Hi Customer (put their name here instead of Customer),
It has come to my attention that the work I provided for you previously might not be entirely PCI compliant. As you know, the government can impose fines for breaches that occur on websites that are not PCI compliant. I would like to get in touch with you to help resolve this issue in a timely manner.
Please respond by XX/XX/XXXX (put a date here) so that we can work towards an agreement to upgrade your website.
Failure to respond by the date specified above acknowledges that you do not wish to pursue PCI compiance status and removes <insert your company name here> from any liability.
<your company name>
<sign it and date it>