025}

### Enabled publication of BPC CDF data to the Global Data Repository (GDR) {#enabled-publication-of-bpc-cdf-data-to-the-global-data-repository-gdr}

Custom Data Fields (CDFs) for BPC cards will now be published to the Mastercard Commercial Solutions Global Data Repository (GDR). For details on how to associate CDFs with a BPC card, see [Set up Custom Data Fields](https://developer.mastercard.com/business-payment-controls/documentation/use-cases/04-custom-data-fields/index.md).  

For information on how to integrate with GDR, see [Common Data Format (CDF) Implementation](https://trc-techresource.mastercard.com/r/bundle/m_cdf_implement_en-us/page/d/en-US/tgn1745421404196.html) on Mastercard's [Technical Resource Center](https://trc-techresource.mastercard.com/).

## September 2025 {#september-2025}

### Enhanced authorization and clearing reports to include fields for tokenized VCNs {#enhanced-authorization-and-clearing-reports-to-include-fields-for-tokenized-vcns}

Authorization and clearing reports will now by default include values for BPC Virtual Cards, where the VCN has been tokenized.  

For more information, see the `tokenFields` object in the response to both Authorization and Clearing reports within the [API reference](https://developer.mastercard.com/business-payment-controls/documentation/api-reference/index.md).

## August 2025 {#august-2025}

### Added Postman Collection. {#added-postman-collection}

Added [Postman Collection](https://developer.mastercard.com/business-payment-controls/documentation/postman-collection/index.md) for easy API exploration.

## July 2025 {#july-2025}

### Enabled Entity APIs to support Company Number {#enabled-entity-apis-to-support-company-number}

## June 2025 {#june-2025}

### Removed restriction on updating a validity period {#removed-restriction-on-updating-a-validity-period}

Customers can now update spend controls sets without having to ensure that a validity period start date is not in the past.

## May 2025 {#may-2025}

### Clearing Notifications now available for BPC cards {#clearing-notifications-now-available-for-bpc-cards}

Clearing notifications for BPC cards are now available through [Commercial Event Notifications](https://developer.mastercard.com/commercial-event-notifications/documentation).

## February 2025 {#february-2025}

### 1. Enable Idempotency for all Business Controls endpoints {#1-enable-idempotency-for-all-business-controls-endpoints}

Idempotency is available for all Business Controls endpoints. Use of idempotency is optional, depending on your use case and requirements.  

For further details, refer to the [Idempotency](https://developer.mastercard.com/business-payment-controls/documentation/tutorial-guides/index.md#idempotency) guide.

### 2. Enable Merchant Amount Control {#2-enable--merchant-amount-control}

[Merchant Amount Control](https://developer.mastercard.com/business-payment-controls/documentation/use-cases/spend-controls/incontrol-spend-controls/index.md#merchantamount-control) allows you to limit authorizations for particular currencies at the value set.

## January 2025 {#january-2025}

### 1. Full Payload Encryption for all sensitive data processed by Business Payment Controls is now available {#1-full-payload-encryption-for-all-sensitive-data-processed-by-business-payment-controls-is-now-available}

Encryption of sensitive data is now supported across all endpoints. Usage of encryption is optional, depending on your use case and requirements. Do not set up encryption keys for your project if you do not wish to use payload encryption.  

For more information, refer to the [Payload Encryption](https://developer.mastercard.com/business-payment-controls/documentation/tutorial-guides/index.md#payload-encryption) guide.

### 2. Enable Idempotency for all non-reporting Business Controls endpoints {#2-enable-idempotency-for-all-non-reporting-business-controls-endpoints}

Idempotency is available for all non-reporting endpoints. Use of idempotency is optional, depending on your use case and requirements.  

For further details, refer to the [Idempotency](https://developer.mastercard.com/business-payment-controls/documentation/tutorial-guides/index.md#idempotency) guide.

## November 2024 {#november-2024}

### Enable testing of encryption for sensitive data processed by Business Payment Controls {#enable-testing-of-encryption-for-sensitive-data-processed-by-business-payment-controls}

The Business Payment Controls sandbox environment supports testing of encrypted payloads for certain endpoints.  

For more information, refer to the [Payload Encryption](https://developer.mastercard.com/business-payment-controls/documentation/tutorial-guides/index.md#guides) guide.

