Miguel Guzman ’24, a native of Lima, Peru, is a senior biotechnology major in the College of Arts and Sciences with an entrepreneurship and emerging enterprises minor in the Whitman School of Management. His research centers on developing bio-enabled protein…
Amazon’s Pay-By-Palm Plans Present Security Concerns
Amazon recently announced the rollout of the Amazon One program near its Seattle, WA headquarters that will allow consumers to utilize their palmprint (when linked with a credit card) to pay for items at local Whole Foods stores in that area.
How secure is this type of payment method? And what could be the future implications of a company like Amazon having this sort of biometric information?
Vir Phoha is a professor of electrical engineering and computer science at Syracuse University. His expertise areas include biometrics, cybersecurity, machine learning, and smartphone and tablet security. Professor Phoha answers a few questions about biometric technology and some of the challenges it presents.
He is available for interviews and additional questions.
Q: What are your initial thoughts about the use of this sort of biometric technology?
Phoha: Typically palm prints are based on characteristics of the palm, such as the length and width of the palm, fingers, bone structure, and surface area of palm; and lines and ridges on the palm.
They can be contact-based such as placing the hand on a scanner. Placement may be guided by positioning pins that align the hand correctly for the camera or it can be contactless such as through a camera.
Some form of a scan or picture is taken of the palm, although different people have different palm structures (and palm veins). Privacy and security will be an issue because there is a lot of overlap in the structure of hands of different people, so this biometric is easy to spoof – identity theft may be a bigger problem as compared to a face biometric – it will relatively be easy to spoof or claim the identity of an individual. It can be a concern if the palm biometric is linked to credit cards and the information is stored on the Cloud. And the Cloud is under the control of Amazon.
Benefits of this technology: Sturdy and user friendly– ease of use is high; Changes in skin moisture or texture do not affect the results. There are not many studies that examine whether there are differences in palm structure for different ethnicities etc.
Drawbacks of this technology: There is a lot of overlap in the structure of hands of different people, so it is easy to spoof. Thus, the security of these systems is not as high as say a fingerprint.
Q: How would someone spoof a palm print?
Phoha: Typical ways to spoofing a palm are silicone glove; building a mold of a victim through replicating the palm prints (or image) from a picture of an individual’s palm or from palm prints left on glass, etc.
Q: What are some safeguards that should be put in place to prevent misuse?
Phoha: In addition to cryptographic and secure computation methods, I think palm biometrics should be combined with some other forms of biometrics or identification technologies including some form of second-factor authentication.
Q: Should we be concerned of having a large retail/tech company like Amazon with access to this kind of biological identifier?
Phoha: Yes, because unlike the face, one has to depend on algorithms to refute any false positives. Your face is visible so one can refute any allegations in a straightforward way. For example, in the case of facial recognition, the persons accused were able to refute because they saw the face of the real person who was to be charged and said that is not them.
Q: Similar to facial recognition software, how should companies navigate the use of this sort of technology by law enforcement agencies?
Phoha: To a large extent palm print is similar to fingerprint because an image (picture) is taken and just a visual inspection does not identify a person (unlike face). Algorithm matching has to be done. I feel that there are fewer chances of implicit bias because of palm print as compared to facial recognition.
To request interviews or get more information:
Media Relations Manager
Division of Marketing and Communications