OK. let me try this approach, as you say you have set up numerous virtuemarts (which is your ecommerce suite)
pre amble to this post (the main results you would have got if your search returned results)
* pci compliance scanners are renowned for their inconsitancy accross makes
* most people use a payment gateway or even paypal as storing credit card numbers requires specialist knowledge as different countries have different rules/legal registration requirements
Now from the docs.
Force SSL. This parameter has three options: “None”, “Administrator Only”, and “Entire Site”. Using the appropriate setting, this parameter forces any web browser connections to the administrative “backend”, or to the complete Joomla site, to use the secure HTTP protocol (HTTPS). The “Entire Site” setting is appropriate where security of any web transaction (e.g. e-commerce) is important. Ideally there should also be an appropriate certificate in place to verify the identity of your web site. The “Administrator Only” setting is ideal for enhancing the security of other types of web site as it encrypts “backend” content and passwords that could be put to malicious use if intercepted.
Note: before moving away from the default setting of “None”, it is essential that you check the server delivering your web site is capable of operating in HTTPS mode.
Use an SSL server
This has more to do with secure payments and administration, and is not Joomla! core or server security, but has been included here for advisory purposes.
SSL servers are currently the only way to securely process confidential transactions and secure user authentication. SSL works by encrypting all HTTP communications between the Web server and Web clients. Thus, even if a transmission is intercepted, it cannot be read.
Joomla! 1.0.x does not allow you to assign an SSL server to individual sub-directories. Search the forums for "Tommy Hack" for one way to deal with this. Joomla! 1.5 has greatly improved SSL options.
tommy hack link - viewtopic.php?f=35&t=71404