We recently ran into some questions from multiple organizations regarding PCI DSS applicability to closed or inactive credit card account numbers. For example, when someone passes away, the disposition of their debts and assets may go through probate. What may happen during this process is the collection of all of the deceased’s debt accounts, including credit cards, to determine how claims will be paid from the estate. Based on discussions with some of our clients, the credit card accounts are closed before they are handed over to the probate organization. That being said, these organizations will have credit card data in their systems, albeit inactive account numbers.
Read more on SecureState's new blog site http://blog.securestate.com/post/2011/04/08/PCI-DSS-Applicability-To-Closed-Accounts.aspx