Re: PCI-DSS Compliance
In my experience of PCI-DSS ( a few years rusty ) If handing off to a 3rd party you would still have to complete the Self Assessment D and ensure that your provider is PCI compliant.
You would also have to answer any queries about MOTO payments (Mail order, Telephone Order) as your "personnel" would potentially be taking details over the phone and plugging them into a MOTO interface of some variety.
If you systems store, transmit or touch card details in any way then you need to comply with higher levels of PCI. It's not enough to just "not store" the details, even having the card details pass through your server in some way before being routed on to a payment provider is enough to warrant higher level PCI compliance with at least quarterly vulnerability scans.
There are some Gov websites which hand off to 3rd parties, and others handle the card payment within their application. The problem I think with PCI compliance is that anyone can stick a PCI compliance logo on their website, and it only becomes an issue if/when there is a leak of information tracked back to that store/site/application.