Diff: FAQ #1073

What are the requirements under PCI DSS with respect to transmission of cardholder data via Bluetooth technology?

Earlier Version
2008-02-24T00:00:00+00:00

Later Version
2014-05-29T00:00:00+00:00

Removed

Added

~~The~~ PCI DSS ~~requirement~~Requirement 4.1 states ~~?use~~that strong cryptography and security protocols ~~such~~must asbe ~~SSL / TLS/ IPSEC~~used to safeguard sensitive cardholder data during transmission over open, public ~~networks.? While the PCI DSS does not specifically mention~~networks. Bluetooth technology is included in Requirement 4.1 as an example of an open, public network, itand iscardholder adata ~~technology~~sent ~~that~~over ~~can~~Bluetooth ~~present~~must ~~security~~therefore ~~risk~~be ~~if not implemented properly. Appropriate measures~~protected in ~~the~~accordance ~~implementation~~with ofthis the Bluetooth technology must be taken such as having the security features enabled and using long PIN codes or pairing the devices only in private. PCI SSC recommends that you consult a Qualified Security Assessor for proper implementation of the Bluetooth technology. Our list of Qualified Security Assessors can be found at: https://www.pcisecuritystandards.org/resources/qualified_security_assessors.htm Please note:requirement. If a ~~vendor~~Bluetooth implementation is ~~providing~~unable anto ~~application~~meet ~~that~~strong iscryptography,
compensating ~~facilitating~~controls ~~the~~will ~~transmission~~need ofto ~~the~~be implemented to prevent unauthorized access to Bluetooth transmissions to capture cardholder ~~transaction using Bluetooth technology, that vendor is responsible for meeting the PCI DSS requirements, not the consumer.~~data.

Disclaimer: This FAQ has been processed for display on this website and may contain errors. Please check the original FAQ on the PCI SSC website for the authoritative version.