Once a valid 16-digit number is obtained, the hacker use web bots to brute force three-digit card verification value (or CVV) and expiration date to hundreds of retailers at once. The CVV takes a maximum of 1,000 guesses to crack it and the expiry date takes no more than 60 attempts.
