The PCI SSC isn’t a governmental regulative body. However, it may take punitive actions if a company fails to comply with its standards. The primary consequence of compliance failure is a monetary fine. Penalty fees for noncompliance can include legal fees, banking fines (for every card stolen), cost of federal audits, and cost of cleanup (including investigation by forensics experts).
While the financial cost of not complying with the standard ($500,000 and up) may seem like a strong deterrent, the lack of trust from major banking institutions, third-party partners, and customers represents a longer-term concern.
Another important thing to remember is that using a payment processing firm that is PCI DSS compliant, such as PayPal, does not excuse you from the PCI requirements (although it does limit the scope of compliance). If you handle cardholder data (or integrate with a payment processing firm to do so), you are required to comply.