After a customer loads up an online shopping cart, after he hands over a credit card number and a shipping address, after he hits the “buy” button—after all that, there is a moment of truth that has profound implications for the U.S. economy. That is the moment when the retailer decides whether or not to ship the order. Just because the bank approves a credit card doesn’t mean it’s not stolen. Millions of compromised credit cards are in circulation, and many won’t be replaced until they are known to have been misused. With law enforcement overwhelmed by the problem, e-commerce merchants—not the credit card associations, not the banks—are often the ones left holding the empty bag. Choose wrong, and the retailer loses either a legitimate sale or the merchandise and the transaction fee. “You stick your neck out every time you ship something out without [getting] an imprint and signature,” says Joe Williams, CSO of the high-end retailer Sharper Image, which had $250 million of revenue in card-not-present transactions (comprising Internet, telephone and mail orders) in 2004.