Well, in a nutshell, PCI compliance is a minimum set of web server security standards published in collaboration between the FBI and some major credit card company organizations. Many web hosts are unable to maintain PCI compliance on shared servers because it can be very labor intensive and requires better trained server techs to maintain. PCI compliance is actually a lot more than just web server related (brick and mortar companies with credit card terminals are mostly affected by these security standards). For the average web based business, people who accept credit cards online are often only directly affected when their credit card company come-a-calling, asking for proof of PCI compliance (else face monthly fines or worst). Some say the fines imposed by the credit card companies for hosting a non-PCI compliant web site accepting credit card payments are bogus and just a way for the CC processors to rake in more money. In my humble opinion if your host does not maintain minimum security standards they are putting your business in harms way unnecessarily. A web host without an aggressive security policy is sorely lacking the big picture (that is, is more susceptible to being hacked and is not supporting small business in a responsible manner). If you are accepting credit cards through a CC processing company today and your web server is not PCI compliant you may some day be asked to prove it, risk fines or lose your ability to accept credit cards online. This does happen to small businesses every day (I know this from first hand experience)... "Friends don't let friends host with non-PCI compliant web hosts" Best Wishes, Jim