I have seen far too many places -- whether they're side projects, smb, or even enterprises -- completely miss the antifraud step. There are companies like MaxMind who <help identify and somewhat prevent this> but for someone who is above average-intelligence and an apt "carder", it's so trivial to get around.
When I'm tasked by x company -- a bank, company, security team, or someone with a side project -- to run through their site and try to get an order shipped using false credentials, I can't even speak to how easy it is for me to do so with trivial effort. And it's not all fun to see.
There is a company who does gift cards, and they'd ship them out instantly. Once redeemed by the other merchant, bam, they're SOL.
Don't be this company. Don't be this entrepreneur. Don't be this hacker. Reach out to someone who knows what they're doing. If your business relies on conducting transactions, I don't care if it's flowers or dog leashes, or some shit that's going to end up on Shark Tank, you need to have anti-fraud in place.
Generally, they try to ensure that the liability shift is on the bank's side, by using an EMV capable system for most payments. Of course, that usually requires them to have a specific contract; banks, on their side, perform a risk assessment to ensure that they won't be covering too much fraud.
I could setup a site with a front-facing flower shop, accept orders, take in the peoples $$ legitimately, and then transact and fulfill their orders (via fraud) on 1800flowers.com for example.
I realize that anyone could do this for anything, but the weaker your weak points are, the easier it is to capitalize on them.
"Confinity Inc. is best known as the creator of PayPal. It was founded in December 1998 by Max Levchin, Peter Thiel, and Luke Nosek, initially as a Palm Pilot payments and _cryptography_ company. Confinity launched its milestone product, PayPal in late 1999."
 - http://en.wikipedia.org/wiki/Confinity
It had some cute name that I can't recall right now. Hugo or something? It was spun out into a separate company to use the same philosophy to fight terrorism. That company is Palantir and seems to be Thiel's opus magnum.