With PayPal reportedly now sending authentication codes via SMS to customers’ mobile devices as an added security measure, could we see the Trojan Horse for mobile Payments? PayPal wants-and needs-to move from online to offline payments. Parent EBay is a phenomenal marketplace for auction goods, but Mama Bear could fulfill a much greater destiny sooner (that of being a reputation-vouching service provider in both offline and online worlds) if PayPal could work as a payment mechanism in more physical-world retailers. As with many emerging forms of payments, authentication is the deciding factor, proving once again that the ROI of security is more about customer-relationship metrics and less about mitigation of losses. Even products like NACHA’s Secure Vault are likely to succeed or fail based on the elegance and efficacy of authentication, IMHO. Back to the role of SMS authentication and who eventually wins as mobile devices are used in physical-world payments, payments still belong to the most established and trusted brands such as Visa, MasterCard and the customer’s familiar bank. Regardless of who wins and who loses, I’m watching SMS authentication and alerts closely to determine how and when payments will move from old-fashioned wallets and purses to mobile devices.