The servers are maintained to be PCI compliant and will pass a security scan.
PCI is partly about technical issues; firewalls, anti-virus software and encryption, most of which we handle. But there is much more to it than that, it is also about management; how you choose passwords, what records you keep, where you store data and who has responsibility for it.
Note: PA-DSS refers to payment applications which you download and install on your own computers or servers. It is not relevant to us as the cart is delivered as a service.