I did like what they showed in WP8 with a separate PIN being needed to use the wallet. I think a good way of doing it would be to just require a PIN whenever you wanted to do something related to finance.

Microsoft Accounts already provide the ability to log in via a one time code sent to your phone, which is a step in the right direction.