If you are currently using an online ordering platform for your business, it is your responsibility to confirm that the online ordering company you use is PCI-DSS compliant. Your online ordering company is your service provider. You are your service provider's customer and you are a merchant that accepts credit cards.
Service providers perform services that impact the PCI-DSS compliance of their customers. The PCI Security Standards Committee defines a service organization as, "Any company that stores, processes, or transmits cardholder data on behalf of another entity." Just like you, the merchant, online ordering service providers are required to comply with the 12 requirements of the PCI Data Security Standards (PCI-DSS) based on their level.
The quickest way to find out if your online ordering company has been approved by Visa and/or Mastercard as a PCI-DSS certified service provider is to check their websites.
Visa Global Registry of Service Providers
The MasterCard Compliant Service Provider List