I know nothing about PCI compliance or ecommerce, but guess what I've been tasked with creating!

Our payment system passed PCI compliance even though we never tried to make it one. It was just something client wanted on a whim.

I'm just the dancing monkey.. if you explain what I need to do to actually try for PCI compliance I will do it. But I have no idea why I am doing it.

I am unfortunately a PCI internal security assessor... It is all really pretty basic security stuff... Annoying none the less. You'll do just fine... Once you read the requirements and make a list for remediation that is :)

That said if you are writing code for an ecommerce site that needs to be compliant you want to review the PA-DSS. You could also outsource the payment gateway and build just the interface then your side of the scope becomes much smaller.