I don’t need to bring my wallet or phone when I shop at Whole Foods anymore. I can pay with my palm instead.
All I had to do was sign into the Amazon One app, give Amazon permission to use my body’s unique data—aka biometrics—and take a photo of each of my palms. Amazon used those photos to generate a number-based representation called a “palm signature” in its cloud, then deleted the images, the company says.
After I chose a credit card to link to my palm, I visited my nearby Whole Foods. I hovered my hand over a palm sensor at checkout and walked out with a box of chocolate-chip protein bars.
More companies and government agencies out in the wild want to read our body parts. The Transportation Security Administration, for example, started scanning passengers’ faces instead of checking IDs. These groups say the biometric processes are meant to eliminate friction, save time and reduce lines.
While they might resemble the fingerprint and facial recognition systems we’ve used for years, these services are different. Our phones and laptops keep our biometric information to themselves.
To work, public-facing services collect and extract data linked to you and store it in the cloud. That brings greater potential security risks and a new set of concerns for you, the consumer.
To determine whether you should say yes and give them your face or palm, you need to know how they work, how your data is protected, and whom you can trust to know your face and hands.
When you set up Face ID on an iPhone, Apple captures a map and infrared image of your face, then converts those into a mathematical code that’s stored only on the device.
When you unlock your iPhone with your face, the phone’s sensors read your face again, checking the new code against the code that’s stored. If it’s a match, ta-da! You’re in.
In some airport security checkpoints, the TSA does something like this: A camera snaps your picture and compares it with the one on your ID, to make sure it’s the same person. That all happens in front of you—and the images are immediately deleted.
TSA’s Touchless Identity Solution is more futuristic. You look at the camera, and it tells the agent you’re good to go. No ID required. For this to work, the TSA has to have background information that you’ve already shared.
For starters, you must have a U.S. passport and TSA PreCheck, and be a member of a participating airline’s loyalty program. When eligible travelers check in using their airline’s app, they can opt in to have their biometrics scanned.
Opting in allows the TSA to prompt the U.S. Customs and Border Protection agency to locate your information and add your photo to its cloud-based Traveler Verification Service. It does this for all the other enrolled passengers flying from that airport within the next 24 to 48 hours. (READ MORE)