We're using a web host with an operating system and web server that are "obsolete" and haven't received any updates since a few years. There are no contact points where that server could access any of our machines. Not anymore likely than it accessing your machine. It serves hyper-fast web pages and receives customer orders. There's nothing sensitive there. If the server hall burned down or got hit by a tactical nuke, it would take 10 minutes to get stuff up on another server from backups.
For most businesses, credit card processing is outsourced to Stripe or similar services, and the security for that is their responsibility. Customer data is only stored on local machines with encryption. So it's very possible to architect solutions that aren't vulnerable. Unless you want to go into very unlikely scenarios.
In the worst case scenario, an attacker can send in one nonsense customer order that gets deleted by staff when they see it. This happens about twice per year. Customer orders are not stored anywhere on the server.
So you can't even fathom a scenario where an order is fulfilled without the payment going through, causing a huge amount of losses? Or leaking private data which is a huge deal in a post-GDPR world?
If you separate ordering, invoicing, and delivery, it is impossible for that to happen.
As for leaking private date, now you're in the territory of some hackers having access to reading RAM memory. Which I guess is a possibility, but not something that every business in the world needs to concern themselves with.
If you call your local auto dealer and say you want to buy all their cars, don't you think they have some process stopping them from just sending all their cars to your adress? A hacker could make that call, you know...
