[jusben1369]

If you work with credit cards you must be PCI Compliant. It's not a "You can avoid it" However, the critical thing is that there are degrees of PCI Compliance. By utilizing a newer gateway you're dramatically reducing your PCI Compliance scope. Most likely you'll therefore only need to complete a SAQ-A (self assessment 1 page questionnaire). So i) Yes, you must be PCI Compliant no matter whom you use. ii) If you use a modern gateway like Stripe you'll dramatically reduce your scope around CC data and thus only need to do a SAQ-A (which you keep handy in case you're ever asked for it) to be "PCI Compliant". Now the caveats here are that you don't do silly things like integrate to Stripe but when a customer is having trouble take their credit card over the phone and input it for them manually etc (now you're handling data and expanded your scope) Avoid doing things like that and the SAQ-A will work.