Amazon is piloting palm readers at two Amazon Go stores and hopes to eventually make the device ubiquitous by offering it as an access control device and payment mechanism to other retailers as well as stadiums and office buildings. This suggests that Amazon intends to challenge the approach being taken by IBM, Microsoft, Mastercard and others that provide people control over their own identity using self-sovereign based solutions with this centralized database approach.
While some palm readers are very secure because they recognize active blood veins for liveness and collect a wide range of palm-specific data, these devices all utilize near-infrared sensors. This article doesn’t offer any details regarding what palm features are captured or statistics on just how accurate it is. Given the additional cost of rolling out this centralized hardware-based product, it would be interesting to understand what weaknesses were the problem with the Amazon Go app.
Was requiring customers to have a mobile device too restrictive? Was the app a security problem? This solution requires Amazon to absorb all the costs of rolling out and maintaining the palm reading system, and one wonders if the mobile app might not become just as capable as the palm reader over the next few years, eventually making palm readers an expensive and unnecessary device.
Here’s more coverage from a Chain Store Age article:
“Once customers have enrolled, they can enter Amazon One-enabled Amazon Go stores by holding their palm above the Amazon One device at entry for about a second or so. Beyond Amazon Go, the retailer expects to add Amazon One as an option in additional Amazon stores in the coming months, and plans to offer the service to third parties like retailers, stadiums, and office buildings.
The technology evaluates multiple aspects of a customer’s palm. No two palms are alike, so Amazon One analyzes all these aspects with its vision technology and selects the most distinct identifiers on a palm to create a unique palm signature.
Amazon One is protected by multiple security controls and palm images are never stored on the device, but are encrypted and sent to a secure area Amazon custom-built in the cloud where it creates palm signatures. Customers can request to delete data associated with Amazon One through the device itself or via the Amazon One online customer portal (one.amazon.com).
Overview by Tim Sloane, VP, Payments Innovation at Mercator Advisory Group