that your organization has implemented all of the relevant security controls described in the DSS.
While not storing credit card data does eliminate some compliance requirements the majority of the controls dictated by the DSS remain in effect
f your website integrates with PayPal via an API then you are still liable for PCI compliance since your servers capture and transmit the credit card data first.
The PCI Data Security Standard is the most comprehensive and specific set of security controls ever compiled into a major industry standard or law.
Payment Card Industry Data Security Standard (PCI DSS) is a set of 12 requirements that all businesses who handle credit or debit card payments must comply with.