Delete sensitive authentication data stored by previous payment application versions
Maitre’D 2003 SP11 or Maitre’D 2005 SP3
If you were previously using PABP/CISP compliant versions of Maitre’D, no actions need to be taken to meet this requirement. Although PABP and CISP are now obsolete standards, they did prohibit storage of full Track 2 data. Maitre’D versions that were PABP/CISP compliant are Maitre’D 2003 SP11 or higher and Maitre’D 2005 SP3 or higher. For these versions of Maitre’D, only the PAN and expiration date were stored in encrypted form. The rest of the card data and authentication data was always deleted after authorization and never stored anywhere. Therefore, if you are upgrading from one of these versions, no further action is needed to meet requirement 1.1.4.
Maitre’D 99, Maitre’D 2000, Maitre’D Millennium, Maitre’D 2003 (SP10 or lower), Maitre’D 2005 (SP2 or lower)
Following an upgrade from one of these versions, some logs may include unencrypted PAN information. In order to meet PA-DSS requirement 1.1.4, these logs must be securely deleted using a special utility that will completely wipe the files making sure that they cannot be retrieved later with forensic tools.
A free tool called SDelete by Mark Russinovich can be downloaded from Microsoft Technet and used to securely delete files. Simply follow the link below, and read the instructions and information provided on Microsoft Technet to learn how to use this tool.
Using SDelete, simply delete all the files stored inside this folder: C:\POSERA\MaitreD\DATA\LOG The SDelete tool also has the ability to securely wipe free space on your hard drive using the U.S. Department of Defence clearing and sanitizing standard DOD 5220.22- M. This ensures that any trace of data from previously deleted files is made totally irretrievable, even by using any kind of forensics analysis tool.
Please read the information provided on the Microsoft Technet site to learn how to sanitize the free space on your hard drive. This procedure will wipe the free space on your hard drive, removing information that could have been left behind after deleting files.
Secure deletion of historical data is absolutely necessary for PCI DSS compliance.