PCI Watch

Tracking changes across the Payment Card Industry
ℹ️
Reference Content: This is a copy of content from the PCI Security Standards Council FAQ database, preserved for tracking changes over time.
View Original →
FAQ #1073 Published

What are the PCI DSS requirements regarding transmission of cardholder data via Bluetooth technology?

PCI DSS Requirement 4.1 states that strong cryptography and security protocols must be used to safeguard sensitive cardholder data during transmission over open, public networks. Bluetooth technology is included in Requirement 4.1 as an example of an open, public network, and cardholder data sent over Bluetooth must therefore be protected in accordance with this requirement. If a Bluetooth implementation is unable to meet strong cryptography,
compensating controls will need to be implemented to prevent unauthorized access to Bluetooth transmissions to capture cardholder data.

View original on PCI SSC website View all versions Back to recent changes

Disclaimer: This FAQ has been processed for display on this website and may contain errors. Please check the original FAQ on the PCI SSC website for the authoritative version.