People blame silly decisions on "PCI" all the time as well. I'm not a QSA but I do a lot of work in payments and took my last small company through PA-DSS level 1, so I've got some background there.
Having said that, anyone who touches a credit card should generally be in a PCI scope - even if you're a small mom-n-pop bookstore that takes Stripe. The worst abuse that I've seen though is trying to convince people that they should go all the way to "level one" compliance. The levels are based on your processing volume, with 4 being the lowest and 1 the highest. There's a self-abasement questionnaire, level 4 takes about 15 minutes, 2 takes all of 30 minutes (each with a truly trivial systems scan if you're doing work on the internet). Level 1, on the other hand, is designed for people staggering amounts of money and requires expensive on-site audits.
Like premium gas, there's no reason to level up beyond where you need to be except for silly marketing purposes - yet more and more people who trust their consultant advisors are doing so, because its a relatively easy way for consultants to make bank.