## October 2024 {#october-2024}

### Enhance automated management of Real Card details {#enhance-automated-management-of-real-card-details}

Changes to the Real Card (RCN) made by the issuer will be updated automatically in Business Payment Controls through Mastercard's Automatic Billing Updater (ABU) feed.

## September 2024 {#september-2024}

### Enable customers to retrieve entity hierarchy information {#enable-customers-to-retrieve-entity-hierarchy-information}

Enable customers to view the details associated with their organization identifier (`entityGUID`) and the identifier of their descendants, so that cards can be registered at the correct level.

## August 2024 {#august-2024}

### Enable return of currency code details {#enable-return-of-currency-code-details}

A numerical `currencyCode` will be returned for all controls when the `currencyType` selected is `BASE`.

## June 2024 {#june-2024}

### Enable notifications of payment authorization events {#enable-notifications-of-payment-authorization-events}

Enable near real-time notifications for authorization events for Business Payment Controls issued virtual cards (VCNs).  

For more details about subscribing to payments notifications, refer to the [Manage Payment Notifications](https://developer.mastercard.com/business-payment-controls/documentation/use-cases/03-reports/index.md#manage-payment-notifications).

## May 2024 {#may-2024}

### 1. Values removed from the valid values for inControl rule actions {#1-values-removed-from-the-valid-values-for-incontrol-rule-actions}

The values `WARN`, `PROMOTIONAL_RULE`, and `FORCE_APPROVE` are removed from the valid values for rule actions in [InControlRule Spend Controls](https://developer.mastercard.com/business-payment-controls/documentation/use-cases/spend-controls/incontrol-spend-controls/index.md).

### 2. Reference app migrated from Maven to Gradle {#2-reference-app-migrated-from-maven-to-gradle}

The reference app now supports Gradle in place of Maven for build tasks, see [Reference application](https://developer.mastercard.com/business-payment-controls/documentation/reference-app/index.md) and [Configure an API Client](https://developer.mastercard.com/business-payment-controls/documentation/tutorial/tutorial-2/index.md).

## March 2024 {#march-2024}

### 1. Support for manual provisioning for BPC issued cards {#1-support-for-manual-provisioning-for-bpc-issued-cards}

A new endpoint is introduced that allows users to manually provision a virtual card into a digital wallet.

### 2. New currency field in API responses {#2-new-currency-field-in-api-responses}

In addition to the existing billing currency fields, a new currency code field `billingCurrencyAlphabetic` is introduced for real cards in the API responses.

## January 2024 {#january-2024}

### 1. Migrating from Mastercard In Control API (Retail API) {#1-migrating-from-mastercard-in-control-api-retail-api}

New endpoints allow users to migrate their existing cards from Retail API to Business Payment Controls.

### 2. Updated swagger file and reference application {#2-updated-swagger-file-and-reference-application}

Updated validation for start date in `validityPeriods` control. The swagger specification of the Business Payment Controls API is [here](https://developer.mastercard.com/business-payment-controls/documentation/api-reference/index.md). The updated Business Payment Controls Reference application is [here](https://developer.mastercard.com/business-payment-controls/documentation/reference-app/index.md#build-the-reference-application).

## November 2023 {#november-2023}

### 1. Updated swagger file and reference application {#1-updated-swagger-file-and-reference-application}

The swagger specification of the Business Payment Controls API is [here](https://developer.mastercard.com/business-payment-controls/documentation/api-reference/index.md). The updated Business Payment Controls Reference application is [here](https://developer.mastercard.com/business-payment-controls/documentation/reference-app/index.md#build-the-reference-application).

### 2. Support for custom data fields (CDF) {#2-support-for-custom-data-fields-cdf}

New endpoints allow users to associate additional custom data along with their real card number (RCN) or virtual card number (VCN).

## September 2023 {#september-2023}

### 1. Updated swagger file and reference application {#1-updated-swagger-file-and-reference-application-1}

The swagger specification of the Business Payment Controls API is [here](https://developer.mastercard.com/business-payment-controls/documentation/api-reference/index.md). The updated Business Payment Controls Reference application is [here](https://developer.mastercard.com/business-payment-controls/documentation/reference-app/index.md#build-the-reference-application).

