IO nor the websites we build are certified PCI compliant. While we do our best to ensure security best-practices we are not certified. If payment integration is with OE or square, we don't really need to be PCI compliant as we aren't handling the credit card data at all (it passes directly from client to merchant provider), but for others (authorize, payjunction) it runs through our server first, but we don't store the card details.
Generally, most merchant providers charge a PCI compliance fee and often it's labeled as either because you aren't compliant OR it's to cover the merchants costs to be PCI compliant. In most scenarios you can't avoid the fee.