If I run a shopping cart application, does the web server need to be PCI compliant? The reason I ask because of the fact that I don't process the payments on the 开发者_StackOverflowsite anyway. The main payment method will be through Paypal.

I have not decided yet which shopping cart application that I will use: it could be one of the followings: opencart, magento, zen-cart

Thank you for your input.

No

Since paypal will be handling credit card data.

see pci compliance faq

Q: To whom does PCI apply?

A: PCI applies to ALL organizations or merchants, regardless of size or number of transactions, that accepts, transmits or stores any cardholder data. Said another way, if any customer of that organization ever pays the merchant directly using a credit card or debit card, then the PCI DSS requirements apply.