But does it actually help?
"By failing to comply with the PCI Data Security Standard (DSS), organisations are putting consumers at increased risk of payment fraud, Verizon warns."
It would be interesting to see the proportions of those who do and don't comply that actually suffer data breaches. Given the example in the article, I'd be surprised if there was a significant difference:
"In one recorded example, a hotel was found to be storing almost a decade’s worth of receipts containing full, unmasked card numbers next to its laundry room."
This appears to be referring to paper receipts, of the kind that can't be stolen from a networked computer and would take far too long to sort through to make stealing them worthwhile even if someone actually managed to break in and find them. Storing them for so long in an insecure manner may not be the best idea, but how does this compare to, to throw out a random example, Verizon putting 6 million customer records on an unsecured cloud server? https://www.theverge.com/2017/7/12/15962520/verizon-nice-systems-data-breach-exposes-millions-customer-records