The latest security regulations put forward by the PCI Security Standards Council fail to prevent even the most basic vulnerabilities online. What's particularly disturbing is that the new regulations which are said to be mandatory as of April 2010 are costing small companies thousands of dollars to comply, yet even after PCI compliance has been achieved, online companies could still be putting their customers card data at risk!

This stems from a simple feature of most browsers, where the use can simply press the down key in any form and it will reveal previous entries entered into that form. Try many of the online forms where you enter your login details, addressees, names etc. including sensitive card data. According to this article the security flaw is not covered by the extensive PCI regulations which have been developed to give people a sense of confidence that they can trust online companies, yet if personal details are not protected by even the most basic exploits, are the PCI Security Standards really doing the job intended?

This seems to be such a simple but fundamental flaw of the new PCI standards and a quick fix would go a long way to improving online trust if this potential exploit was included in the compliance regulations.