Contactless cards use near field communications (NFC) chips to exchange your payment details with a merchant's till, and some smartphones also come equipped with NFC chips to let you use them as a wallet. Now security researcher Thomas Skora has written an app that turns any NFC phone into a reader and successfully read card numbers, expiry dates, transactions and merchant IDs from German credit cards.
The app, called paycardreader, was removed from the Google Play store yesterday, but Skora has also placed the source code on GitHub, a code-sharing website, and says the app doesn't actually save the swiped data, it just displays it.
It is possible that more malicious app developers could use similar methods to actively steal data though - an investigation by Channel 4 television in the UK earlier this year revealed it was possible to swipe details via a phone and use them to make purchases on Amazon.
I've warned of this from the beginning. As soon as this technology is adopted mainstream it'll be more than just a story in New Scientist.