Re: I bet it's even less in reality...
I hate to disagree with you, but I think that the PCI DSS was written specifically for companies that run all of their PCI transactions on IBM's z/OS.
I have been in IT for over 30 years, have been certified before (it was a collosal waste of my money,) and have had to maintain compliance with the changing PCI standards for more than a decade.
In my experience small to mid-sized companies need to employee at least 3 specialists working full time to maintain compliance.
The only changes I'd suggest to the PCI certifictation process would be to make it a requirement that no company over a certain size be allowed to self-certify, and that no company be allowed to use the same auditors for consecutive yearly audits. I have experience with several auditing firms and NONE OF THEM have performed the same checks.