That is crazier than any old dailywtf stories, and that site felt like everyone tried to one-up each other.

Is there some part of PCI auditing requirements that is getting misinterpreted by some auditors to demand this? Though in my experience with standards like this what auditors want to see and what the standards say often have only loose overlap anyhow.