In approximately 12% of all credit and debit fraud cases, a website is the initial point of contact. But that doesn’t mean fraud and information breaches can’t happen at physical locations. Major entertainment venues such as Madison Square Garden, Beacon Theater, and Radio City Music Hall all learned that lesson abruptly as November came to an end.

Madison Square Garden officials confirmed that data breaches had occurred at several locations. Officials believe that hackers may have gained access to credit and debit card data at snack stands and other merchandise locations throughout its locations.

According to reports from multiple news outlets, the breach spanned almost an entire year before anyone discovered what was happening. Despite the nearly year-long data breach, MSG officials have said they’re not concerned about safety in the future.

In an interview, one official explained that by receiving push notifications for his transactions, he always has a way of knowing whether or not someone else made an unauthorized purchase using his account.

The MSG company has reported that it is now safe to use credit cards at their locations once again. But a recent study suggests that online credit card payment systems can be compromised easily.

To be precise, a new paper from researchers at Newcastle University in the UK has claimed that online payment systems, Visa in particular, can be compromised by a hacker in as little as six seconds.

The paper claims that “some basic guesswork” and a solid internet connection are the only tools a hacker needs to steal credit card information. The method was deemed by researchers as “the Distributed Guessing Attack.” The approach is as simple as generating random numbers and then using them to guess combinations and card numbers, among other things. The most unsettling fact about this method is that thieves can use it to generate the CVV code that serves as an additional security measure on credit and debit cards.

Study leader and Ph.D. student Mohammed Ali explained that it takes surprisingly few attempts to guess all of these numbers. He said that the highest number of attempts usually comes in at about 60.

Using their own card data and a bot to complete the attacks, the research team found that it only takes about 1,000 attempts to figure out the CVV code. When distributed over 1,000 websites, a verified match could arrive at a hacker’s fingertips in just a few seconds. Visa was receptive to the research and plans to further address such issues.