According to a few scientists who were able to bypass all the security features that are supposed to protect online payments from cyber criminals, it would take less than 6 seconds for hackers to get hold of your credit card/debit card details such as credit/debit number, expiry date, and security code.
A few researchers from Newcastle University in the UK, in an attempt to find out the flaws in the existing Visa payment system, have found that neither of them - banks and networks have managed to distinguish fake and invalid attempts from the actual ones.
As a result, when cyber criminals make multiple invalid attempts to get details of the credit card possibly by generating different versions of the card details and using them on different websites, hackers were able 'to get a hit' (succeed) in no time.
Explaining the process in detail, Mohammed Ali, a PhD student at Newcastle University said, "The current online payment system does not detect multiple invalid payment requests from different websites. This allows unlimited guesses on each card data field using up to the allowed number of attempts, typically 10 or 20 guesses, on each website."
In addition, he says that "Different websites ask for different variations in the card data fields to validate an online purchase. This means it's quite easy to build up the information and piece it together like a jigsaw. The unlimited guesses, when combined with the variations in the payment data fields, make it frighteningly easy for attackers to generate all the card details one field at a time."
What this essentially means is that hackers with no other details except for the first six digits of your credit/debit card can obtain all the necessary information by guessing. Cyber criminals can verify these guesses by using them on various payment websites.
All said and done, according to the researchers, this vulnerability appears only on Visa network.