Being compliant with PCI DSS means that you are doing your very best to keep your customers valuable information safe and secure and out of the hands of people who could use that data in a fraudulent way. Not holding on to data reduces the risk that your customers will be affected by fraud.
If you lose card data i.e. suffer a data breach and you are not PCI DSS compliant you could incur CardScheme fines for the loss of this data and may be liable for the fraud losses incurred against these cards and the operational costs associated with replacing the accounts. Your customers may also not want to do further business with you.
Unfortunately data breaches occur regularly and e-commerce sites are a very frequent target from hackers who often successfully compromise e-commerce sites. So please do not think that it won’t happen to you. It is imperative for you to ensure that you have implemented all of the relevant controls in PCI DSS.
Remember: you are responsible for looking after your customer’s card data, regardless who processes the data on your behalf.