Yes, this is wrong, and here is why. As you mentioned, PCI-DSS requires that communication containing sensitive data be handled over a secure channel. As a part of this process, certificate validation ensures that the certificate in question is in good order and belongs to the party that you intend to talk to. If you do not validate the certificate, the traffic may as well be unencrypted because you have no idea of who is on the other end. It could be your merchant provider, or it could be a man-in-the-middle who's reading and storing all of the card data you send before forwarding it on to the provider. Without validation the cert, you can't know who's seeing the data, so your trust level that the transport channel is secure must necessarily be 0%.
So, as I said in the comments, do not accept this condition. If your merchant provider can't, or won't fix the issues so that you can confidently validate their certificates, find another merchant provider. In fact, that may not be a bad idea in any case because if they're willing to play fast and loose with PCI and security here, you can't know where else in their system they've taken similar liberties putting you and your customers at risk.