I read on another forum that in order to use PayPal Website Payments Pro you have to be SAQ-D level 5 -- is this true???

PCI Compliant Level varies on how much you process per year. I'm pretty sure PCI Level 1 is fine with PayPal https://www.paypal.com/pcicompliance.

Merchant Level Description
1
Any merchant -- regardless of acceptance channel -- processing over 6M Visa transactions per year. Any merchant that Visa, at its sole discretion, determines should meet the Level 1 merchant requirements to minimize risk to the Visa system.

2
Any merchant -- regardless of acceptance channel -- processing 1M to 6M Visa transactions per year.

3
Any merchant processing 20,000 to 1M Visa e-commerce transactions per year.

4
Any merchant processing fewer than 20,000 Visa e-commerce transactions per year, and all other merchants -- regardless of acceptance channel -- processing up to 1M Visa transactions per year.

I don't really understand what that means... isn't SAQ-D the requirement where you have to have CCTV on your server and require card entry to get anywhere near the server?

For sites using the traditional Paypal integration where the customer is sent to the Paypal site to make the payment, this would qualify for SAQ A. SAQ A, for many in the payments industry, is known as the Paypal SAQ -- Paypal is on the PCI board and this SAQ was created with them in mind. Other solutions can also quailfy, but since you specifically asked about Paypal.

If you use the Payflow Pro interface, these usualy require SAQ C or D, depending on various factors.

Paypal is only counting the transactions you make via Paypal, that's what counts.

Allin1