Sorry to hear this makes you feel uncomfortable. We chose to use the PIN because:
- it should take more than just access to a person’s phone to make a P2P payment
- we’d like to avoid things like additional passwords (as you may have seen, we removed passwords entirely in the latest release)
- the PIN is something everyone already knows
The real PIN isn’t sent to your phone – instead, what you type is sent to the server which validates it. After a number of unsuccessful tries the process is blocked, just as it is for a Chip + PIN transaction.
If there’s something else you’d prefer we used instead of the PIN, I’d love to hear 