Brandon Williams has a great blog post on his site that answers this question.
The bottom line is that there is no organization that is going to execute the PCI DSS, or any security framework for that matter, 100% of the time, all day, every day.
Why?
Security is NOT perfect.
Why?
Because it involves human beings and we are flawed.
However, that does not mean that you should not try and be as close to 100% flawless as possible. Because the difference between an organization that is breached and one that is not breached, can be only a percentage point.
For all of you in the United States, have a safe holiday weekend.
PCI Guru 