[lftl]

I've never gotten a really solid response on someone in the know about this, so I'm curious about your thoughts about PCI compliance while using APIs similar to Authorize.NET's direct post method (http://developer.authorize.net/api/dpm/), but I've seen similar setups referred to as postback or other names.

From my developer's perspective using this setup, my application no longer "processes, stores, or transmits" credit card details as the PCI spec reads, so my server/app should be out of scope for PCI compliance, right?