You may pay someone to create your store, or you visit our seminar and become a professional yourself with the silver certification
PCI compliance ALWAYS falls on you. No matter if you are using a paid cart or what. Getting certified is a matter of the site being scanned.They will make sure your software is up to date.12-15-09Apache (2.2.12) PHP (5.2.10) Anonomous FTP needs to be turned off.They will See How Much Time you have left on your SSL certificate. If its about to expire, they will say you are non compliant.They will also scan YOUR IP address of your internet connection.NOW.. the tricky part is they are going to say show_image_in_imagetag produces "blind sql injection" vulberabilities. You have to argue this with them. Tell them to prove it, etc.
It took 1 month going back and forth with security metrics, but I'm Finally PCI compliant.
About show_img_in_imagetag They Take the URL of the thumb, and then add +5+abs(or something like it) to many of them.What they want is it to return the same error no matter what.