I have dedicated server and every website hosted on it is verified Hacker Safe and PCI Compliant by McAfee. One of my hosting customers just told me that Trustwave says it is not compliant. Their merchant services are with TIB and TIB says that the McAfee report is no good. They told me that I am required to use Trustwave. Can they legally make this requirement? Every other merchant provider accepts my McAfee reports.

"Legally" depends on the contract they have with you. Ask them to check again re McAfee with their merchant provider but the whole PCI position is so farcical that you may have to choose between losing the site and adding a Trustwave report. You'd have to do the sums on costs and resources for the extra report and see if it was worth it. One thing to remember is that the site is at the mercy of the merchant provider -- if that provider is anything like one I've dealt with, flexibility will be completely lacking