Matercard supposedly has a single back end but VISA does not, according to the article. Given the distributed nature of the attack I imagine only the card processors could detect it; if you pick sufficiently broad set of web site to test with the chances of them sharing a server that could detect something is probably low.
It says this: "Whereas MasterCard’s centralised network
detects the guessing attack after fewer than 10 attempts (even when those attempts were distributed across multiple websites), Visa’s payment ecosystem does not prevent the attack"
As another poster said, you don't run one card 1000 times. You run 100 cards 10 times and achieve almost the same probability of guessing one without burning the card.
On another note, I wish they'd get rid of the number + exp + cvv. Quit concatenating more codes and just go to an alpha numeric model. You could have fewer digits and a bigger probability space. Even when you remove certain letters that sound alike.
That frankly sounds like a strong security argument to use MasterCard over Visa. But more research on how MasterCard would handle a similar attack might be necessary.
