Can someone steal money through contactless payment or NFC?
Contactless card skimming is technically possible but rare in practice — the far bigger risk is physical card theft, data breaches, and phishing rather than someone waving a reader near your wallet.
Last reviewed: 10 June 2026
Explanation
Contactless payment cards use NFC (near-field communication) to transmit payment data to a reader held very close — typically within a few centimetres. The theoretical concern is that a fraudster could build or purchase an NFC reader and brush close to you in a crowd to skim your card. In practice, this attack is very difficult to execute for meaningful gain: the transaction requires a live network connection, the data transmitted is a one-time token (not your real card number), and contactless transactions above small amounts require a PIN.
Most contactless transactions use dynamic tokenisation, meaning each tap generates a unique cryptographic code that is useless for subsequent transactions. This is fundamentally different from old-style magnetic stripe skimming where a real card number was captured.
Real contactless-related fraud is almost always digital rather than physical: stolen card details used for card-not-present online transactions, phishing sites harvesting card details, or malware on a merchant's payment system. The consumer's card never needs to be physically near the fraudster for this type of fraud.
If you are concerned about theoretical NFC skimming, RFID-blocking wallets do prevent NFC reads. But the security time and money are almost certainly better spent enabling transaction alerts, using virtual card numbers for online purchases, and monitoring your statements.
Common red flags
- Unexpected small contactless charge on your statement from an unrecognised merchant
- Multiple micro-transactions from unknown sources
- Card lost or stolen with no physical evidence of how
- Emails or texts claiming your contactless card has been accessed remotely
What to do now
- Enable real-time transaction alerts to catch any unauthorised contactless charges immediately
- Report any unrecognised contactless charge to your card issuer for investigation
- If your card is lost or stolen, report it immediately for a freeze and replacement
- Use virtual card numbers for online purchases to protect your real card details
- Visit /payments for a full guide to card fraud types and protections
Frequently asked questions
Does an RFID-blocking wallet actually help?
It prevents the theoretical NFC skimming scenario, which is rare. It does not protect you from online card fraud, data breaches, or phishing — which are far more common threats. It is a reasonable precaution but not a priority over the more impactful security practices.
Is contactless safer than inserting my card?
For in-person transactions, contactless is generally at least as secure as chip-and-PIN because it uses the same EMV tokenisation technology. The contactless limit acts as a natural cap on potential losses from a single unauthorised tap.