Are 20i PCI compliant?

Web Hosting
Jordan Graves
Published: 6 February 2018Last updated: 24 November 2025
Share:

20i maintains a PCI-compliant certification for handling our own transactions. In addition to this, our hosting infrastructure is located within PCI-compliant data centres that consistently pass PCI vulnerability scans. We follow PCI best practices, ensuring our web servers meet all necessary standards to maintain a secure and compliant environment.

How to perform PCI scans for your website

When performing PCI compliance scans, it is essential to scan your website’s domain name - not the IP address.

  • Scanning the IP address will target 20i’s load balancers instead of your actual website, which will result in scan failures.
  • Scanning the domain name ensures the check is run correctly against the live site itself.

Best practices for website PCI compliance

  • Use a valid and up-to-date SSL certificate to secure data in transit.
  • Keep your site running on an up-to-date version of PHP.
  • Ensure all website software (CMS, plugins, themes, etc.) is fully updated and uncompromised.

My PCI compliance scan came back as failed

  • Ensure the domain name is being used by the scanner, and not the load balancer IP address. 
  • The scanner may be failing to scan or failing to complete the scan.
  • Website-specific issues. The website being scanned will need to be PCI compliant, as well as the hosting platform.