### 2. Updated clearing summary report {#2-updated-clearing-summary-report}

The summary clearing report has been updated. `currencyCode` and `currencyCodeAlphabetic` have been moved to the `virtualPaymentCard` object.

### 3. Account Service `README.md` file improvements {#3-account-service-readmemd-file-improvements}

The reference application `README.md` file has been updated.

## August 2023 {#august-2023}

### Updated reference application {#updated-reference-application}

The updated Business Payment Controls Reference application is [here](https://developer.mastercard.com/business-payment-controls/documentation/reference-app/index.md#build-the-reference-application).

## June 2023 {#june-2023}

### 1. Updated swagger file and reference application {#1-updated-swagger-file-and-reference-application-2}

The swagger specification of the Business Payment Controls API is [here](https://developer.mastercard.com/business-payment-controls/documentation/api-reference/index.md). The updated Business Payment Controls Reference application is [here](https://developer.mastercard.com/business-payment-controls/documentation/reference-app/index.md#build-the-reference-application).

### 2. Block and unblock funding sources or virtual cards {#2-block-and-unblock-funding-sources-or-virtual-cards}

Business Payment Controls now has a `BLOCKED` status for virtual cards or funding sources. The `BLOCKED` status allows users to block a card while they decide on any further action. This can be used where a card is reported as lost or stolen.

#### Block or unblock a funding source {#block-or-unblock-a-funding-source}

The use case for how to block and unblock a funding source is [here](https://developer.mastercard.com/business-payment-controls/documentation/use-cases/01-real-cards/index.md#block-or-unblock-a-funding-source).


API Reference: `PUT /funding-sources/{funding_source_guid}/status`

<br />

#### Block or unblock a virtual card {#block-or-unblock-a-virtual-card}

The use case for how to block and unblock a virtual card is [here](https://developer.mastercard.com/business-payment-controls/documentation/use-cases/02-virtual-cards/index.md#block-or-unblock-a-virtual-card).


API Reference: `PUT /virtual-card-accounts/{account_guid}/status`

<br />

### 3. New parameters for Authorization Reports {#3-new-parameters-for-authorization-reports}

[Authorization reports](https://developer.mastercard.com/business-payment-controls/documentation/use-cases/03-reports/index.md#reconcile-payments) can be generated for virtual cards with `ACTIVE`, `BLOCKED`, or `DELETED` status.


API Reference: `GET /authorization-reports/{guid}/data`

<br />

### 4. Updated date format for card expiry {#4-updated-date-format-for-card-expiry}

Updated card expiry date format in reports from `yy-mm` to `yyyy-MM`.

### 5. Updated spend controls {#5-updated-spend-controls}

There are updates to both accountControl and InControl spend control rules.

#### Negation added to AccountControl spend controls {#negation-added-to-accountcontrol-spend-controls}

Users can negate values to exclude specific MCCs or countries.
Negation is added to these accountControl Spend Controls:

1. [merchantCategories](https://developer.mastercard.com/business-payment-controls/documentation/use-cases/spend-controls/accountcontrol-spend-controls/index.md#card-acceptor-business-code-mcc-control) - Card Acceptor Business Codes (MCCs).
2. [countryCodes](https://developer.mastercard.com/business-payment-controls/documentation/use-cases/spend-controls/accountcontrol-spend-controls/index.md#countrycodes-elements) - Country where the transaction takes place.

#### Additional controls supported for InControlRules {#additional-controls-supported-for-incontrolrules}

Additional controls have been enabled for InControl rules for real and virtual cards.
The following controls have been enabled:

1. [MerchantNameControl](https://developer.mastercard.com/business-payment-controls/documentation/use-cases/spend-controls/incontrol-spend-controls/index.md#merchantname-control) - Merchant name control.
2. [TransactionEnvironmentControl](https://developer.mastercard.com/business-payment-controls/documentation/use-cases/spend-controls/incontrol-spend-controls/index.md#transactionenvironment-control) - Transaction environment control.
3. [DataElementControl](https://developer.mastercard.com/business-payment-controls/documentation/use-cases/spend-controls/incontrol-spend-controls/index.md#dataelement-control) - Data entry mode control.