The 451, which I think does great work, put out a report today entitled; "The chosen few: has PCI anointed nine 'winning' technologies (and a lot of losers)?"
Wow, this article is OLD news. Security marketers have been glommed hard onto PCI for what, 4 years??? Every IT buyer knows this, and I'd venture to say that 90% of all the PCI pitches are essentially the same story, with the same punchline, "buy my product and meet this requirement".
The PCI standard is a good baseline, and many organizations pass the audit and stop there. Anyone who is serious about security will meet this audit easily, because to protect yourself today, you've got to do MORE than is in the spec.
HOWEVER, that will never stop every vendor from positioning themselves as a checkmark. OK, we got that, congrats you are on the list, now why should I replace my current with yours, or buy you for the next implementation, I hope the story has a bit more depth than "pass PCI requirement x.y and y.z"