Expert Comment: Palm Scanner Launched For ‘Secure Payments’

Following the news that ‘Amazon has announced a new payment system for real-world shops’, please find a comment below from David Emm, Principal Security Researcher at Kaspersky.

Subscribe
Notify of
guest

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
David Emm
David Emm , Principal Security Researcher
InfoSec Expert
September 30, 2020 10:54 am

The new Amazon One payment sounds very convenient: you just hold your palm above the reader and it charges your card automatically – no swiping, no PIN, nothing. But to do this, they’re taking biometric data – in this case, a palm – and storing it in the cloud correlated with payment data. Amazon says the data will be encrypted. If we want to bring on the future securely, we must ensure it’s well encrypted, because Amazon One combines identification, authentication and authorisation into a single point. If someone were to steal and decrypt the data from the cloud they could potentially spoof someone\’s identity and spend their money.

The key lies in how the data is being encrypted and stored. Where identification and authentication are separate, for example where a biometric is used to identify you and a PIN is used to verify that identity, anyone stealing the biometric data wouldn\’t have a complete set of information or enough to steal people\’s money. But in the case of Amazon One, they would have everything they need.

Much safer to keep the two thing separate – biometric data to identify you and something else (such as a PIN) for authentication.

Last edited 1 year ago by David Emm
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x