‘A Terrible Idea’

Amazon Expands Contactless ‘Palm’ Technology During Pandemic

By Fiona Tang

Amazon.com is opening new physical retail stores so customers can make purchases by scanning their palms, a step that researchers said capitalized on consumers’ concerns about hygiene during the COVID-19 pandemic.

The technology, called Amazon One, debuted in September at an Amazon Go store in Seattle. Officials touted the technology as welcomed during the pandemic but declined to comment further to Digital Privacy News.

It uses a “biometric identification system” that includes a hand scanner that can identify a customer based on such characteristics as “lines and creases in the user’s palm, veins, bones, soft tissue or other structures beneath the epidermis of the skin,” according to a patent Amazon filed in December 2019.

To sign up for Amazon One, a customer inserts a credit card and positions their palm above the scanner. The scanner then generates a “unique palm signature” and connects the customer’s card information to their palm.

Stored on Cloud

But unlike Apple’s “Touch ID” fingerprint reader that allows users to unlock their phones and stores fingerprints solely on the phone’s CPU, Amazon One sends each palm image to its cloud — where it remains stored.

“Whenever something is cloud-based, it means that they’re storing data in a central database somewhere,” Philip Zimmermann, creator of the Pretty Good Privacy (PGP) encryption system, told Digital Privacy News.

“If that data store is ever accessed by a party with malicious intent, the data can be used for malicious purposes, like to gain political control.

“Whenever something is cloud-based, it means that they’re storing data in a central database somewhere.”

Philip Zimmermann, Pretty Good Privacy encryption system.

“The idea of a biometric signature is a terrible idea, because your body is exposed in public,” Zimmermann added.

“Let’s say you’re at a restaurant — and your friend takes a photo of you while you wave to someone,” he posed. “If your friend posts the photo online, someone could use the photograph to get your palm signature.”

Moreover, Zimmermann explained, one can easily change a digital signature — like a password or a PGP fingerprint — but cannot get a new eyeball or hand.

Stores in London

Since September, Amazon has installed its palm technology at Amazon Go, Amazon Go Grocery, Amazon Books and Amazon 4-star locations throughout the Seattle area.

Amazon last month opened its first store outside the U.S., in the west London borough of Ealing, touting contactless payment via the Amazon app. Within two weeks, it opened a second store at Wembley Park, in west London.

The company’s U.K. web page shows a video that, within the first 10 seconds, flashes a clip of a customer taking hand sanitizer from a dispenser. The video also shows customers donning face masks and shopping carefree.

“A key issue at play is trust and privacy.”

Jordan McKee, 451 Research.

“It’s contactless, which we think customers will appreciate, especially in current times,” Dilip Kumar, vice president of Amazon Physical Retail, wrote in a September blog post.

Kerri Catallozzi, an Amazon spokesperson, declined to comment on whether palm scanners would be installed in its U.K. stores.

Cameras, Sensors

The Ealing store, like its Seattle counterparts, uses sophisticated cameras and sensors to track customer  movements, to detect which items customers take from shelves and to determine what to bill them for.

Amazon is promoting its palm technology as people have heightened vigilance about touching objects that may be contaminated by the coronavirus.

Jordan McKee, research director at 451 Research in New York, said that retailers that saw the most success with contactless payments were the ones offering a value proposition beyond the transaction itself.

For Amazon, the palm scanners offered a “hygiene-centric value proposition” during the pandemic.

“During the pandemic, consumers have looked to limit what they’re coming into contact with and minimize time spent in close proximity to other people,” McKee told Digital Privacy News.

“Contactless payments help address each of these priorities at checkout by enabling a more efficient and hygienic payment experience.

“It’s contactless, which we think customers will appreciate, especially in current times.”

Dilip Kumar, Amazon Physical Retail.

“Similar to consumers, some retailers have never seen a strong business case for accepting contactless payments,” he continued. 

“The pandemic has helped to evolve this mindset — by positioning contactless payments as a technology that can increase consumer comfort with in-store shopping, promote social distancing and increase the efficiency of their in-store operations.”

In last September’s Amazon One announcement, the e-commerce giant said that it planned to sell its palm-reader technology to third-party retailers, stadiums and office buildings for use at entry points.

Catallozzi confirmed, however, that if an individual were to enter a non-Amazon retailer using Amazon’s palm scanners, the individual’s palm images would be sent to and stored on Amazon servers. 

But Amazon declined to comment on the specifics of its business deals with third parties.

‘Critical-Mass’ Threshold

Kevin Orme, treasurer of the Seattle Privacy Coalition, told Digital Privacy News that he was concerned that biometric identifiers would reach a “critical-mass” threshold — beyond which traditional identifiers became obsolete.

“At what point does my palm scan become the standard by which I’m identified — and my driver’s license and other identifiers no longer mean anything?” he asked.

For some consumers, contactless mobile-payment methods — Apple Pay, Samsung Pay, Google Pay — might be a step toward accepting biometric payment methods, experts said. 

“At what point does my palm scan become the standard by which I’m identified — and my driver’s license and other identifiers no longer mean anything?”

Kevin Orme, Seattle Privacy Coalition

“While mobile-payment methods such as Apple Pay are helping to increase consumer comfort with using biometric technology to authenticate transactions, it remains to be seen if consumers will embrace payment options that solely rely on biometrics,” 451 Research’s  McKee told Digital Privacy News.

“A key issue at play is trust and privacy.

“While consumers may trust a brand such as Apple to handle their biometric data,” McKee said, “they may be hesitant to put that data directly into the hands of a retailer.”

Fiona Tang is a California writer.