Online Payment Processors Don't Count Retries

A german TV station wanted to find out what happens if they enter random CVV numbers into the checkout page of e-commerce sites. Five out of six banks allowed them to try out CVV numbers until they found the right one. As this is a very very old security issue I am really surprised that this is possible. This becomes really unfortunate if this attack is combined with the new NFC credit cards where everyone can read the card holder data but not the CVV over NFC. Not using a retry counter for a NFC credit card is a really bad idea.