Back
Share

How much is your palm print worth?

Amazon palm print

Our take on Amazon’s $10 promotion to capture customers’ biometric data

Last week, Amazon launched a new promotion offering consumers $10 if they registered their palm print with Amazon’s Amazon One biometric device. Amazon One allows customers at their physical stores to create a “palm signature” and tie it to their credit card and Amazon account. The e-commerce giant is trying to attract consumers to using Amazon One payment by offering Amazon discount rewards and touting it as a contactless payment - which is especially attractive as COVID-19 fear is rising again with the spread of the Delta variant.

Biometric data has been an exciting development in our industry. A palm print is a pretty compelling way to identify someone, especially if you can link it to their identity on the back-end. And who isn’t tired of remembering countless passwords, including different combinations of numbers and special characters? The fingerprint and facial recognition technology that became popular on our iPhones was certainly a welcomed addition to my life.

So, what’s the problem?

The great thing about Apple’s use of biometric technology is that your fingerprint and face ID are only stored on your device itself. That means that if Apple were ever to get hacked, your fingerprint and face ID would not be compromised, and in fact, your iPhone doesn’t even store your image; it stores a mathematical representation of your features. Other applications on your phone make use of this secure data, too. If you use face ID on your banking app, for example, they are actually pulling from your Apple face ID - not storing your biometric data themselves.

What makes Amazon’s use of biometric data — in the form of your palm signature — problematic is that they will store that data themselves in the cloud. This poses a huge security risk for anyone who creates an Amazon palm signature. When Amazon (inevitably) gets hacked, your palm signature can get compromised right along with the rest of their data; and unlike a password that you can change, your palm print is not something you can update. As a result, when Amazon is breached, consumers could lose a lot more than $10 with their biometrics floating around on the open internet.

The power of behavioral biometric data

I have my reservations about biometric data, but I’m not a total hater. In addition to what you might think of as biometric data (facial recognition, fingerprints, etc.), there’s also behavioral biometric data, which looks at a user’s behavior patterns. This data can be incredibly useful for identity verification and transaction monitoring because each person’s way of interacting with a device is unique.

For example, if an account application is being filled out with every field being completed automatically or with the exact same typing cadence, that may be a flag. Or if the user is copying and pasting every single field, that may be another flag. Some of our clients put this functionality to use and see great results weeding out potential fraudsters and even saving some users from the friction of another two-factor authentication cycle if they are verified in the background.

My takeaway

The existing capabilities to identify someone based on their biometrics — fingerprinting, facial recognition, behavior — can be useful but should be used with caution. Adding yet another form of biometric data when other proven, less (albeit only slightly) intrusive solutions exist is at best unneeded and, at worst, irresponsible. Especially given that Amazon is storing this new biometric data in the cloud, outside of the user’s control. The bottom line: a Near Field Communication (NFC) tap would be just as quick and contactless, and a lot more secure.

Related articles

5 min read
Synthetic identities: why fraudsters need imaginary friends

By Ricardo Wiesner on Sep 15, 2022

Synthetic identity fraud is a growing problem. Fraudsters go to extreme lengths to craft identities—complete with social security numbers, names, addresses, and even loyalty program memberships—which they then use to carry out complex (and often costly) fraud schemes. In this post, we dive into the how, the why, and the what you can do about it.

Read more

5 min read
Fraudsters adapt. So should your fraud prevention strategy.

By Yigit Yildirim on Sep 6, 2022

We asked Yigit Yildirim, Socure’s Vice President and Head of Fraud & Risk, to offer his perspective on the modern identity fraud stack, paths to optimize fraud efficacy, and consider how forward-thinking fraud teams should prepare for changing economic conditions.

Read more

3 min read
How to outsmart referral fraud

By Caroline Lu on Aug 24, 2022

Referral marketing can be a great approach to acquiring new customers. It can also open you up to referral fraud scams. We take a deep dive into referral fraud and share some tactics to prevent it.

Read more

5 min read
NFTs: fraud or the future?

By Carolyn Philip on Aug 22, 2022

NFTs are a misunderstood innovation. While they may seem like a speculative asset class, many more potential use cases exist. But fraud is unfortunately rampant, and it's important to understand what will drive positive (or increasingly risky) developments in this space.

Read more

Back
Recent Searches