# Release Notes May 2026
source: https://developer.mastercard.com/payment-account-management/documentation/release-history/pre-release-notes-may2026/index.md

## Release Change Summary {#release-change-summary}

The May release will introduce the Advanced Encryption Standard (AES) Galois/Counter Mode (GCM) cipher mode for enhanced security. It will be supported in addition to the existing Cipher Block Chaining (CBC) mode as part of the wrapped encrypt/decrypt supported for Payment Account Management APIs.

## Release Timeline {#release-timeline}

* MTF - 13 May 2026
* Production - 31 May 2026

## Change 1 - Support GCM Encryption {#change-1---support-gcm-encryption}

Three new fields will be added to the encrypted payload object to indicate if GCM will be used for encryption in the incoming requests to Mastercard. In addition, the existing parameter `iv` will be updated to support the field size changes required to support the GCM encryption.

|                                                                                                                 Field and Description                                                                                                                 | Data Type | Min Length | Max Length |                                           Required                                           |
|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------|------------|------------|----------------------------------------------------------------------------------------------|
| **algorithmCipherMode** The AES cipher mode used for the encrypted data. Must be one of the following value: * CBC - When CBC cipher mode to be used * GCM - When GCM cipher mode to be used                                                          | String    | 3          | 3          | Conditional - Required when algorithmCipherMode used is GCM.                                 |
| **tag** Tag to verify during data decryption.                                                                                                                                                                                                         | String    | 1          | 36         | Conditional - Required when algorithmCipherMode used is GCM, not present otherwise.          |
| **aad** Additional authentication data used in GCM mode. Hex-encoded data (case-insensitive).                                                                                                                                                         | String    | 1          | 36         | Conditional. Optional when algorithmCipherMode used is GCM, not present otherwise.           |
| **iv** Initialization vector used when encrypting data using the onetime use AES key. Hex-encoded data (case-insensitive). Must be exactly: * 12 bytes (24 character hex string) when using GCM * 16 bytes (32 character hex string) when using CBC . | String    | 24         | 32         | Conditional - Required when the EncryptedAccountInformation.EncryptedData object is present. |


API Specification: `https://static.developer.mastercard.com/content/payment-account-management/swagger/pam-1.5.0.yaml`

## Impact {#impact}

### Existing Customers {#existing-customers}

By default, the CBC cipher mode will be used for requests and responses from Mastercard. If an existing customer uses GCM to encrypt the payload sent to Mastercard, their implementations must be updated to receive the GCM-encrypted payload response from Mastercard.

### New Customers {#new-customers}

New customers can choose to support either the GCM or CBC encryption mode to encrypt the payload. Refer to the API specification for full details.