Pay-by-palm technology offers consumers a convenient option for payment and identity verification by simply holding their hand over a scanner. But critics, including some policymakers, have raised concerns about pay-by-palm technology and stored biometric information. Instead of fearing pay-by-palm systems, policymakers should recognize pay-by-palm as the next evolution in quick payment and identity verification that offers a more private biometric option than fingerprint or face recognition.
Pay-by-palm is a type of biometric authentication payment technology that allows consumers to use their palms to complete a purchase. Biometric authentication payment technologies use a unique physical characteristic, like a fingerprint, to identify a user and authorize a transaction. Around 65 percent of American consumers have used biometrics before and more than 80 percent of consumers are interested in using biometrics for identity or payment verification. Most consumers also find biometrics easier and more secure than passwords.
The most prominent pay-by-palm system in the United States is Amazon One. To use Amazon One, customers register a payment card and scan their palm in-store at selected Whole Foods, Amazon Fresh, and Amazon Go stores. Palm scanners use the palm’s unique arrangement of internal veins and minute details like ridges to establish identification. This process creates a unique palm signature that is associated with the payment card. Once created, the device creates an encrypted palm signature and stores the signature in the cloud, not on the specific in-store scanner. Customers can then use Amazon One in any location that accepts it, such as stores, concert venues, or sporting events.
Critics like Fight for the Future, a digital rights advocacy group, have raised concerns about Amazon One specifically, fearing that government or law enforcement agencies could use palm signatures to surveil individuals. However, this concern is unfounded. The Amazon One system ties the palm signature to a payment card and verifies purchases at stores, essentially turning the palm into a credit card. Any information collected by police from the Amazon One system would be the same information received from the payment company. Moreover, concerns about identifying individuals from palm biometrics are generally unfounded. Although all palms are unique, experts consider palms more private and secure than other biometrics because the arrangement of internal veins is difficult to visually confirm (like a face) or replicate (like a fingerprint).
Fight for the Future’s additional concerns about hacking also fall flat in response to reality. While cloud storage systems are not unassailable, Amazon One palm signatures are encrypted at creation. Even if there was a data breach, it would not expose personal information.
Congress has already taken one important step. As part of the CHIPS and Science Act of 2022 authorized the National Institute for Standards and Technology to research and provide guidance on the development of potential best practices, procedures, and voluntary technical standards for biometrics. Congress should also pass federal data privacy legislation that would establish baseline consumer privacy protections, preempt duplicative state laws, and minimize the impact on innovation and compliance costs
Pay-by-palm represents a push forward for consumer payment options. Instead of being driven by critics and concerns, policymakers should support the expansion of new payment technology and look to forthcoming expert research before considering action on the topic.