E-commerce fraud takes many forms. Three main types of fraud impact merchants: payment fraud, new account fraud and account takeover. We described all three recently at Sift in a blog post: http://ow.ly/oPrS2.
In the stolen card scenario you describe (a type of payment fraud), the e-commerce merchant is actually liable. In other words, if that card is reported stolen by the cardholder after the goods are shipped out, the merchant loses the revenue. This is b/c for online credit card transactions, they are categorized as "card not present" transactions, since the merchant can't be as certain the actual cardholder made the purchase. If the transaction had occurred in a physical store, the card company would be liable.
In the stolen card scenario you describe (a type of payment fraud), the e-commerce merchant is actually liable. In other words, if that card is reported stolen by the cardholder after the goods are shipped out, the merchant loses the revenue. This is b/c for online credit card transactions, they are categorized as "card not present" transactions, since the merchant can't be as certain the actual cardholder made the purchase. If the transaction had occurred in a physical store, the card company would be liable.