Our bodies are becoming passwords. Amazon has joined this trend and announced this Tuesday a new device that allows you to pay or identify yourself with the palm of your hand and without contact. This is useful in times of pandemic but raises many questions because of the risks to privacy.
MiamiDiario Editorial Staff
The first time you use it, insert your credit card and scan your palm. From then on, you just have to hold your palm over the device when you enter the store and Amazon can automatically charge you for the items you buy. Why the hand? Dilip Kumar, vice president of Technology and Physical Retailing at Amazon, explains that this feature is considered more private than some biometric alternatives because you can’t determine a person’s identity just by looking at their hand image. “Ultimately, the use of the palm as a biometric identifier allows customers to control when and where they use the service,” he adds in the company’s note.
For now, the devices are at the entrances of two Amazon Go stores in Seattle (United States), and it doesn’t take more than a minute to identify yourself and get through the door, according to the company. The industrial giant is convinced that the idea will be extended to payment methods and offices and to loyalty cards.
Silvana Churruca, the director of the Payment Innovation Hub, an innovation center that develops precisely biometric technologies for payments, argues that the day will come when all accesses will be controlled by these techniques, whether it be to enter the car, at home, in a supermarket, in a bank or anywhere else. In Europe, yes, things will go slower, since they have much stricter data protection regulation than in the United States or Asia. “But it is clear that biometrics will play a relevant role in the coming years when we talk about identification, fluid and secure experiences and payment methods,” she stresses. For Churruca, Amazon’s announcement is in line with all the changes that occur in the card digitization sector. “You have to be clear that the plastic card is going to disappear. It is the future scenario towards which we have been going for years and the covid has only accelerated it, ”she says.
Doubts about this “future scenario”
Data protection continues to raise doubts. Where does my information go? Who is in charge of storing the palm of my hand, the iris of my right eye and my face? Which of all the biometric data is the safest? Can I erase my biometrics forever whenever I want? What if they end up in the hands of hackers? The questions seem endless, and Natalia Martos, CEO and founder of Legal Army, an alternative legal services provider focused on data privacy, doesn’t have the answers to all of them. The expert shows some reluctance when she is told about this new Amazon device and sees this entire system as a very high risk. “By having this data, which only and exclusively belongs to the user, companies have the access key to all their privacy, 100%. If there is a security breach or any incident, we expose ourselves to the hands of anyone ”, she warns.
On a plastic card there is a name, a surname and possibly an address, but what does my hand count about me? “All. It is something that is only yours and you are only recognized thanks to it ”, Martos answers. The expert explains that the same thing happens with facial recognition and that the general data protection regulation says that only biometric data can be used, with the explicit agreement of the user and that there is no less invasive method to achieve this objective. “Today we can access with keys and passwords and I think that as we work today, facial recognition could be excluded,” she says.
Mozilla’s 2019 Internet Health Report reported the abuse of biometrics through techniques such as facial recognition and warned that “digital identification profiles often benefit governments and private actors, not individuals. Gemma Galdón, president of the Ethics Foundation, dedicated to conducting studies and awareness activities on how new technologies impact society, recently said that biometrics is not safe and, moreover, is highly hackable”.
The key to using these devices ethically comes down to several things. One, be very clear about who assumes the risk; two, who handles the data; and three, rigorously analyze the impact on privacy.
Asked about data protection, Churruca does not see so many drawbacks, and first insists that it is important for the user to choose who they leave their information to. In general, people trust institutions that are used to handling sensitive customer data, such as banks or brands like Visa. Second, the expert explains that each company has its own algorithm. The signature that Amazon will create will probably have nothing to do with that of another company that decides to use the same device. “The two host information differently and do not choose the same traits. The source of the data is the same hand, but the way in which it is processed and encrypted generates a unique code and that strengthens security “, confides the director of Payment Innovation Hub.
Source: La Opinión