2.3 Render PAN, at a minimum, unreadable anywhere it is stored, (including data on portable digital media, backup media, in logs, and data received from or stored by wireless networks) by using any of the following approaches:
[ul]
[li]Strong one-way hash functions (hashed indexes)[/li][li]Truncation[/li][li]Index tokens and pads (pads must be securely stored)[/li][li]Strong cryptography based on approved standards (defined in PCI DSS Glossary, Abbreviations, and Acronyms) with associated key management processes and procedures.[/li][/ul]
The MINIMUM account information that needs to be rendered unreadable is the PAN.
PCI Data Security Standard Requirement 3.4
The PAN must be rendered unreadable anywhere it is stored, even outside the payment application.
Testing Procedures:
2.3.a Verify that the PAN is rendered unreadable anywhere it is stored, in accordance with PCI DSS Requirement 3.4.
2.3.b If the software vendor stores the PAN for any reason (for example, because log files, debugging files, and other data sources are received from customers for debugging or troubleshooting purposes), verify that the PAN is rendered unreadable in accordance with PCI DSS Requirement 3.4.