BAH!
I hate PCI DSS annual review time. Thankfully we keep customers card details in an A5 notepad that is locked in a safe. As such the review is quite straight forward.
However if I were to keep those details on an electronic CRM (which would make my life a lot easier) I then have around about 80 pages of technobabble to wade through and complete. I can change default passwords of routers and do quite bit of technical stuff however I do get lost on the vast majority of the PCI DSS review (if I were to store details electronically). A lot of it is very network specific and I am out of my depth (and I consider my self more IT literate than average and certainly a lot more IT literate than the average business owner).
While I appreciate that PCI DSS is something that needs to be adhered to, not only for the sake of customers but also for the sake of the business - it is not something that I feel I can fully complete, hence we stick to the idiot proof paper and safe option.
There is a MASSIVE gap in the market for tech companies or contractors to offer PCI DSS compliance configuration and PCI DSS reviews, however many companies I have approached seem to wish to stay well clear.