What are the requirements under PCI DSS with respect to transmission of cardholder data via Bluetooth technology (wireless)?
The PCI DSS requirement 4.1 states “use strong cryptography and security protocols such as SSL / TLS/ IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.” While the PCI DSS does not specifically mention Bluetooth technology as an open, public network, it is a technology that can present security risk if not implemented properly. Appropriate measures in the implementation of the Bluetooth technology must be taken such as having the security features enabled and using long PIN codes or pairing the devices only in private. PCI SSC recommends that you consult a Qualified Security Assessor for proper implementation of the Bluetooth technology. Our list of Qualified Security Assessors can be found at: https://www.pcisecuritystandards.org/resources/qualified_security_assessors.htm Please note: If a vendor is providing an application that is facilitating the transmission of the cardholder transaction using Bluetooth technology, that vendor is responsibl
