Jochen,
Mike’s correct. There is nothing in Active Merchant that will make you PCI DSS-compliant, but it doesn’t open any gaps that aren’t there anyways. Disclosure time: I work for Braintree, so please check on facts, don’t just take my word for it. :)
In reality, no solution gives you PCI compliance out-of-the-box, and be wary of companies who claim that. We do have a solution that removes almost all of the 230+ PCI DSS controls from the scope of your environment by ensuring that no customer sensitive credit card data touches your environment, reducing your in-scope controls to ~10. Unlike Paypal, Google Checkout, or Amazon FPS, we do this transparent to your users, so they never see our involvement at all.
I don’t want to hijack this thread at all, but if you’re interested in talking further, you can find me on the Braintree Developer Community.
For anyone else, a great resource for PCI DSS compliance is the PCI Answers Blog, run by The Aegenis Group.
