Skip to main content
Skip table of contents

Upgrade Notes Week 7

Encryption algorithm update for card data security

Who is affected

All users retrieving encrypted cardholder data through the /cardholder-data and /pin-code API calls.

What will be changed

A new optional query parameter, mgf1, will be introduced to define the padding algorithm for encrypting sensitive card data. The default encryption padding will be sha-256, with sha-1 available as an alternative option. If this parameter is not passed in the request, the default padding will be applied. Currently, sha-1 is used by default, but it will transition to sha-256 in future updates to enhance security.

Expected release

18 FEB 2025

Instructions

If your system relies on retrieving encrypted card data, ensure compatibility with sha-256 encryption before the transition. If needed, explicitly specify sha-1 using the mgf1 query parameter to maintain existing behavior. Review your encryption handling mechanisms to ensure seamless integration with the upcoming changes.

Consequences

Once the transition is complete, sha-256 will become the default encryption type for card data, replacing sha-1. If your system does not explicitly define a padding algorithm, it will automatically switch to sha-256. Users who require sha-1 should update their API requests to specify this encryption type explicitly to prevent potential disruptions.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close