The security researchers that discovered the vulnerability proved how easy it is by writing the app Wallet Cracker, which extracted the PIN in no time. While digging through the open source code, they also found unique user IDs and the Google account information, rounding up the tools one would need to easily poach your associated card account.
Google has been made aware of the issue, and is working with the banks and security software providers involved to remedy this. In the meantime, the researchers suggest you abstain from rooting your handset, update your software regularly, enable the lock screen, and uncheck the "USB Debugging".
source: zvelo via Engadget