Ecommerce stores may be forced to shut down if there is a data breach related to credit card processing, but it all depends on the circumstances. Why did the data breach occur? Where did the breach occur? What steps have been taken to prevent a reoccurance? Did the company meet PCI Security Compliance standards at the time of the breach? Who do you think will force you to shut down your site?
If your company was in PCI compliance, and preventative measures have been taken, it’s doubtful you’d be forced to shut your site down. You’d be protected by Safe Harbor from financial liability.
Who can force you to shut down your site? The card associations or your payment processor are the most likely. The actual site doesn’t need to be closed, but you may not be able to accept credit cards online. You may still be able to accept Paypal, Google, or other payment types, again, depending on the nature of the breach. For example, Paypal etc would take the transaction off your site for secure payment.