PCI security expects modern operating systems with appropriate security patches.

I learned of this in another FAQ (Frequently Asked Questions) I found online. This suggests, for example, that Windows XP has been unacceptable for just shy of a year now.