The company, which is liaising with US authorities on the breach, said it issued a fraud alert to its member banks as soon as it was informed about an internal security breach at the merchant, which it refused to identify.
A Visa spokesman said the number of cards affected was not as large as initial reports had suggested. The decision to reissue compromised cards would be up to member issuing banks, he added.
This is the second time this year Visa has fallen victim to an attempt to obtain credit card numbers illegally.
In February, the company and rival credit card firm MasterCard admitted that a computer hacker had gained access to more than 5.4 million credit card accounts, although they said none of the information had been used in a fraudulent way.
The hacker had breached the security system of a third-party payment card processor to gain access to credit card numbers, Visa and MasterCard said.
The latest breach will be particularly embarrassing for Visa, emerging on the same day that it was trumpeting the success of its Verified by Visa secure payment service.
The online authentication scheme, which launched in Europe in April 2002, has signed up 4,000 retailers, 30 acquiring banks and 35 issuing banks, Visa said yesterday (11 June).