At the end of 2014, when researchers at the University of Newcastle first analyzed the attack on Tesco bank, they found that 291 of the 400 most popular online services provided the ability to iterate over the CVV2 field. This is not surprising: after all, the money does not belong to the owners of these services. The service is just a tool for the attacker. This means that attackers will always have enough tools to sort through bank card details. For example, in 2019, a similar vulnerability was fixed in the Magento CMS payment module for PayPal.