PCI MPoC and SoftPOS: what banks should verify before launch
A practical launch checklist for banks and acquirers evaluating PCI MPoC-certified SoftPOS and Tap to Phone programs.
January 15, 2026
SoftPOS is no longer an experiment for acquirers. The risk discussion has moved from whether Tap to Phone can work to whether the operating model is certifiable, observable, and supportable at merchant scale.
Before launch, banks should verify the PCI MPoC scope, attestation ownership, device eligibility policy, PIN handling model, transaction monitoring, and incident workflow. The strongest programs treat certification as an operating system, not a PDF attached at procurement.
Firisbe SoftPOS is built for that operating model: white-label merchant activation, operator dashboards, scheme support, and annual audit support sit around the transaction flow so product, risk, and compliance teams work from the same source of truth.