Re:But when will consumers see additional security (Score 1)

PCI is pushed by the card schemes so acquirers and banks they reduce actual fraud and to reduce the reputation / legal 'complications' of a reported breach. Which is more important is a question for the reader.

Yes there is the insurance aspect, however it is useful to note that the card schemes attempt as much as possible to push liability to the card issuers who push to the acquirers / third party processors who push to the merchants.

The requirements relating to segmentation give the payment processor the ability to implement stronger security within the 'PCI' secured segment. That is, corporates do not have to prove the same level of security is in place for the corporate network side - as long as the full PAN, CCV, exp date is not able to be accessed from the corporate network side.

There are also requirements about length of time transactions are to be stored / retained in full. There is less of a problem (note: not no problem) for the actual transaction authorisation / payment and more on the merchant storing the data (particularly those that store the data in their POS systems (integrated into the acquirer terminals or separate).

Card Schemes are pushing the card issuers to have the reviews performed on the third parties they use for payment processing, this goes all the way down to the smallest merchants. However companies that have low transaction volumes are not required to prove compliance (through external review) and are just required to self report.