Frequently Asked Question

Do PCI DSS Requirements apply to Bluetooth technology?

Yes. PCI DSS requirements apply wherever payment card account data is stored, processed, or transmitted. For example, PCI DSS Requirement 4 states that strong cryptography and security protocols must be used to safeguard sensitive cardholder data during transmission over open, public networks. Bluetooth technology is included in Requirement 4 guidance as an example of an open, public network, and cardholder data sent over Bluetooth must therefore be protected in accordance with this requirement. If a Bluetooth implementation is unable to meet strong cryptography, compensating controls will need to be implemented to prevent unauthorized access to Bluetooth transmissions to capture cardholder data. 

Note: The specific sub requirement number(s) and terminology may vary depending on the version of the standard being used.

August 2022
Article Number: 1073