Hi I am using eway payment gateway plugin from your wesite to process my payments. Can I say that my website is PCI-compliant ??
inorder to be PCI compliant the payment gateway should collect the data from webpage and post the sensitive data like credit card details directly from the customer's browser rather than your server ie No card data would hit your system.
For your website (if it collects CC Data) to be compliant, the payment processor must also be compliant. If they are and, like you said, your site is out of the loop, then PCI compliance is not required. Responsibility lies on the collector of credit card info. Since you are not the collector in this case, you don't have any liability (as far as card info is concerned). Using PayPal is the same as you do not collect credit card info - always safe w/PayPal. However, if you use the PayPal merchant account, you are storing and forwarding data - then you need to be PCI compliant (you are responsible for customer data as you collect it - even if it's held in memory! )
To clarify: There is no such thing as PCI compliant web shopping cart software. Compliance extends to routers, computers, databases, processes, documentation, etc. If you don't collect credit card info, you don't need to be PCI compliant (though, common sense dictates you secure your website, equipment and store, regardless!)