Well, in a nutshell, PCI compliance is a minimum set of web server security standards published in collaboration between the FBI and some major credit card company organizations.
Most web hosts are unable to maintain PCI compliance on shared servers because it can be very labor intensive and requires better trained server techs to maintain (which I suppose is hard to justify when you are selling unlimited hosting for pennies).
PCI compliance is actually a lot more than just web server related (brick and mortar companies with credit card terminals are mostly affected by these security standards).
For the average web based business, people who accept credit cards online are often only directly affected when their credit card company come-a-calling, asking for proof of PCI compliance (else face monthly fines or worst).
Some say the fines imposed by the credit card companies for hosting a non-PCI compliant web site accepting credit card payments are bogus and just a way for the CC processors to rake in more money.
In my humble opinion if your host does not maintain minimum security standards they are putting your business in harms way unnecessarily. A host without an aggressive security policy is sorely lacking the big picture (more susceptible to being hacked, etc.).
Bottom line, if you are accepting credit cards through a CC processing company today and your web server is not PCI compliant you may be asked to prove it is, or risk fines-- some day.
"Friends don't let friends host with non-PCI compliant web hosts"
Best Wishes,
Jim
