Re: No impact on security...
If only there was some correlation on being PCI-DSS compliant and actually being secure....at least it forces you to patch.
It also forces you to think, for instance about your network architecture. Apparently there are rules covering taking payments by phone, and using an ip-based phone system, along with networked computers, which wouldn't have occured to me. Mind you this isn't my job area.