Contactless payments card’s transmission can work from distances of 45-80cm (18- 32 inches) using inconspicuous equipment, proving the fraud susceptibility and vulnerability of the technology, researchers from the University of Surrey warned.

Contrarily to what most of the banks say, insisting that data on cards could only be read within 5cm (2 inches) distances, the study published in the Journal of Engineering "highlighted security concerns to personal data" and found significant implications for consumers.

Go deeper with GlobalData

Premium Insights

The gold standard of business intelligence.

Find out more

"Future work involves experimenting with actual mobile phones and contactless cards instead of synthetic data and examining the information that could be eavesdropped and its potential towards privacy attack on the victim," the study also said.

Twice this year, customers at Marks & Spencer have reported having paid by mistake using the technology involuntarily.

It is estimated that there are at least 23m of such contactless cards in circulation in Britain and mobile devices equipped with NFC account for 13.32% of worldwide web traffic, the study suggests.

"The results have an impact on how much we can rely on physical proximity as a ‘security feature’ of NFC devices", concluded team leader Dr Johann Briffa. "Designers of applications need to consider privacy because the intended short range of the channel is no defence against a determined eavesdropper."

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

The University of Surrey team also said the experiment was carried out using inexpensive and "off-the-shelf electronics". It revealed the most expensive element of its equipment, a computer card costing £1,500, could be replaced with a "considerably less expensive" device – and that "an attacker could assemble our receiver at low cost and easily conceal it in a backpack."