Amazon One: payment with palm hand

Publié par le dans , | Consulté 299 Fois

On September 29th, 2020, the e-commerce giant Amazon announced a new payment system called Amazon One. Nowadays, consumers unlock their smartphones with digital print. In the middle of coronavirus pandemic, Jeff Bezos’ company goes even further by introducing its contactless payment. This method is only trialed at two Amazon Go stores in Seattle where shoppers can pay using their palm hand.

How did the Amazon Go system work before?

For a few years, a new form of shopping appeared in the United States and the United Kingdom. Indeed, the Amazon Go system allows customers to buy products like snacks by using a mobile application. It’s revolutionary because lines and checkouts have disappeared. All clients just need an Amazon account and the Amazon Go app. They can download it for free with an iPhone or Android phone and connect their credit card.

It’s an easy method, you have to scan the QR code to enter the store then you can buy some items like in other shopping centers. You can even change your mind and put products back on the shelves, dozens of sensors will take this into account. After leaving the store, the total amount spent will have been calculated and will be withdrawn if it required.

How does the Amazon Go system work now with Amazon One?

With the arrival of Amazon One, the principle remains the same but allows you to pay with a simple wave of the hand. Unlike the old system, no Amazon account is required, it’s a notable change. However, customers have the choice and can still use the Amazon Go app.

This new one second payment tech uses biometric scanners. The « palm signature » connects your palm print to a credit card and it’s possible to register both hands. According to Amazon, it takes less than a minute.

Dr Basel Halak, the director of the Embedded Systems Master program at Southampton University, said Amazon chose palm recognition because « in comparison with other form of identifiers such as physical devices, this form of biometric authentication is based on physical characteristics that stay constant throughout one’s lifetime and are more difficult to fake, change or steal ». In fact, the palm print is unique for each person.

More speed but less data security?

Amazon has recently suffered a lot of criticism following the revelations surrounding the recordings of Alexa voice data. Many questions arise in terms of users’ data privacy. As a matter of fact, people might feel tracked by this data transmission.

« We take data security very seriously and protect sensitive data, such as your palm signature and payment information, at rest and in-transit in accordance with Amazon’s high security standards », said the company in its website, well aware of the problem.

The e-commerce giant also specifies that the palm print is separated from other data and kept securely in the cloud. The palm signatures are encrypted and not stored on Amazon’s website.

Furthermore, the company says that customers could choose to delete their data at any time directly via terminal or via website. But can we trust Amazon this time?

Could this system be introduced in France?

Amazon Go stores don’t exist in France and at the beginning of the year Michel-Edouard Leclerc, leader of mass distribution brand Leclerc, expressed his opposition to this American system and insisted on keeping French independence.

Amazon intends to expand palm hand signatures to other stores. The vice president of technology for Amazon Go and Amazon Books, Dilip Kumar, said that the device could be used for sport stadiums or offices.

But Amazon One is unlikely to be introduced in France where personal data are very protected by GDPR (General Data Protection Regulation). The provisions of this European regulation have directly been applicable in all State members of the European Union since May 25, 2018. Personal information is also protected by the applicable national law, the Data Protection Act of January 6, 1978, as amended by other laws.

French data protection authority (CNIL) is very demanding about biometric data. According to article 9 of EU-GDPR, there is a special category of personal data that includes biometric data as well as sensitive data such as health data or data that reveals alleged racial or ethnic origin. In its guidelines, the CNIL gives a list of several principles that must be respected.

First of all, processing of biometric data must be justified by a specific need. A privacy impact study is even recommended by the authority. Then, each person must have the choice whether they should use it or not. Users’ consent must be free, specific, informed and a written form should be preferred. Finally, biometric data must be under the exclusive control of the data subject. Exceptions are limited and must be justified.

But this payment system quickly evolves and it’s necessary to stay alert.

Sources

  • CIACCIA (C.), « Amazon introduces ability to pay with your hands », Fox Business, foxbusiness.com September 29, 2020
  • DEAN (G.), « Amazon is letting customers pay for groceries by scanning their palm at its Go convenience stores », Business Insider, businessinsider.com September 29, 2020
  • METZ (R.), « Amazon wants you to pay with a wave of your hand », CNN Business, edition.cnn.com September 29, 2020
  • PEREZ (S.), « Amazon introduces the Amazon One, a way to pay with your palm when entering stores », TechCrunch, techcrunch.com September 29, 2020
  • « Amazon One: Palm scanner launched for “secure” payments », BBC, bbc.com September 29, 2020
  • CNIL, « Biométrie à disposition de particuliers : quels sont les principes à respecter ? » cnil.fr 10 avril 2018