The requirements for me are, I think:
1. Filling out and sending to my bank a PCI Self-Assessment Questionnaire.
2. A quarterly scan by an approved vendor. Here is a partial list of vendors:
3. Ensuring your gateway provider is PCIDSS compliant. Here is where it's a little gray for me. My vendor is not on the list. But, he has submitted a letter to me showing that he is compliant under an arrangement with another company. If I wanted the validity of that reviewed, who would I check with? Am I being too nerdy in wanting to check?