Using a secure wipe tool
Various PCI DSS requirements demand the use of a secure wipe tool to securely delete sensitive authentication data and cardholder data.
According to PA-DSS requirement 1.1.4, the disk wipe tool must be in accordance with industry accepted standards for secure deletion. The National Security Agency, for example, maintains a list of approved products.
To securely wipe entire hard disks, you can use the DBAN tool.
To securely delete single files or directories you can use the Wipe tool inLinux®.
Using the DBAN tool
You can download DBAN from http://www.dban.org/.
- Create a CD with the ISO image of DBAN.
- Boot the computer that hosts the device you want to wipe securely.
- Press the ENTER key to start DBAN in interactive mode.
- Type M and select the DoD Short method.
- Select the disk or partition you want to wipe by using the up (J) and down (K) keys to move to the entry.
- To confirm your selection, press the space bar.
- To start wiping the disk, press F10.
- The disk is now being wiped.
- Make sure a dialog is displayed that confirms a successful wipe.
Using the Wipe tool
You can download Wipe from http://wipe.sourceforge.net/.
You can use the Wipe tool to securely delete single files or directories.
For example, to securely delete file myfile.txt run:
wipe -Sr -p3 myfile.txt
Decommission a Safer Payments instance or cluster
If a Safer Payments cluster instance or an entire Safer Payments cluster is decommissioned, you must securely delete all cardholder data by using a disk wipe tool.
Safer Payments stores cardholder data in several locations. These locations are identified and configured as described in Configure cardholder data storage locations.
Archived data and backups that are created by third-party applications are not in reach of the Safer Payments software itself. Therefore, they are not securely deleted automatically by Safer Payments. This aspect of this requirement must be met by organizational procedures.