Marketplace/Features/Purchase PIN

From MozillaWiki
Jump to: navigation, search
Stop (medium size).png
The Marketplace has been placed into maintenance mode. It is no longer under active development. You can read complete details here.
Please use "Edit with form" above to edit this page.


Purchase PIN
Stage Shelved
Status `
Release target Marketplace July
Health OK
Status note `


Product manager Justin Scott
Directly Responsible Individual Wil Clouser
Lead engineer Unassigned
Security lead Raymond Forbes
Privacy lead `
Localization lead `
Accessibility lead `
QA lead Krupa Raj
UX lead `
Product marketing lead `
Operations lead `
Additional members `

Open issues/risks


Stage 1: Definition

1. Feature overview

Allowing users to set a PIN that must be entered prior to every purchase enhances security for those concerned about accidental or fraudulent purchases.

2. Users & use cases

1. A user with kids wants to ensure purchases aren't made without his knowledge.

2. A user hates being prompted to enter his password every time he wants to buy an app on his phone, but is still concerned about his account's security.

3. Dependencies


4. Requirements




Stage 2: Design

5. Functional specification

Users can set a Purchase PIN from their Account Settings page by picking a 4-digit number and confirming it. Prior to every purchase -- up front or in-app, desktop or mobile, the user must correctly enter this PIN.

The PIN is optional, but its existence could be advertised during purchases, e.g. "Security tip: setting up a Purchase PIN only takes a few seconds and guards against accidental purchases."

PayPal pre-auth keys could be encrypted using this PIN such that users would be further protected against any Marketplace compromise.

Security recommendation:

  • Require the PIN for all setup processes of users
  • Use the PIN to encrypt the stored pre-auth key
  • Do not permanently store the PIN, instead use the provided PIN to decrypt the pre-auth key for a point in time use. Then disregard both the PIN and the decrypted pre-auth value
  • May need to investigate increasing the key size
    • This could be accomplished by appending to a static value on the server side (which is stored outside the database)

6. User experience design


Stage 3: Planning

7. Implementation plan


8. Reviews

Security review


Privacy review


Localization review




Quality Assurance review


Operations review


Stage 4: Development

9. Implementation


Stage 5: Release

10. Landing criteria


Feature details

Priority P1
Rank 1
Theme / Goal `
Roadmap Marketplace
Secondary roadmap `
Feature list Marketplace
Project `
Engineering team WebDev

Team status notes

  status notes
Products ` `
Engineering ` `
Security sec-review-needed Implementation review from rforbes
ID Summary Priority Status
761812 SecReview: Marketplace/Features/Purchase PIN -- RESOLVED

1 Total; 0 Open (0%); 1 Resolved (100%); 0 Verified (0%);

Privacy ` `
Localization ` `
Accessibility ` `
Quality assurance ` `
User experience ` `
Product marketing ` `
Operations ` `
The given value was not understood.