Verizon: 79 percent of organizations were not fully PCI compliant in their initial PCI audit in 2010. That’s about the same as last year’s report, according to Verizon’s 2011 Payment Card Industry Compliance Report. The report also found that nearly 90 percent of companies that were hit with breaches were not PCI-compliant. The key is to fit PCI DSS requirements into a daily routine and to not just look at them as requirements that must be met when the qualified security assessor (QSA) comes knocking.”]
Source: https://www.darkreading.com/attacks-breaches/businesses-backsliding-on-pci-compliance