How you eliminate risk(in ECommerce process) by reducing various threats and vulnerabilities?

There are different ways to do that, and some reduce risk to the seller and some to the customer. I'll try to list some of them that reduce the risk of both parties.

1. Use of a SSL (Secure Sockets Layer) connection between the website (seller server) and the customer (PC). This makes sure that all data transferred is encrypted (scrambled). This means even if someone manages to get the data, he/she would not be able to decrypt it (understand it). IE, Firefox, Safari, Opera show if the connection is encrypted by a padlock somewhere in the browser. The address of the encrypted page will also start with https:

2. Shop from trusted parties. Your data may securely reach the intended party, but are you sure the intended party is not a thief? The use of intermediaries, such as 'Paypal', 'Google Checkout' or the Bank acquiring service can give this security and considerably reduce the risk. The Bank/Paypal/Google becomes your guarantor over your data.

3. If the data is securely transferred, and the seller is trusted the risk would be considerably reduced. One more thing to watch out for is that the seller doesn't store credit card/ sensitive information of the customer. If such data is stored, like Skype, Yahoo, Paypal, Amazon.com there is a new risk that someone compromises the security of the servers on which this data is stored. Again, if the data is encrypted in the server it becomes very difficult to decrypt without the 'Private Key' (a complex security measures that allows only the encryptor of the data to decrypt it, or whom else it consents).

4. The latest break-through that considerably reduced the risk of online credit card payments is the '3D Secure' technology used by major credit card issuers such as Visa and Mastercard. Holders of such cards, after entering their credit card details are prompted to enter a password to authorize the payment in a secure connection with the credit card issuer (not the seller or his Payment processing provider). This functions works exactly like the Pin code of 'normal' credit card. So this makes it that even if credit card details are obtained the password (which is known by heart of the user) is required to retrieve any payment from it.

A detailed explanation of the Encryption method can be obtained from the Wikipedia link below.