Quote Originally Posted by cloud9 View Post
... pushes you to their site ... so any compliance doesn't need to be maintained.
BAD ASSUMPTION!
The latest PCI rules are challenging that way of thinking, and closing a lot of unsecure loopholes that were caused by that sort of general assumption. Be sure to understand the latest rules!

Quote Originally Posted by cloud9 View Post
... it appears since SSL is needed, the transaction is happening on our website
Just because it's using SSL doesn't mean the transaction is happening on your site.
I'm not commenting specifically about Stripe here. I'm commenting on the assumption.

You SHOULD be using SSL on your site, regardless what payment module you're using. Customers are giving you their personal identity data, and if you're not using SSL then you're doing ABSOLUTELY NOTHING to protect that data (and their shopping choices too) from being stolen by snoopers online during the form submissions your customers are doing. If you're going to skip using SSL, I strongly recommend you put a big notice up on your site telling your customers that you're not protecting any data they give you. They deserve to be informed, don't they?

SSL is very inexpensive these days ... and in fact it's even possible to get a legitimate dedicated certificate for free nowadays, no strings attached, with initiatives underway by various organizations who firmly believe SSL should be used everywhere.