I have a payment processing client that runs exclusively on the desktop. The operator enters payment data and clicks a button and my app sends the data off to a payment gateway via a secure channel. My app never stores sensitive payment data, although it does encrypts and saves the merchant's gateway login info.
Am I in scope? If I am, why are web browsers out of scope when the perform the exact same function in the same way?
Your app handles card numbers and is involved in the authorisation and/or settlement of card transactions. If you are providing it as off the shelf software it is in scope for PA-DSS.
The organisation that installs your app and runs it in their environment is in scope for PCI-DSS.