I spent 4 hours on this today.
Apparently, PCI compliance starts at the host but moves to the application to also be PCI compliant.
Requirements for compliance are for HOST, WEB APP, PROCEDURES, GATEWAY and so forth.
It turns out that the people at PCI told me that e-commerce software is a Web App which is also required to be PCI Compliant in order for the company doing e-commerce to be PCI Compliant.
I looked and there is a few shipping carts already advertising PCI compliance.
Hence why I asked, I didnt ask "is it Secure", I asked is it PCI Compliant"