E-commerce sites typically block credit card numbers after 10 or 20 attempts to enter the corresponding expiry date and CVV. But it’s possible to obtain missing account details by submitting slightly different payment requests to hundreds of sites in parallel. Researchers at Newcastle University in the U.K. found that it takes less than six seconds to perform the “distributed guessing attack” The weak links in the system were the 26 sites that required only the card number and the expiration date to validate payment.”]