The problem with the Visa PCI standard is that Visa/MC have a vested interestedin keepin gthe business flowing. The entity that is responsible for answering Visa is the issuing bank. The retailer is responisible to the issuing bank. The reports are filed with the issuing banks and shared with Visa. The problem with this structure is that all parties have a financial interest in keeping the business flowing. It take a serious public violation, like card systems, for Visa/Issuing Banks to drop a vendor.