Assuming I decide to use payment gateway and not to use their hosted page, but rather provide my own credit card details form, and then send data to their backend via xml as explained on this page. Then:
Thanks for any help
1) If you're handling credit card information at any time you need to be PCI compliant. You need to sort out coding issues, your host needs to deal with any hardware and software issues with the server, and the payment gateway company has a lot of issues to handle (which is a list too long to list here but you don't need to worry about anyway).
2) No. SSL will help you be PCI compliant but there is more to PCI compliance then how the data is transmitted from the user to the server. What you do with that data and how you do it also come into play. For example, if you are storing credit card information you'll need to be using encryption and not storing values barred from storage by PCI (i.e. CVV numbers). Putting this information in a session counts as storage.