Partial article
Other sources stress that Visa is vulnerable to a distributed guessing attack but Master Card is not.
Also that use of Verified by Visa blocks this attack.
It is not clear to me how variation in the fields used aids the attack; possibly confirming the basic number and expiry date allows you to focus on other fields (think Cluedo) but I am not convinced that it makes it easy to brute force name and address.
Assuming that you have a name and (partial?) credit card number it should be relatively straightforward to brute force the full number, expiry date and 3 digit check code (not needed for card not present, I think). The system should be able to detect and block such a distributed brute force attack.
Wondering what implications this has for receipts which only print the last 4 numbers of the card.
Biting the hand that feeds IT
