Most companies use a credit card Payments Provider like Sage Pay, Worldpay and others on which the actual card transaction details are gathered and stored on the Providers secure servers using their security that is PCI compliant.
However, things are beginning to change with some banks insisting that their merchants prove they are PCI compliant before providing them with a merchant account for online credit and debit card processing, even if these are all currently being processed through a compliant Payment Provider.
You will not be surprised to learn, therefore, that there are now companies springing-up to carry out PCI audits. Indeed some banks have already put in place there own arrangements, which they may insist their mechant account holders use.
Sage Pay offer a simple Online Self Assessment sevice through a third party that currently costs £72 per annum for Level 4 users. You can read about this at their Website at http://www.sagepay.com/pci-dss-compliance Your bank may be happy with your current arrangements but as we all know the thirst for more business rules and compliance checks remains insatiable.