I got the same question in my mind. But i must say in moment there is no "Law" that the companys have the PCI Compliance.
Or better there are a lot rumors around this. Our company is working on PCI COmpliance. And i must say i hate this project because it is so big the project.
But the first...