As I'd recently had my account hacked. I thought it a good idea to introduce a pin no. system for purchases on the marketplace.
Luckily for me I only a few thousand MS points on my account (which were spent). But I know of some people that use credit card on there systems so the spend limit is as much as the credit limit. This can be expensive.
Simple fix: introduce a 4-8 digit pin that is required on purchase, this adds another level of security and helps protect a hacked account from costing more than just your downtime.