>What else would you use to encrypt 8-byte long sequence.
I would establish a secured session using authenticated key agreement and use that session to carry all the traffic.
If the PCI pixies forbid me from having a secured session, I would randomize it with nonces to achieve what the PAN does without the additional key.
But crypto protocol design is not a solo sport. You do it with a group like minded of cryptographers and implementers so you get it right.
I read the PCI specs once. It was like they wrote a set of thousands of statements and then randomized the order. They are still true, but the structure and purpose it lost.