"Using a combination of fines and incentives the payment card brands have working hard to boost PCI-DSS compliance rates among merchants. Meanwhile, ASVs have been doing their part by offering their services at drastically reduced prices and curtailing the security checklist to make certification as easy as possible. Every merchant who signs up is able to get PCI certified, but it does come at a price (not including bandwidth utilization). The problem is adoption rates are still slow, but that might all change with a new entry into the space, Scanless PCI."
Good news, if you are a whitehatsec customer you're already protected!
Additional details are at http://www.scanlesspci.com/