Lack of PCI compliance?
The ssl checker indicates they are not pci compliant purely because of their cert being sha-1 signed, but many cert authorities still provide such certs for the time being, and there are plenty of old certs out there too.
As for other aspects of the standard, just requiring strong encryption isn't enough, you have to actually be using it properly. Encryption is pointless if the key is held on the same host, and the data cant be used if it cant be decrypted.
Many implementations comply with the standard by encrypting the data, but then provide a way to access it therefore bypassing the encryption... Many of the people who assess PCI compliance are just box tickers and have no understanding of the actual technology, so if you store your data on an encrypted volume thats automounted at boot that will often be sufficient to pass but in reality has not improved your security at all because anyone who compromises the host will be able to access the data anyway.