Can anyone comment on risks or rules of using shared hosting vs VPS with e-commerce applications that may store credit card information. Are there specific rules around this to be aware of.

Thanks,

 There are credit card industry rules. Unless you are using an external service like paypal, a shared hosting location is unlikely to qualify as a secure host.

Credit card information (except the last 4 digits) should be stored in an encrypted form with a log made of all accesses.

 Two resources that I've used to help try and build secure e-commerce sites are:

https://www.pcisecuritystandards.org/security_standards/pci_dss_download.html (section 3 & 4)

http://www.owasp.org/index.php/Handling_E-Commerce_Payments

 One thing i've heard of being a large risk in a shared hosting environemnt is that your security is tied to how well the other sites are built, it's possible that someone can compromise your db/web app. by breaking in through another site (since they're all on the same box).