This move makes sense if you look at PCI's board of advisors[1]- It's a bunch of bank VPs plus the head of security for both First Data and Pay Pal. The people who run PCI compliance are the ones that stand to lose if PCI compliance becomes moot, so they are doing all they can to make it seem like it's the be-all end-all of internet security and that you'd be a fool to trust an online merchant that wasn't PCI compliant.
Interesting point about making vendor specific security tokens for internet transactions in an earlier comment. That would quite obviously help tremendously in the case of a breach, however that would put the onus on banks to be responsible for security instead of on merchants, and again the bank representatives on the BOA at PCI aren't going to go for that.
Interesting point about making vendor specific security tokens for internet transactions in an earlier comment. That would quite obviously help tremendously in the case of a breach, however that would put the onus on banks to be responsible for security instead of on merchants, and again the bank representatives on the BOA at PCI aren't going to go for that.
[1] https://www.pcisecuritystandards.org/organization_info/board...