The issue of security through passwords has long been recognized in the payments sector. Replacing it with an industry-supported open protocol could certainly enhance user experiences, but the dangers of using bio metrics and local device authentication creates new problems.