Expert Comment: Palm Scanner Launched For ‘Secure Payments’

By   ISBuzz Team
Writer , Information Security Buzz | Sep 30, 2020 02:54 am PST

Following the news that ‘Amazon has announced a new payment system for real-world shops’, please find a comment below from David Emm, Principal Security Researcher at Kaspersky.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
David Emm
David Emm , Principal Security Researcher
InfoSec Expert
September 30, 2020 10:54 am

The new Amazon One payment sounds very convenient: you just hold your palm above the reader and it charges your card automatically – no swiping, no PIN, nothing. But to do this, they’re taking biometric data – in this case, a palm – and storing it in the cloud correlated with payment data. Amazon says the data will be encrypted. If we want to bring on the future securely, we must ensure it’s well encrypted, because Amazon One combines identification, authentication and authorisation into a single point. If someone were to steal and decrypt the data from the cloud they could potentially spoof someone\’s identity and spend their money.

The key lies in how the data is being encrypted and stored. Where identification and authentication are separate, for example where a biometric is used to identify you and a PIN is used to verify that identity, anyone stealing the biometric data wouldn\’t have a complete set of information or enough to steal people\’s money. But in the case of Amazon One, they would have everything they need.

Much safer to keep the two thing separate – biometric data to identify you and something else (such as a PIN) for authentication.

Last edited 2 years ago by David Emm

Recent Posts

Would love your thoughts, please comment.x