Chris has well taken this point and what I understand is that right now there is no concrete solution available in this context. PCI-DSS (Payment Card Industry Data Security Standard) is something still in the making or fool-proofing process. The standards have not been in place and are not in a position to handle all vulnerabilities and threats. I feel, it is in its adolescent stage and will take some more time to come to a maturity level. in software we call such solutions in Beta Phase, where they are under comprehensive usage by the limited end users with all real data but still not ready to be released as fully secure/tested final release.
The changes happening in any case are better, I would say, and will help in getting this to a maturity level where it is widely acceptable by all.