Jack_Hughes - 8:39 am on Aug 18, 2009 (gmt 0)

@Demaestro - from my reading of the PCI DSS requirements, if your site takes credit cards, or indeed if you take them over the phone, you need ot be PCI DSS compliant. By processing I mean your site actually has a form that accepts credit card numbers. If you just send them off to a processor and they do the form for taking the credit cards then you're fine you don't process the cards. Storing cards is not the sole prerequisite for PCI DSS.