1.1.4 Securely delete any magnetic stripe data, card validation values or codes, and PINs or PIN block data stored by previous versions of the payment application, in accordance with industry-accepted standards for secure deletion, as defined, for example by the list of approved products maintained by the National Security Agency, or by other State or National standards or regulations.
PCI Data Security Standard Requirement 3.2
Note: this requirement only applies if previous versions of the payment application stored sensitive authentication data.
Testing Procedures:
1.1.4.a Review the PA-DSS Implementation Guide prepared by the vendor and verify the documentation includes the following instructions for customers and resellers/integrators:
[ul]
[li] That historical data must be removed (magnetic stripe data, card validation codes, PINs, or PIN blocks stored by previous versions of the payment application)[/li][li] How to remove historical data[/li][li] That such removal is absolutely necessary for PCI DSS compliance[/li][/ul]
1.1.4.b Verify the vendor provides a secure wipe tool or procedure to remove the data.
1.1.4.c Verify, through the use of forensic tools and/or methods, that the secure wipe tool or procedure provided by vendor securely removes the data, in accordance with industry-accepted standards for secure deletion of data.