God only knows,
Sorry normally I'd have a proper run through of a site before moaning on about "what I'd do" but dinner is on (yes a 00.11am).
Presuming you aren't using PayPal, etc at all. Probably the best option would be to get a decent SSL cert, probably Thwarte offers some form of protect beyond the norm for more serious problems. It would be so handy if we could all get a list of IP addresses and stolen credit cards automatically updated every hour to our e-commerce service... I don't think it'll happen anytime soon though for economic and privacy reasons!
I'd say make sure you cover your own a**e with Thwarte, etc anyway if you can.