Here is some brief information on PCI (Payment Card Industry) Compliance.

If you transmit/process credit cards transaction you must be PCI compliant.  There is no way around this. You first will need to fill out a self-assessment questionnaire on a yearly basis.  You will probably need to hire a third party to scan your site to look for vulnerabilities.  Do not wait for your bank to ask if you are compliant.  You should be proactive and ensure your site is PCI compliant.

PCI compliance is required for all merchants, no matter how small your business is.  Some banks will give you a free years worth of scan.  Or you pay a company like McAffee $300 plus / year to do the scans for you.