You got that right. Most IT shops I've noticed (at least in Australia) used to ask software vendors if their software was "PCI-DSS 2.0 compliant".
Stupid thing to ask. The only key things a software vendor can really answer is that they don't store credit cards in their database, or if they do then they don't display them to anyone. Everything else (well, almost everything else) can be dealt with on the infrastructure side of the equation.
Stupid thing to ask. The only key things a software vendor can really answer is that they don't store credit cards in their database, or if they do then they don't display them to anyone. Everything else (well, almost everything else) can be dealt with on the infrastructure side of the equation.