In the near future, you’ll be able to purchase things with a swipe of your hand. Pay-by-palm is already available at over 200 Amazon-owned Whole Foods Market stores across the country. And by year-end, all 500+ stores throughout the U.S. will offer the payment option, according to a July 20 press release.
This means customers who sign up for the Amazon One program won’t need their wallets or phones to pay for groceries. Amazon One is a type of biometric-based form of payment which uses your unique physical features, such as your face or palm print, to authorize payments.
Here’s how it generally works: You sign up for a biometric payment program, such as Amazon One, by providing your credit or debit card information and other details like your phone number or a valid ID, depending on the retailer.
Then, you scan your hand, face or fingerprints, which are attached to your user profile. From there, you can use your hand, face or fingerprints to pay at certain participating locations.
However, some tech and cybersecurity experts are expressing concern about this evolving technology. Since your hand or face is completely unique to you and can’t go missing in the way your credit or debit card can, some may argue that it is a more secure form of payment. But that’s not necessarily so, says Hafiz Malik, an electrical- and computer engineering professor at the University of Michigan who researches cybersecurity.
Artificial intelligence technology could be used to create fake versions of your voice, face or handprint, which could then be used to dupe biometric-based payment systems, Malik says.
“There needs to be countermeasures, such as liveness detection, in place to detect whether these are spoofed or impersonated identities,” he says. To its credit, Amazon says its palm scanners use liveness-detection technology and are able to tell the difference between a live palm and a fake one. Consumers should also be aware that the database where their biometric data is stored could potentially be hacked.
“Any time you entrust your data with a private corporation, you’re trusting that company to keep that data safe. And most of the time, you probably shouldn’t,” says Evan Greer, director of Fight for the Future, a digital-rights advocacy organization. “Corporations have a really terrible track record of keeping our personal information safe,” she tells CNBC Make It.
While you can replace a stolen credit card or even a stolen Social Security number, it would be incredibly difficult to replace your face or palm if your biometric data is stolen, she says.
On top of that, it can be dangerous if these databases of biometric information get into the wrong hands, says Cynthia Rudin, a Duke University professor of computer science, bioinformatics and electrical and computer engineering.
“They can control you in ways you don’t like,” Rudin says. “Those data sets can be used to control us anywhere in the world, including arresting us, or preventing us from entering stores that don’t want customers in our salary bracket, or who have political views that disagree with the owners of the venues.”
It’s important to understand that your biometric information is some of the most sensitive data you create, says Greer. That’s why it’s crucial to protect it the same way you would safeguard your personal details, such as your address or Social Security number.