Marketplace/Features/Purchase PIN
Status
| Purchase PIN | |
| Stage | Shelved |
| Status | ` |
| Release target | Marketplace July |
| Health | OK |
| Status note | ` |
{{#set:Feature name=Purchase PIN
|Feature stage=Shelved |Feature status=` |Feature version=Marketplace July |Feature health=OK |Feature status note=` }}
Team
| Product manager | Justin Scott |
| Directly Responsible Individual | Wil Clouser |
| Lead engineer | Unassigned |
| Security lead | Raymond Forbes |
| Privacy lead | ` |
| Localization lead | ` |
| Accessibility lead | ` |
| QA lead | Krupa Raj |
| UX lead | ` |
| Product marketing lead | ` |
| Operations lead | ` |
| Additional members | ` |
{{#set:Feature product manager=Justin Scott
|Feature feature manager=Wil Clouser |Feature lead engineer=Unassigned |Feature security lead=Raymond Forbes |Feature privacy lead=` |Feature localization lead=` |Feature accessibility lead=` |Feature qa lead=Krupa Raj |Feature ux lead=` |Feature product marketing lead=` |Feature operations lead=` |Feature additional members=` }}
Open issues/risks
`
Stage 1: Definition
1. Feature overview
Allowing users to set a PIN that must be entered prior to every purchase enhances security for those concerned about accidental or fraudulent purchases.
2. Users & use cases
1. A user with kids wants to ensure purchases aren't made without his knowledge.
2. A user hates being prompted to enter his password every time he wants to buy an app on his phone, but is still concerned about his account's security.
3. Dependencies
`
4. Requirements
`
Non-goals
`
Stage 2: Design
5. Functional specification
Users can set a Purchase PIN from their Account Settings page by picking a 4-digit number and confirming it. Prior to every purchase -- up front or in-app, desktop or mobile, the user must correctly enter this PIN.
The PIN is optional, but its existence could be advertised during purchases, e.g. "Security tip: setting up a Purchase PIN only takes a few seconds and guards against accidental purchases."
PayPal pre-auth keys could be encrypted using this PIN such that users would be further protected against any Marketplace compromise.
Security recommendation:
- Require the PIN for all setup processes of users
- Use the PIN to encrypt the stored pre-auth key
- Do not permanently store the PIN, instead use the provided PIN to decrypt the pre-auth key for a point in time use. Then disregard both the PIN and the decrypted pre-auth value
- May need to investigate increasing the key size
- This could be accomplished by appending to a static value on the server side (which is stored outside the database)
6. User experience design
`
Stage 3: Planning
7. Implementation plan
`
8. Reviews
Security review
`
Privacy review
`
Localization review
`
Accessibility
`
Quality Assurance review
`
Operations review
`
Stage 4: Development
9. Implementation
`
Stage 5: Release
10. Landing criteria
` {{#set:Feature open issues and risks=` |Feature overview=Allowing users to set a PIN that must be entered prior to every purchase enhances security for those concerned about accidental or fraudulent purchases. |Feature users and use cases=1. A user with kids wants to ensure purchases aren't made without his knowledge.
2. A user hates being prompted to enter his password every time he wants to buy an app on his phone, but is still concerned about his account's security. |Feature dependencies=` |Feature requirements=` |Feature non-goals=` |Feature functional spec=Users can set a Purchase PIN from their Account Settings page by picking a 4-digit number and confirming it. Prior to every purchase -- up front or in-app, desktop or mobile, the user must correctly enter this PIN.
The PIN is optional, but its existence could be advertised during purchases, e.g. "Security tip: setting up a Purchase PIN only takes a few seconds and guards against accidental purchases."
PayPal pre-auth keys could be encrypted using this PIN such that users would be further protected against any Marketplace compromise.
Security recommendation:
- Require the PIN for all setup processes of users
- Use the PIN to encrypt the stored pre-auth key
- Do not permanently store the PIN, instead use the provided PIN to decrypt the pre-auth key for a point in time use. Then disregard both the PIN and the decrypted pre-auth value
- May need to investigate increasing the key size
- This could be accomplished by appending to a static value on the server side (which is stored outside the database)
|Feature ux design=` |Feature implementation plan=` |Feature security review=` |Feature privacy review=` |Feature localization review=` |Feature accessibility review=` |Feature qa review=` |Feature operations review=` |Feature implementation notes=` |Feature landing criteria=` }}
Feature details
| Priority | P1 |
| Rank | 1 |
| Theme / Goal | ` |
| Roadmap | Marketplace |
| Secondary roadmap | ` |
| Feature list | Marketplace |
| Project | ` |
| Engineering team | WebDev |
{{#set:Feature priority=P1
|Feature rank=1 |Feature theme=` |Feature roadmap=Marketplace |Feature secondary roadmap=` |Feature list=Marketplace |Feature project=` |Feature engineering team=WebDev }}
Team status notes
| status | notes | |||||||||
| Products | ` | ` | ||||||||
| Engineering | ` | ` | ||||||||
| Security | sec-review-needed | Implementation review from rforbes
1 Total; 0 Open (0%); 1 Resolved (100%); 0 Verified (0%); |
||||||||
| Privacy | ` | ` | ||||||||
| Localization | ` | ` | ||||||||
| Accessibility | ` | ` | ||||||||
| Quality assurance | ` | ` | ||||||||
| User experience | ` | ` | ||||||||
| Product marketing | ` | ` | ||||||||
| Operations | ` | ` |
{{#set:Feature products status=`
|Feature products notes=` |Feature engineering status=` |Feature engineering notes=` |Feature security status=sec-review-needed |Feature security health=Blocked |Feature security notes=Implementation review from rforbes
| ID | Summary | Priority | Status |
|---|---|---|---|
| 761812 | SecReview: Marketplace/Features/Purchase PIN | -- | RESOLVED |
1 Total; 0 Open (0%); 1 Resolved (100%); 0 Verified (0%);
|Feature privacy status=` |Feature privacy notes=` |Feature localization status=` |Feature localization notes=` |Feature accessibility status=` |Feature accessibility notes=` |Feature qa status=` |Feature qa notes=` |Feature ux status=` |Feature ux notes=` |Feature product marketing status=` |Feature product marketing notes=` |Feature operations status=` |Feature operations notes=` }}