But, even with a strong PIN in place, if there is one Android app that can access the encrypted credit card data and process payments, then it is possible for malicious developers to create other apps, or spoof the Google Wallet app somehow to access that sensitive data as well.

Jimmy Shah, mobile security researcher at , that the secure chip that stores the credit card information uses assymetric encryption for authentication--implying that the Google Wallet app contains the key necessary to authenticate and access the data.

Shah says, "The next step would be to create a malicious application that emulates the official Wallet app to fool the "secure element" chip into giving up your credentials. From here, the attacker can collect account information for sale or for attempts at cloning the data to new NFC cards."

On an iPhone this might be less of a concern because of the walled garden approach and the fact that iPhone apps have to get past the Apple gatekeepers first. But, with the , and all of the various unofficial Android app marketplaces out there, distributing a malicious app capable of cracking Google Wallet might not be too difficult.

I am not trying to suggest that Google Wallet is completely insecure, or scare you away from using it. I am still looking forward to the day when becomes a mainstream method of doing business. But, I do think you need to be aware of the potential security holes in the system so you can exercise an appropriate level of caution when using Google Wallet.