Re: PCI-DSS Compliance
It's if you store any CC data. In the theoretical event that I wrote a site that used exclusively a 3rd party to process payments I would never record any of the information locally to get around having to have PCI compliance. You can also hand off the details to a second, more secure storage system that you also write and maintain, then only that needs to be PCI compliant.
This is of course definitely a theoretical situation.