Payment Card Industry Data Security Standard (PCI DSS) Compliance
HostGator servers support PCI compliance, however they are not configured to do so by default. While PCI compliance is your (the merchant's) responsibility, HostGator is able to assist with some PCI compliance settings. We would be unable to guarantee PCI compliance as it requires you to be aware of your compliance and be capable of addressing the majority of compliance issues.
VPS and Dedicated server customers must also regularly update server software in order to maintain compliance. Many software applications require regular updates in order to patch known vulnerabilities, which are not updated automatically on a VPS or Dedicated server.
Please include the full PDF as an attachment. Information copy and pasted out of your report would not be sufficient.
When you accept credit cards online through a merchant account, some of the details of PCI compliance may be assisted with by your web host (HostGator), some are handled by your merchant account provider (payment processor), and some aspects are handled by you (the merchant).
For more details about PCI Compliance, including your responsibilities, please refer to our article:
PCI Scanner False Positives
Sometimes PCI scanning companies will flag something as being an issue even though there is no actual vulnerability.
For our Windows shared plans, the PCI scanner must be informed that SFTP/SSH is not available on that server so that the scanner can rule the flag for FTP as an exception. Customers can request to be switched over to FTPS only traffic, however this will require an SSL certificate and a dedicated IP.