Data transferred during payments made via contactless cards can be intercepted from about half a metre distance, according to researchers.
Researchers at University of Surrey were able to capture synthesised payments card data by using inconspicuous equipment such as a shopping trolley, a backpack and a small antenna.
They also revealed that the data was traced at more than four times the distance it should have been, researchers revealed.
University of Surrey lead academic superviser Johann Briffa was cited by BBC as saying that the results found have an impact on how much users can rely on physical proximity as a security feature.
"The intended short range of the channel is no defence against a determined eavesdropper," Briffa said.
The equipment used to capture the data is also capable of reliably snooping on synthesised payment data from a distance of 45cm, researchers said.
"The test demonstrated that payments data can be received," Briffa added.
"What can be done with it is another question."
In spite of security measures, contactless card fraud in the UK resulted in losses of £13,700 last year, the Financial Fraud Action UK revealed.
The UK Cards Association spokesperson said that the researchers would not have been able to harvest important data using their equipment.
"Instances of fraud on contactless cards are extremely rare," the spokesperson said.
"Although the sort of contactless card reader built by the University of Surrey might be able to interrogate a card, any data obtained would be limited to the card number and expiry date that can be seen on the front of the card."