Your online store uses our shared store platform, so it isn't truly your site - [www.yourdomain.com] - that's accepting credit cards and submitting them to the payment processor to secure payment. As soon as your customers browse to their shopping cart, they are doing so via a shared SSL certificate versioned URL of ours that is specific to your website (when in the shopping cart pages, note the "padlock" image and the "https" in the URL, and the URL itself as being a version of "[yourdomain].vcgstore.com"). Your customers stay within this shared SSL environment all the way through the checkout process. As such, your website itself does not need to be PCI compliant as your domain isn't ever directly involved in payment processing. We ourselves as VCG are PCI compliant, although even we don't in any way store credit cards in our system. At the last stage of checkout our system simply requests payment information from your customer and transmits that directly to the payment processor (via your own PayPal or Stripe account) via SSL without ever storing those payment details, or takes your customer to PayPal to secure payment if the pay by PayPal option is enabled for your store and selected by your customer.