This talk covers the attack surface of NFC Mobile Wallets (including Google Wallet) and known attacks to date. It details the ISO/IEC 7816-4 protocol with relationship to the communication between the Secure Element (SE), and Android and BlackBerry Near Field Communication (NFC) APIs. Whether the SE is an embedded component of the mobile device or contained on ISO/IEC 7810 universal integrated circuit card, protecting its data is paramount. This talk will discuss how the security features should be implemented to protect against access on rooted devices or through direct communication. It will also discuss the SE role with cellular communications and NFC interactions (both for EMV payments and ISO/IEC 14443 card emulation). Finally, it examines communication with the SE, trust relationships between the SE and mobile device, Trusted Service Manager (TSM), issuing bank, and mobile network operator. Audience members will gain an overall picture of mobile wallet security, as well as low-level details of communication between elements of the security scheme.