Although touchless thermometers have been adopted by several companies for functional needs, Amazon has recently taken it a step further. Amazon Go stores in Seattle have started to require customers to use a contactless palm reader called the Amazon One to access secured goods and areas.
Amazon presented the technology on their YouTube channel as a way for shoppers to carry less credit cards and items on them. To register for the palm scanner the user just needs a credit card, phone number, and a scan of their palm. The palm reader emits a light that reveals veins inside the skin and searches for other characteristics of the hand. After registering once, shoppers only need their palm to browse and purchase from Amazon Go stores.
The functionality of the palm reader is arguably an efficient use of biometrics considering that the palm of each person is unique and has a distinct pattern.
Amazon plans to distribute the Amazon One device to other retailers and third parties. On their site, they state that they offer these palm recognition services to anyone.
While the use of the technology is innovative, the use of a contactless credit card has the same effectiveness. Other services like Apple Pay and Samsung Pay have a similar function of connecting a credit card with an account and using a mobile device or watch to contactlessly pay.
The company addressed security concerns and claimed all palm information is stored in a custom-built cloud. Additionally, the customer can, by request, delete their account permanently and erase all their personal data.
Alongside the security issues ever present with the use of biometrics and shopping, there are also concerns of hackers and other malignant uses of the data collected from the reader. Frederike Kaltheuner, a tech policy analyst at the Mozilla Foundation, fears that the use of the palm biometrics will allow Amazon to gain intrusive data on customers’ purchases.
Many consumer requests and purchases could be easily accessible to Amazon if the technology is implemented in other stores. This can essentially create a clear data stream for Amazon and eliminate their need for data brokers.
In July of 2019, there was a huge Capital One breach on Amazon Web Services (AWS) servers and data from over 100 million users was exposed, including bank account and social security numbers. After an investigation took place, a hacker who worked for the Amazon cloud servers was arrested.
While the hacker’s prior working experience at Amazon has been proven, Amazon has denied all allegations with the Capital One breach. If a breach were to occur with the Amazon One service, Amazon may again try to push blame elsewhere.
The palm scanner information of Amazon One is stored on AWS servers, making privacy concerns more preeminent. While the use of the same technology by other third-party companies could entice more hackers, it is up to the consumer to decide if they want to opt into the palm recognition technology.