Encrypt Credit Card data, keep up with patches
Whilst on the face of it the advice seems sound, it is a bit more complicated than that.
If you encrypt data, then to use it again you have to decrypt, so if a server got compromised at a low enough level, it is highly likely they would have the key to decrypt.
Best really for smaller outfits not to take credit card data, but move it to a third party. Or, if they do take it run it off the system via an encrypted line, to a local holding area, which stores one way off the line.
You don't want to store credit card data live as an ecommerce site, unless you are really large, it tends to paint a bulls eye on you if you store CC data.
Patches, well now, some patches can introduce security vulnerabilities, and whilst the majority of the time it does work, who is now responsible if a patch introduces a security problem.
Really credit card companies can help by lowering the charges they make, and coming up with a delayed payment for those who wish to reduce the chargeback problem. So, if you say don't transfer funds immediately instead hold for a week on the card, and if the person wishes to chargeback then the cost of that chargeback should be lower.
They should also allow for a quick way to report fraudulent use of cards, and that should be secure and hard to abuse.
The problem is advice for security changes, no one is an expert working from the knowledge of generations in this field, it literally is being made up all the time. So, these so called standards can actually be more of hindrance than a help.
Credit card companies need to work more with merchants, and put in place better systems to track fraud, they need to stop offloading the problem onto the merchant and instead pitch in and help a bit more.
Banks and CC companies should set up a few small ecommerce outfits, mainly as trials but still real ecommerce, they should not pull any strings they have in the parent company, just sell some knick knacks, and see how hard it would be for a company to secure the site and still maintain business. I think that would be a bit of an eye opener for them.