Good quality tin foil could be the difference between losing money to credit card fraud or keeping your cash secure.
Contactless card technology might make going through the checkout slightly faster but it also exposes people as it can be used by fraudsters to covertly steal money from a card while it is in a pocket or handbag.
Edith Cowan's digital forensics lecturer Peter Hannay said that while Mastercard was not aware of any cases happening he would not be surprised if it was happening but there were ways to protect yourself.
Contactless cards have several different names but they are bank cards that are placed next to a machine in order to carry out a quick transaction - rather than swiping or inserting the card.
Mr Hannay said ECU research showed it was possible for people to use technology to interact with the radio frequency identification microchip that makes the contactless cards work.
He believed current technology would allow interaction within close proximity of those carrying the tap-and-go cards, which would allow card details to be obtained.
The technology required would be obvious but could be hidden within a large briefcase.
“Brushing up against someone on a train, it’s not difficult to achieve on a train in peak hour, it’s not that obvious,” Mr Hannay said.
He said employing the technology from a distance of several metres would require much larger and obvious antennas.
Mr Hannay said the only thing that could block signals between contactless bank cards and other devices was magnetic metal.
He suggested good quality foil, not the cheap stuff found in local supermarkets, was best to use.
Several products were already on the market, such as shields or sleeves, and they had tested well.
Mr Hannay said that while he did not expect technology to make it any easier for criminals to access people’s bank cards, he did expect such fraud cases to become more common as the technology was embedded in new cards.
"A couple of my colleagues who have got new cards have asked about it and they've been told that if they want a bank card, they have no choice," Mr Hannay said.
Mastercard Australasia’s head of global fraud management Joseph Vukasovic said the company had not been made aware of any incidents of electronic pick-pocketing anywhere in the world.
He said that data drawn from a card in someone’s pocket was “effectively rendered useless” because additional information was required to use those details to make an online purchase, including the CVV code.
While major retailers and most other online outlets require the buyer to enter the CVV code to make a purchase, not all do.
Mr Vukasovic questioned why thieves would go to such lengths to obtain details from a card electronically.
“Every time you shop, that data is on there anyway, why would someone invest so much to get these details that are available to anyone who sees that card,” he said.
Mr Vukasovic said technology called CVC3 was built into the chip to increase a card's security.
Mastercard’s security factsheet on their PayPass technology describes how the CVC3 technology makes it nearly impossible to “replay transactions because a code that accompanies an authorisation request changes every time an authorisation request is made”.
“There is a discreet authentication code that changes after each transaction," the factsheet states.
“Without the proper code the transaction will not be authorised.”
WA Police did not respond to questions in regard to the matter of cyber pick-pocketing.