Frequently Asked Questions

< Back to search page

What are the PCI DSS requirements regarding transmission of cardholder data via Bluetooth technology?

FAQ Response

PCI DSS Requirement 4.1 states that strong cryptography and security protocols must be used to safeguard sensitive cardholder data during transmission over open, public networks. Bluetooth technology is included in Requirement 4.1 as an example of an open, public network, and cardholder data sent over Bluetooth must therefore be protected in accordance with this requirement. If a Bluetooth implementation is unable to meet strong cryptography,
compensating controls will need to be implemented to prevent unauthorized access to Bluetooth transmissions to capture cardholder data. 

May 2014
Article Number 1073