I am aware that this topic has been discussed in many threads, but I have yet to find a consensus regarding the following issues. There seems to be a lot of speculation, hearsay, and just play misinformation floating around on both this site and other forums. I would like to engage those who are currently accepting credit cards on their sites in this thread (I know a lot of you reading this are), to hopefully get down to the nitty gritty, and finally reach a consensus on these key questions that keep getting asked again and again:

1) If you simply transmit CC data to your payment gateway (lets use PayPal via Web Payments Pro for these examples), do you need to take exactly the same rigorous measures as if you were to store the data in your database? Or are there parts of the compliance that you can "leave out" so to speak? If so, what are they?

2) Is having a 128-bit SSL certificate (plus bulletproof code) enough to be able to collect the CC data and immediately transmit it to PayPal (again through a secure connection), assuming you're not storing the data?

3) Is being on a shared hosting account automatically considered "not compliant"? Are some web hosts better than others? How would one find out?

4) It seems every rinky-dink-looking website out there is accepting credit cards. Why does the process seem so common/easy for seemingly small shops, yet seem like there's so many hoops to jump through for a beginner? Is there something we're missing?