Still don't see your sources, maybe I missed them. You've probably never actually gotten PCI compliance for an entire organization.
for an entire organization no.
For a bank yes.
Maybe bank are not safe enough for you.
Oh, and Windows IS compliant itself, running nothing but anti-virus, desktop firewall enabled, having automatic screen lockouts, currently patched, and rotating passwords in a timely (< 90 day) fashion.
you just forgot the credit card part.