It's difficult for a consumer to determine if a company is PCI compliant. The only ones who really enforce the compliance are the credit companies like Visa, Mastercard, Discover,etc. As far as compliance, companies can do a self assessment which is little more than a questionnaire asking them if they store CC# on their networks, if card info is encrypted, if their is a DMZ between the network that stores the CC info and the internet, etc.
The best you can due is to have the credit company do an audit on the company by reporting them. There is a service that provides a quick check of the web server like http://checkpcidss.com/epay.com/
but that doesn't really tell you much if the company is not storing their CC info on the same server. But as far as that report epay has a vulnerability that has a high severity of PCI noncompliance.