WP Engine technically is not PCI Compliance: https://wpengine.com/support/wp-engine-and-pci-compliance/. That means if an ecommerce website requires the website to be scanned as part of PCI compliance it may or maybe not pass. If it doesn’t pass there isn’t any guarantee WP Engine will be able to fix the issues and will require other workarounds
Reducing the need of PCI scans by switching WooCommerce Authorize.net plugin
There are 4 authorize.net plugins for WooCommerce. Authorize.net AIM allows customers to directly enter payment info on the website however requires higher level of PCI compliance (server scans). The SIM plugin is completely offsite and doesn’t require server scans however not as good as an experience from the customer perspective.
The DPM plugin appears to be the sweet spot. It’s technically offsite however to the customer it appears they are still on your website through the tricky use of overlaying an iframe directly on your website. Switching from Authorize.net AIM to Authorize.net DPM will remove the need of PCI scans.
Plugin Info: https://woocommerce.com/products/authorize-net-dpm/.