Using a secure wipe tool

Various PCI DSS requirements demand the use of a secure wipe tool to securely delete sensitive authentication data and cardholder data.

According to PA-DSS requirement 1.1.4, the disk wipe tool must be in accordance with industry accepted standards for secure deletion. The National Security Agency, for example, maintains a list of approved products.

To securely wipe entire hard disks, you can use the DBAN tool.

To securely delete single files or directories you can use the Wipe tool inLinux®.

Using the DBAN tool

You can download DBAN from http://www.dban.org/.

  1. Create a CD with the ISO image of DBAN.
  2. Boot the computer that hosts the device you want to wipe securely.
  3. Press the ENTER key to start DBAN in interactive mode.
    This screen capture is explained in the surrounding text.
  4. Type M and select the DoD Short method.
    This screen capture is explained in the surrounding text.
  5. Select the disk or partition you want to wipe by using the up (J) and down (K) keys to move to the entry.
  6. To confirm your selection, press the space bar.
  7. To start wiping the disk, press F10.
    This screen capture is explained in the surrounding text.
  8. The disk is now being wiped.
    This screen capture is explained in the surrounding text.
  9. Make sure a dialog is displayed that confirms a successful wipe.
    This screen capture is explained in the surrounding text.

Using the Wipe tool

You can download Wipe from http://wipe.sourceforge.net/.

You can use the Wipe tool to securely delete single files or directories.

For example, to securely delete file myfile.txt run:

wipe -Sr -p3 myfile.txt

Decommission a Safer Payments instance or cluster

If a Safer Payments cluster instance or an entire Safer Payments cluster is decommissioned, you must securely delete all cardholder data by using a disk wipe tool.

Safer Payments stores cardholder data in several locations. These locations are identified and configured as described in Configure cardholder data storage locations.

Archived data and backups that are created by third-party applications are not in reach of the Safer Payments software itself. Therefore, they are not securely deleted automatically by Safer Payments. This aspect of this requirement must be met by organizational procedures.