Amazon has announced a new payment system for real-world shops which uses a simple wave of the hand. Its new Amazon One scanner registers an image of the user’s palm, letting them pay by hovering their hand in mid-air “for about a second or so”, it says.
Biometric based user identification is nothing new. In recent years programs like CLEAR in the US incorporate biometrics to identify airline passengers and programs like Global Entry offer the similar functionality for US passport control. Extending this capability to payment systems is a logical step, but one where participation should be voluntary. Malicious groups know that health and biometric data isn’t easily replaced making it a prime target for any attack. This means that any biometric-based payment system needs to address the question of data compromise within its design and ensure that software designs are kept current with the threat prevailing landscape. After all, as software designs age, implementation decisions that were once thought “best practice” can show their age and become exploitable.