Re: At least they won't have to worry about international payment security
While the PCI-DSS requirements are pretty solid, where much of the problem comes from is organisations that adhere strictly to the PCI-DSS standards rather than attempt to use any sense and go beyond them, to produce more secure systems. Instead it's often considersed "we're PCI-DSS compliant and therefore don't have to think security ever again".