Are you using cc processing that sends info from UC to the processor or something like Paypal Standard? PCI compliance has to do with the way you as a business handle CC information. PA-DSS has to do with the software that touches CC info. UC is not PA-DSS certified and I don't think it ever will, the community and cost is just too stagering for it to become PA-DSS certified and it would have to be certified anytime a new feature is introduced. There are ways around this by using processors that offer a Secure Hosted Payment Form where your customer leaves your cart and enters the CC info on the processors side then if taken back to your site after payment. Like Authorize SIP.