[yuliyp]

This is confusing authentication and authorization. Is this phone legitimately tied to this Apple ID? Yes. Is the owner of the account authorized to make such a purchase? No.

A short appstore PIN could solve this much more easily.

[radq]

I'm not so sure having _yet another_ PIN for users to remember would be a good idea. And besides, a short PIN would be far easier to deduce by looking over a person's shoulder.