While I'm no QSA, there are two main ways I can think of to do this. The first way is to outsource as much of the payment processing as possible. This has the added advantage of not only reducing the scope of systems, but also of limiting the number of places from which data can accidently leak. This won't absolve you completely from PCI DSS compliance (the only way to do that is to stop accepting credit cards entirely), but it can make your life a lot easier in the long run. It does mean however that you will have an obligation to monitor your outsourcer to ensure they remain PCI DSS compliant. Fortunately, this requires significantly much less effort than actually maintaining compliance yourself.
The other option is to consolidate your credit card processing/management infrastructure into as compact a footprint as can be sensibly managed. For instance, this would mean segregating systems in where you have a system (which could be a single computer or multiple computers) hosting a PCI-related application along with non-PCI DSS applications.
Alternately, if you can't reduce the number of boxes your PCI DSS applications are hosted on, reallocating the boxes so they are only hosting PCI DSS-related data will allow you to isolate those systems to a much greater degree and limit scope creep during your assessment.
For more information:
This was first published in January 2010