It’s been a few months since I blogged about the announcement of Google Wallet, Google’s ambitious plan to replace credit cards, checks and other payments with a simple app on your smart phone.

Well it’s here now, even if just in a limited way, and we have a better idea of what Google Wallet security looks like. In short, it actually looks like a very old technology that you’ve probably been using for years.

Here’s the idea behind Google Wallet. If your phone has the Google Wallet app on it, and an active Wallet account, you can begin to pay for almost everything in life simply by tapping your phone near the cash register.

That tapping activates the Wallet and uses something called Near Field Communications to make a wireless secure payment to the cash register. While there was a lot of concern initially about the ability of hackers to eavesdrop on these radio communications, these seem to have eased a little with the use of strong encryption technology to protect that short burst of communication.

You’ll only be able to use Google Wallet now if you have a Nexus X phone through Sprint. Of course, the app will be widely available through most phones eventually.

And how will your phone pay for all that stuff? You’ll also need to tie Google Wallet to a credit card, and right now the only card company participating is the Citi MasterCard. However, you can also purchase a Google Prepaid card and right now Google is giving away the first $10 on the card free. Eventually you’ll be able to use other credit, gift, and store cards.

So where does that old technology come in? The key part of the payment is almost the same as your ATM card. Each time you make a payment with Wallet you’ll need to enter a 4-digit PIN, just like you do with an ATM card. You get five chances to get the PIN right and then you’ll be locked out.

Seems simple enough. But as Graham Cluley of security firm Sophos pointed out in a recent blog, 4-pin digits are not exactly the best form of security for a transaction. “We already know that 67% of consumers don’t have any form of password on their mobile phones. It’s hard to imagine that all users are going to choose a PIN code for their Google Wallet which is hard to crack, let alone different from the one which they should be using to protect all the rest of their smartphone.”

Cluley also pointed to research which found that the most common 4-digit PIN is, not surprisingly, 1234, followed by 0000. Although Google is now suggesting that users will not be allowed to select weak or “obvious” pins.

As USA Today out it “Some day lots of people may pay for stuff through the Google Wallet or similar ventures. But rest assured you’ll carry plastic cards and physical wallets for quite some time to come.”

RELATED STORY: Google Wallet – why you shouldn’t throw away your wallet just yet

http://nakedsecurity.sophos.com/2011/09/20/google-wallet-throw-away/