The following text is taken from the PayPal website:-
(some paraphrasing to make it read correctly for the Gang Show shop.)
What is PCI DSS and who needs to comply?
Consumers are becoming increasingly aware of the dangers of identity theft and PCI compliance shows you have secure procedures in place that keeps their payment information safe and secure. Payment Card Industry Data Security Standard (PCI DSS) is a set of 12 requirements that all businesses who handle credit or debit card payments must comply with. It provides business best practice guidelines to establish a "minimum security standard".
The PCI Security Standards require all merchants, regardless of size or number of transactions, who accept, store, transmit or process any cardholder data to comply with PCI DSS.
PCI compliance handled by PayPal and Stripe
The Harpenden Gang Show shop uses the PayPal "Website Payments Standard" and as such PayPal handles the payment card information for us. We hold no card information on our computer systems. Our burden of PCI compliance is therefore covered.
The TicketSource system for ticket purchase interfaces with Stripe and no card information is held by TicketSource.
The order and address information is held by our shop software supplier which uses high security Amazon data servers.