PCI DSS Compliant host? Can't get site to pass: help

**smurfy1** · 21 Sep 2010, 11:29 PM

I have search the site for PCI topics like this but didn't find any. Forgive me if this has been covered.

We are running the most up to date Zen cart. During our PCI compliance scan, our site failed. I sent the report over to our web host for review as I am not technical and was hoping some of the issues were host based (this was recommended by both the merchant company and scanning company).

Engineer at my host company says that shared hosting CANNOT ever be PCI compliant

I have to get a dedicated hosting at a cost of hundreds per month (money I can't spend right now). The PCI compliance team at the merchant account said there are some compliant shared hosting companies out there but didn't have a list of them. I called godaddy (I have my URL's purchased there) and they said shared hosting through them would not be compliant either. I would have to purchase a dedicated plan (price slightly lower than my current host) OR I could switch to their shopping cart which IS compliant, even on shared hosting.

I am not technical so getting my site this far on zen is a big accomplishment (thanks to lots of help here over the years...this is a new user name I have). I really don't want to rebuild by site with a new cart, especially before the holidays.

What are the "little guys" who can't afford the dedicated hosting doing now? Are you guys all moving to Paypal processing? I get some offline phone orders that I process manually. My PC passed compliance so I am good (per scanning and PCI support at merchant account) to continue doing that but I need the site to be compliant by 10/24 (YIKES). I know this has been coming for awhile but I didn't realize I would have this much difficulty.

Any advise or help would be greatly appreciated.

**DrByte** · 21 Sep 2010, 11:44 PM

Some of the hosts on the "Recommended Hosting" page (see link at top) assert that they're PCI compliant. Talk with them.

Definitely miles better than GoDaddy.