PCI Compliance

[markw10]

I currently have a standard shared hosting plan with HostGator but am planning on upgrading to a VPS Hosting plan ($39.95 plan with $10 extra for cPanel). Someday I may go as far as dedicated hosting but not yet. With an increase in website traffic and emails I need this.
The issue is PCI Compliance:
I have been told by my bank that they are PCI Compliant, by my gateway, authorize.net, that they are PCI Compliant.
Also, I use CRE Loaded 6.4B2B and am told that's PCI Compliant. I don't store any credit card numbers on my website.
The only piece I'm not understanding is my hosting. I have heard you need dedicated hosting to be PCI Compliant. Then I have heard VPS is, is not. I have heard often that standard shared hosting is not PCI Compliant but also at the same time have heard it is.
I'm just confused and with the deadline coming July 1st and the high penalties I don't want to chance being wrong.
How do I know for sure if I'm PCI Compliant?
I hear that you can get a scan done but how do you get that done?
I have heard there are forms that have to be filled out to file that you are PCI Compliant. How do I do this?
This whole process seems confusing and the deadline is coming fast. I appreciate any help.

[markw10]

I left this out above but also we have a private SSL on our website.

[jgross]

Have you tried calling the PCI SSC? Here is their website: https://www.pcisecuritystandards.org/index.shtml.

Also, I know these documents are more broad, but our PCI compliance guides or our PCI compliance levels page might be helpful.

http://www.elementps.com/pci-compliance-guide/
http://www.elementps.com/merchants/p...pliance-level/

[GatorCCranford]

Quote:

Originally Posted by markw10

I have heard you need dedicated hosting to be PCI Compliant.

We have shared customers that are PCI compliant, at the least we would recommend a business account which you would probably have any way for the SSL certificate. A dedicated IP address will also be needed if custom firewall rules are required which comes with a business plan.

http://support.hostgator.com/article...-pci-compliant

Quote:

How do I know for sure if I'm PCI Compliant?I hear that you can get a scan done but how do you get that done? I have heard there are forms that have to be filled out to file that you are PCI Compliant. How do I do this?

Unless you're doing many tens of thousands of transactions a year, you most likely fall under the self assessment (saq) category of compliance, the best way to determine your compliance is to use a third party company the specializes in scanning for this.

Once you get your site scanned send us the report and we can adjust settings to pass all server related PCI compliance issues ( code related issues if applicable would be out of our realm depending on type ). The report will normally be a PDF document, just forward it to support@hostgator.com along with your the domain or vps that it is attached too and we will get started.

In no particular order these are the more common pci compliance 3rd party companies to do the assessment for you.

Control Scan, McAfee, Trust Keeper, Security Metrics