Greetings!
At the outset, I would like to state that this bid and acceptance of the project is also contingent on discussions.
Where is you server hosted? We would likely require root access to a dedicated server to fix this issues at code as well as infrastructure level.
Also, we would need to make preliminary study of the existing code base prior to commencement.
I can provide you references on request.
I am in Chennai, India, but can work in any timezone convenient to you. I have dealt with various PCI DSS compliance matters.
If I am selected, I assure you of my best services.
Thanks - Maha