The fundamental rule for keeping an e-commerce Web site secure is that your entire e-commerce system must be protected with consistent and appropriate security measures. It is not enough to simply safeguard the interaction between the customer and the Web site's server.
The software components that comprise an organisation's e-commerce Web site are not secure 'out of the box', because the individual components are complex and often not designed with security in mind. Therefore it is important to analyse each component for its security weaknesses and protect it accordingly.
You may find this diagram helpful.
It gives an overview of the main components in your e-commerce planning.