The flaw comes through the lack of checks for this kind of behavior. While it's bad enough that online stores often allow dozens of incorrect guesses (sometimes an unlimited amount), Visa doesn't appear to have a system in place to check for this kind of suspicious activity. Mastercard, in contrast, would realize something was wrong in "less than 10 attempts" and shut down the potential crime, no matter where the payment processing was taking place.

We've asked Visa for its response. However, this isn't just a theoretical exercise. On top of existing observations, it's believed that this technique was used in a recent attack on UK retailer Tesco that racked up £2.5 million ($3.2 million) in fraud. As for the solution? Visa would ideally implement a Mastercard-like check for odd behavior, but the most immediate fix may come from the stores themselves. Some of the websites used for these guesses are reducing the opportunities to guess info, making these attacks more difficult. Until there's a more permanent solution in place, though, you'll want to keep a close eye on your Visa card statements for any unusual charges.