PCI Watch

Tracking changes across the Payment Card Industry
ℹ️
Reference Content: This is archived content from PCI Security Standards Council bulletins, preserved for tracking changes over time.
View Original →

PCI Security Standards Council Bulletin: Announcement of Sunset Periods for the PCI SPoC and PCI CPoC Standards

PDF














PCI Security Standards Council Bulletin: Announcement of Sunset Periods for the PCI SPoC
and PCI CPoC Standards


01 May 2026
The PCI Security Standards Council (PCI SSC) is announcing the initiation of formal sunset periods for
both the PCI Software-based PIN Entry on COTS (SPoC) and the PCI Contactless Payments on COTS
(CPoC) Standards.
Background
The PCI SPoC and PCI CPoC Standards were introduced to support secure payment acceptance on
Commercial Off-the-Shelf (COTS) devices, enabling innovation in mobile and software-based payment
acceptance solutions.
As the PCI standards portfolio continues to evolve, including the continued expansion and maturity of the
PCI Mobile Payments on COTS (MPoC) Standard, PCI SSC has determined that both PCI SPoC and PCI
CPoC will now enter formal sunset phase.
Sunset Period Timeline
• Effective Date of Sunset Period: May 01, 2026
• Sunset Period Ends: October 31, 2026
During the sunset period:
• New PCI SPoC and PCI CPoC submissions will continue to be accepted by PCI SSC.
• Existing submission processes and program requirements will remain unchanged.
At the conclusion of the sunset period:
• No new PCI SPoC or PCI CPoC submissions will be accepted by PCI SSC.
Existing Listings
All existing PCI SPoC and PCI CPoC listings will:
• Remain valid through their normal listing lifecycle.
• Expire in accordance with their existing reevaluation or expiration dates.
• Continue to be eligible for Annual Checkpoints and applicable change submissions during their
active listing period.
• Continue to be subject to applicable program maintenance requirements throughout their validity
period.


In summary, there is no change to the lifecycle treatment of currently accepted and listed PCI SPoC and
PCI CPoC solutions.
Additional Considerations:
• Organizations currently pursuing or considering PCI SPoC or PCI CPoC evaluations are
encouraged to plan accordingly within the announced sunset timeline.
• Organizations should also evaluate future product development strategies in alignment with
applicable PCI SSC standards, including PCI MPoC where appropriate.

For questions regarding this bulletin, please contact the PCI MPoC Program Manager at
mpoc@pcisecuritystandards.org.


###