PCI Watch

Yes. PCI DSS requirements apply wherever payment card account data is stored, processed, or transmitted. For example, PCI DSS Requirement 4 states that strong cryptography and security protocols must be used to safeguard sensitive cardholder data during transmission over open, public networks. Bluetooth technology is included in Requirement 4 guidance as an example of an open, public network, and cardholder data sent over Bluetooth must therefore be protected in accordance with this requirement. If a Bluetooth implementation is unable to meet strong cryptography, compensating controls will need to be implemented to prevent unauthorized access to Bluetooth transmissions to capture cardholder data. Note: The specific sub requirement number(s) and terminology may vary depending on the version of the standard being used.