Marketplace/Features/Purchase PIN
.png){kind=small}
Status
| Purchase PIN | |
| Stage | Shelved |
| Status | ` |
| Release target | Marketplace July |
| Health | OK |
| Status note | ` |
Team
| Product manager | Justin Scott |
| Directly Responsible Individual | Wil Clouser |
| Lead engineer | Unassigned |
| Security lead | Raymond Forbes |
| Privacy lead | ` |
| Localization lead | ` |
| Accessibility lead | ` |
| QA lead | Krupa Raj |
| UX lead | ` |
| Product marketing lead | ` |
| Operations lead | ` |
| Additional members | ` |
Open issues/risks
`
Stage 1: Definition
1. Feature overview
Allowing users to set a PIN that must be entered prior to every purchase enhances security for those concerned about accidental or fraudulent purchases.
2. Users & use cases
1. A user with kids wants to ensure purchases aren't made without his knowledge.
2. A user hates being prompted to enter his password every time he wants to buy an app on his phone, but is still concerned about his account's security.
3. Dependencies
`
4. Requirements
`
Non-goals
`
Stage 2: Design
5. Functional specification
Users can set a Purchase PIN from their Account Settings page by picking a 4-digit number and confirming it. Prior to every purchase -- up front or in-app, desktop or mobile, the user must correctly enter this PIN.
The PIN is optional, but its existence could be advertised during purchases, e.g. "Security tip: setting up a Purchase PIN only takes a few seconds and guards against accidental purchases."
PayPal pre-auth keys could be encrypted using this PIN such that users would be further protected against any Marketplace compromise.
Security recommendation:
- Require the PIN for all setup processes of users
- Use the PIN to encrypt the stored pre-auth key
- Do not permanently store the PIN, instead use the provided PIN to decrypt the pre-auth key for a point in time use. Then disregard both the PIN and the decrypted pre-auth value
- May need to investigate increasing the key size
- This could be accomplished by appending to a static value on the server side (which is stored outside the database)
6. User experience design
`
Stage 3: Planning
7. Implementation plan
`
8. Reviews
Security review
`
Privacy review
`
Localization review
`
Accessibility
`
Quality Assurance review
`
Operations review
`
Stage 4: Development
9. Implementation
`
Stage 5: Release
10. Landing criteria
`
Feature details
| Priority | P1 |
| Rank | 1 |
| Theme / Goal | ` |
| Roadmap | Marketplace |
| Secondary roadmap | ` |
| Feature list | Marketplace |
| Project | ` |
| Engineering team | WebDev |
Team status notes
| status | notes | |||||||||
| Products | ` | ` | ||||||||
| Engineering | ` | ` | ||||||||
| Security | sec-review-needed | Implementation review from rforbes
1 Total; 0 Open (0%); 1 Resolved (100%); 0 Verified (0%); |
||||||||
| Privacy | ` | ` | ||||||||
| Localization | ` | ` | ||||||||
| Accessibility | ` | ` | ||||||||
| Quality assurance | ` | ` | ||||||||
| User experience | ` | ` | ||||||||
| Product marketing | ` | ` | ||||||||
| Operations | ` | ` |
| ID | Summary | Priority | Status |
|---|---|---|---|
| 761812 | SecReview: Marketplace/Features/Purchase PIN | -- | RESOLVED |
1 Total; 0 Open (0%); 1 Resolved (100%); 0 Verified (0%);
" contains strip markers and therefore it cannot be parsed sufficiently.
