Can I ask what happens if a QSA approves a system for PCI DSS / PABP and another QSA disagrees with it? What happens if the card schemes disagree with a QSA decision?

The card brands will not disagree with the QSA as far as service providers are concerned. MasterCard never sees the ROC and Visa will rely upon the recommendation of the QSA except in extreme circumstances.

If you have two QSAs that disagree, this is not unheard of. If you are a service provider and are concerned about having two QSA's disagree with regard to the services you provider merchants the easiest route is to have a QSA independently validate your own compliance and submit to the card brands. At that point it is unlikely that a QSA will disagree but keep in mind that QSAs compete and as such they sometimes like to call the other's baby ugly ;)

Hmm, more questions.
What happens if two issuers disagree? One supports a process but another wants it stopped and goes to Visa (we get into the strategic and political realm here).

I assume that in extreme circumstances, Visa can overule a QSA and declare the opinion invalid?

I would need more information to answer. When you say issuers, I am assuming you are speaking of issuing banks that are member of Visa?

Can you provide more information on the situation?

Here is an example. A bank authorises this solution. Merchants have a card reader attached to a mobile ph. The customer swipes their card, the mobile ph sends the track2 data to a central server that builds a payment message as card present, signature required. The card reader is not approved, just a simple reader one can buy in Asia for $20.
Even assuming the mob ph app meets PCI DSS and PABP, it's the very nature of the process that is an issue. Banks do try to educate their customers as to what devices are suitable and what they should not use, here is a bank opening a huge market for card skimming.

It is important to understand that if a bank 'authorizes' a solution for their merchants they are doing so under the guidelines of the various op regs of the card brands for which they acquire. The acquirer in this case cannot unilaterally approve a solution that places cardholder data that belongs to issuers (or cardholders depending on where you fall in the debate) at risk.

while the PCI DSS does tangentially impact fraud rates it is not primarily a fraud prevention mechanism. The PCI DSS is a data protection program.

The debate always exists as to how much security can be interjected into the payment process before acceptance is impacted. The reality of the indusry in which we work is that fraud is simply a fact of life. The same applies to check processing etc.

Consider technologies such as 3D Secure. It certainly cuts down on fraud rates but there is debate over the impact on acceptance. If the implementation of 3DS cuts down on fraud by 5% yet reduces acceptance by 7% then the net loss is 2% and it is difficult to see how the program was successful.

The card brands all have rules over how a transaction can be submitted for it to be valid and accepted. There are a number of different fraud prevention tools including AVS, 3DS, CVV2, etc. In the solution you are describing the merchant would be liable for the fraud if they did not follow the opregs or if they opted to not use advanced authentication.

Additionaly, as mentioned by AndrewJ, there exist certification programs for terminals. MasterCard's PTS is an example.

If you have a concern about the viability of a particular process I would suggest that you contact one of the major card brands and raise the issue.