We are implementing a process to accept credit cards as payment for a loan application deposit. The credit card info would be given over the phone. The company that is helping us set up this process is saying that we don't need to complete any paperwork to be PCI compliant but when I look at the Q/A on the PCI Compliance website it states that we must still be compliant.

Q: If I only accept credit cards over the phone, does PCI still apply to me?
A: Yes. All business that store, process or transmit payment cardholder data must be PCI Compliant.

Can anyone that currently accepts credit cards as payment for an application deposit tell me what you do for PCI compliance?

Any help would be appreciated.