Tests showed that thieves can steal the details of debit and credit cards using easily obtained scanning equipment - enabling them to launch an online "shopping spree" with someone else's money.

The researchers for consumer group Which? were able to order a £3,000 television using the "stolen" data.

The group tested contactless payments with six debit cards and four credit cards - and the scanners were able to extract key details including card numbers and expiry dates every time.

The security risk was exposed after data from the UK Cards Association revealed more than £2 billion was spent through contactless payments last year, as the system continues to grow rapidly in popularity.

Contactless payment cards allow consumers to pay for things by simply tapping their cards on a reader, rather than entering a PIN number.

A spokesman for Which? said: "Contactless cards are coded to 'mask' personal data, but using an easily obtainable reader and free software to decode data, we were able to read the card number and expiry date from all 10 cards.

"We were also able to read limited details of the last 10 transactions, although no cards revealed the CVV security code (the number on the back).

"We doubted we'd be able to make purchases without the cardholder's name or CVV code - but we were wrong.

"We ordered two items - one a £3,000 TV - from a mainstream online shop using 'stolen' card details, combined with a false name and address."

The group said it ordered the scanning technology from a "mainstream" website, and that it was "easily and cheaply" available.

The limit for a single contactless transaction is £20 - but from September 1 onwards a higher limit of £30 will be rolled out.

The Which? spokesman added: "By touching volunteers' cards to our card reader, we got enough details to allow us to go on an internet shopping spree.

"With these card details, the contactless transaction limit is irrelevant, because online transactions aren't contactless."

RECYCLING 2YEAR OLD NEWS

Richard Koch, head of policy at the UK Cards Association, said: "This is NOT a new story. Consumers are fully protected against any fraud losses on contactless cards and will never be left out of pocket.

"Instances of fraud on contactless cards are in fact extremely rare, with losses of less than a penny for every £100 spent on contactless - far lower even than overall card fraud.

"The method shown by Which? is not a new discovery and was first reported two years ago. However, any such technology can only obtain the card number and expiry date - information that has always been available simply by looking at the front of a card.

"The vast majority of online retailers require additional data such as the card security code, along with the cardholder's address, which cannot be harvested electronically. Any retailers that do not will do so at their own risk and will be liable for any fraudulent transactions."

________________________________________________________________

1. The card data is not transmitted using Apple Pay using IPhone6 and similar devices with a TouchID sensor

2. The purchase of the £3000 television is a failure of the retailer's on line ordering system using stolen data and nothing to do with contactless transactions

3.. The image chosen was Barclaycard, the Visa version offers several levels of on-line security , for example "Verify by Visa" in which three letters from a defined word has to be entered; and by Barclaycard Visa sending an SMS message to the card holder's mobile phone to verify that the holder "is present "; the transaction is rejected if the system recognises a "card holder not present transaction. For more information on "Verified by Visa", CLICK HERE