From my professional experience the factor security is not connected ONLY to the programming language / technology used. In your case (MVC 4 and Microsoft “world”) already offer you some options. But in the end the “bulletproof effect” is done by the “application architecture” and the developers/programmers.

Authentication providers such as the ones you refer have many advantages but at the same time provide a “grey area of knowledge” and “control”. “A chain is only as strong as its weakest link”, this means that doesn’t matter how good is your code, in the end if you are delegating a very important part of your code to some “other entity” (and you even don’t know how good is their code / database / easiness of cracking, etc and you can’t do nothing about it).

I am not here telling bad or good about OAuth/OpenID/others, I am just simply telling that in the end the question you should make is: “how secure information are you storing in your website?”

If it is a bank website, see how hard and security protocols and ENTITIES that need to be credited and validated to “work” in this field. Visa/mastercard/others network providers are not just a simple “2 guys basement company”. And there are also insurance companies behind and big contracts trying to provide security to both parties.

So, in your case, only you can decide what are you storing in your website, but other question you should make is: where are you storing all this information? Shared hosting / some host company outside your physically reach? How about the backups? Etc…

If you are talking about real money, there are many aspects to have in consideration and only you can measure the things you can do/afford and hope decide for the best and that never have some bad thing happening 🙂

Best of luck with that 🙂