If you've punched in credit card details while shopping online, you've probably wondered how secure those digits are. According to Newcastle University, the answer is: not very. Its researchers have discovered that thieves are using web bots to guess Visa credit and debit card info thanks to a flaw in the company's payment system. The biggest challenge is obtaining valid 16-digit card numbers, usually by buying them or using an algorithm to generate valid examples. After that, the bots find expiration dates and CVVs (that three-digit number on the back) by spreading guesses across hundreds of shopping sites, plugging numbers into fields until they hit the jackpot. While that sounds like a painstaking process, the bots can figure things out in 6 seconds.