PCI focuses heavily on protecting a credit card number throughout its life cycle. It does not address protecting the customer's personal data associated with that credit card number.
from network security assessment by Steve Manuik et. al. p 225
PCI is the security standard every website should follow that wants to use credit cards for its online transactions
as if there are no serious things to write about, we are getting after the advertorials, hype and FUD some articles that are being written only because some journalist has to write something becayuse he was sent over to something that has produced nothing serious to write about.
"At a Get Safe Online event on Monday aimed at heightening security awareness among small businesses, officers connected a machine running Windows XP Service Pack 1 (SP1) to an unsecured wireless network. The machine was running no antivirus, firewall, or anti-spyware, and contained a sample target file of passwords to be stolen" source http://www.crime-research.org/news/11.14.2007/3010/
But this is just crap. There are no machines in the shops running only xp SP1. And if there is someone in your IT department or office that lets a pc without patching, firewall or antivirus on the internet than you should or fire him or buy him a good book. It is just as easy as opening a rotten wooden door.
It is as if you would drive a car without brakes. Off course it will crash, that is just what brakes will prevent. In fact just as cars without brakes can't go on the motorway pc's without firewalls or updates shouldn't be allowed to go beyond a highly secured network or .... host a website like antwerp did :)