A Facebook post which claims to show a man using a contactless card reader to steal money from members of the public has got some people worried about the security of their bank accounts.
The image, which first appeared in Russian media, shows a man standing on public transport holding a mobile card reader in his hand.
It is claimed that by keying an amount into the terminal and holding it against the pockets of unsuspecting targets, he could steal money out of their accounts via their contactless cards.
There's not much context to the picture, and there's nothing to suggest the man is a new kind of 'digital pickpocket'. But it's theoretically possible to steal money in this way, and it's got some people worried.
Some card machines in shops, cafes, and restaurants need to be connected to a landline terminal to work. More advanced devices, which are common across the country, use GPRS to make a connection - allowing merchants to take card payments almost anywhere.
If a thief had one of these GPRS-enabled machines, they would be able to 'skim' victims' contactless cards almost anywhere, without them knowing.
However, most banks require their customers to have a business bank account if they want to take card payments - starting one of these accounts naturally involves handing over personal information to the bank, making the criminal traceable if a victim noticed the transaction on their statement.
Customers could get a refund from the bank if they spotted the fraudulent activity, and if the bank traced the theft to the criminal's account, they could get shut down. But by that point, it might be too late.
Using this method to steal from people is harder than it seems, and out of the millions of people in the UK who own contactless cards, there have only been a few reported cases of these kinds of thefts taking place.
Those worried about being targeted could invest in RFID-blocking card sleeves, which prevent cards from being read by scanners. However, the effectiveness of certain brands has been debated. Tests have shown that wrapping cards in tin foil can achieve the same effect.
Although the prevalence of this type of crime may be overblown, contactless card skimming isn't completely implausible, and taking these security measures could give you peace of mind.
Despite the potential risks, contactless payments are on the rise - there are over 70 million of the cards in circulation across the UK, and one in three card payments made in London in 2014 was contactless.
A security flaw could allow thieves to steal information from contactless payments cards of millions of people, allowing them to buy items costing thousands of pounds.
Card-reading technology, which was acquired "easily and cheaply" online by consumer group Which?, allowed researchers to remotely "steal" enough data from the cards to make purchases – including that of a £3,000 television.
The group has said six debit cards and four credit cards were tested in the study, and all of them revealed some data.
But is everybody who uses contactless payments at risk – and what should they do if their data is stolen?
Who could be affected by this?
A total of 58 million contactless cards are currently in circulation across the UK, according to Which? although the group does say statistics are not available for the number of thefts committed by contactless card readers.
The researchers did say though that all of the cards they tested revealed some information.
The UK Cards Association, the card payments industry's trade body, has pointed out however that last year, the total loss from contactless fraud was £153,000, compared to £2.32bn total spending – the equivalent of 0.7p in every £100 spent.
How is the data stolen?
Your account information is contained on a chip held within your contactless card, which is transferred to a card-reading terminal when the two come into close contact.
The team at Which? said they were able to obtain card-reading technology from "a mainstream website" to allow them to steal information.
A spokesman said: "Contactless cards are coded to 'mask' personal data, but using an easily obtainable reader and free software to decode data, we were able to read the card number and expiry date from all 10 cards."
Would thieves not need more information in order to buy items?
Making purchases online and over the phone usually requires not only the card number and expiry date, but also the name of the cardholder and the card's security, or CVV, code.
While the team did not expect to be able to make purchases without these details, they were proved wrong.
The spokesman said: "We were also able to read limited details of the last 10 transactions, although no cards revealed the CVV security code (the number on the back).
"We doubted we'd be able to make purchases without the cardholder's name or CVV code - but we were wrong.
"We ordered two items - one a £3,000 TV - from a mainstream online shop using 'stolen' card details, combined with a false name and address."
Aren't contactless card payments limited to £20?
Yes, although the limit will in fact be increased to £30 in September. Regardless, this limit is for contactless payments only. Having obtained the card details, the team were able to shop online, and so the transaction limit was bypassed.
The Which? spokesman said: "By touching volunteers' cards to our card reader, we got enough details to allow us to go on an internet shopping spree. With these card details, the contactless transaction limit is irrelevant, because online transactions aren't contactless."
What can I do to protect myself?
The UK Cards Association has said this is not a new issue, and indeed there has been advice circulated for a number of years on how cardholders may be able to stop their details from being stolen.
Metal cases are available to buy which claim to protect cards from such readers, while Which? said in their tests they found wrapping a card in foil prevented details from being taken by their reader.
In December last year meanwhile, The Independent reported how new jeans had been endorsed by computer security firm Norton after they were launched to keep "digital pickpockets" at bay.
The jeans, along with a blazer, contain pockets with fabric that blocks the waves criminals use to steal the data.
What should I do if my details are stolen?
The UK Cards Association has said consumers are "fully protected against any fraud losses on contactless cards and will never be left out of pocket".
A spokesman said: "If you think your data has been stolen then contact your bank or card company straight away and report it.
"Essentially, if there is fraud on your account you will get your money back."
Feel free and have a look to this RFID wallet to save your money and a lot of headaches.