Which!!! discover contactless security flaw
There's a limit on how much you can spend via a contactless payment, but the watchdog found that, by buying some cheap contactless card-reading technology, they were able to remotely make off with key details from a contactless card, and then use the info to buy stuff, including a telly that was worth £3,000.
That is considerably more than the £20 limit (increasing to £30 in September).
Which!!! tested 10 cards, and they found that, via software from what they call 'a mainstream website', they could read the card number and expiry date from all 10 cards. Don't worry - the cards came from volunteers.
They were not able to get the CVV security code from the back of the cards, but it turned out that this didn't matter, as they were able to make purchases without the cardholder's name or CVV code.
With their dodgy reader, a mere tap saw Which!!! getting enough details to enable a trip to the online shops, and thanks to online transactions not being subject to a limit, some scamster could go crazy with your card.
Peter Eisenegger, a security expert who helped develop EU standards for contactless cards, told Which!!! that it would be possible for crims to get a card reader that could lift your details from further away than the one in this test.
He said: "It's vital to protect consumers from fraudsters who have the knowhow to develop mobile card readers with much greater reading distances than those used by retailers."