6.3.1 Remove development, test and/or custom application accounts, user IDs, and passwords before applications become active or are released to customers.
6.3.1 Examine written software-development procedures and interview responsible personnel to verify that pre- production and/or custom application accounts, user IDs and/or passwords are removed before an application goes into production or is released to customers.
Development, test and/or custom application accounts, user IDs, and passwords should be removed from production code before the application becomes active or is released to customers, since these items may give away information about the functioning of the application. Possession of such information could facilitate compromise of the application and related cardholder data.