PCI DSS Requirement 4.1 states that strong cryptography and security protocols must be used to safeguard sensitive cardholder data during transmission over open, public networks. Bluetooth technology is included in Requirement 4.1 as an example of an open, public network, and cardholder data sent over Bluetooth must therefore be protected in accordance with this requirement. If a Bluetooth implementation is unable to meet strong cryptography,
compensating controls will need to be implemented to prevent unauthorized access to Bluetooth transmissions to capture cardholder data.
Article Number 1073