On This Page

While I was watching the news, a story came on about a new technology coming to the local Whole Foods where you could pay with your palm. I thought, I’ve got to try this!

Biometric payments have been on our mobile devices for a decade now, but I haven’t yet seen an in-store payment device with one, so this is an enormous step into the future.

Think about it. You won’t need to have your credit card or even your phone to pay for things where biometrics are utilized – as long as you still have your hand. Don’t worry, we’ll cover security as well as privacy below.

What is it?

This “pay by palm” technology is from Amazon, and it’s called “Amazon One.”  Amazon One has been in use since 2021, but now that it’s beyond beta testing and has been rolled out in Whole Foods Market, Amazon Fresh, and Amazon Go stores, it’s getting a lot more traction. 

How does it work?

You start by enrolling online using your Amazon account. It will ask for your mobile number and send a code for verification. You can then add your card or link to your Amazon Wallet. Finally, go to a location near you and use the provided QR code to pull up your record and scan your palm(s) into the system. I recommend scanning both palms – you never know which hand will be free at checkout. You also have the option of going through the whole process at a kiosk or checkout in any of the current Amazon and Whole Foods locations. If you don’t have an Amazon account, you’ll need to do it in-store – you’d have to go there to scan your palm(s) regardless. One major benefit of online-first enrollment is linking to your Amazon Prime account and loyalty programs for discounts and rewards, but you can do that after signing up.

Once you and your payment method are in the Amazon One system, you can start paying for things with your palm at any location that has the Amazon One scanner. At Whole Foods, they have them at both the traditional and self-checkout aisles. 

How do you use it?

I could explain in detail, but it’s much easier to just show you how to use it with this video.

Now that you know what it is and the basics of using it, let’s take a closer look at the details in case you have immediate questions.

Is it like a fingerprint?

Not really. They’re not taking a copy of your palm print, but instead analyzing both the palm and underlying vein structure to create a unique numerical, vector representation called a “palm signature.” This allows the system to not have to send images back and forth to the Amazon Web Services (AWS) cloud for identification.

What about security and privacy?

Directly from the Amazon One Website: Amazon One was built with an understanding that three core tenets could never be compromised: customer privacy, data security, and accuracy. These are integral to every decision we make, from the design of the service, to how we store and secure palm data, to how that data is used.

But not everyone takes their word for it, and skeptics have questioned a number of things. I’ve tried to cover them all in the list of Q&As below. 

Q: If it’s used in a cashierless location, can’t hackers just replace the device like they do with credit card scanners?

A: With EMV, video, and other precautions, scammers don’t find it profitable anymore. Instead, they try to capture transactions on the network that are unencrypted. Additionally, this is a much more sophisticated device to duplicate. 

Q: What if someone got hold of a scanner, hacked and modified it, and then installed it somewhere? 

A: Amazon thought about that. The scanner has tamper-detection capabilities that turn it into a brick if someone meddles with it. Additionally, sophisticated merchants have estate management software that goes with their validated point-to-point encryption system to secure transmission of cardholder data that would recognize the device as not being part of the merchant’s hardware estate.

Q: What if someone makes a model of my palm, can they go around making purchases?

A: To prevent things like that, Amazon One has an extra layer of security called “liveness detection.”  Basically, the system can recognize the difference between a real live palm and a replica. They even tested with more than 1,000 silicone and 3D-printed palms. All attempts were rejected.

Q: The whole palm database is stored in “the cloud,” so what’s to keep highly sophisticated hackers from getting into it?

A: AWS is backed by more than 300 cloud security tools and 100,000 security partners, and it’s trusted by governments and other security-sensitive organizations around the world. Additionally, palm signatures are encrypted and stored in a highly secure zone in AWS. Access to this highly secure zone is restricted to select AWS employees with specialized expertise.

Q: If there’s a palm database, then it’s only a matter of time before the government gets hold of it and your privacy is invaded. 

A1: The way it’s set up, you need the underlying technology to verify the scan. Plus, they would have to scan your palm with an Amazon One scanner, and unless you are arrested, they cannot make you comply. The technology can’t even be used like fingerprints and DNA, because you can’t get a palm scan from a crime scene to compare with the database. They can’t make you part of the database for the same reason. Finally, users can delete themselves from Amazon’s servers at any time.

A2: The government could license the technology and use it for granting access to secure physical and digital areas, but it would be their highly secure database being referenced, not the one that only stores your credit card or bank account number.

Q: What about privacy in general, tracking my usage, and sharing that information with other parties?

A: From the Amazon One website: Amazon One will never share palm data with third parties, under any circumstance, including in response to government demands, unless we’re required to comply with a legally valid and binding order…. Further, Amazon One palm data is not used by Amazon for marketing purposes and will not be bought by or sold to other companies for advertising, marketing, or any other reason. In fact, when you use Amazon One at third-party locations, Amazon doesn’t track what you do or buy after entering the location. That data is not associated with your biometric identity, and we built Amazon One that way intentionally.

Where can you try it? 

Amazon One is available at Amazon businesses, including Whole Foods Market, Amazon Books, Amazon 4-Star, Amazon Fresh, and Amazon Go stores. It’s also available at Panera Bread, Hudson, and CREWS at airports, and at sports stadiums and entertainment venues, including Coors Field, T-Mobile Park, Climate Pledge Arena, Texas A&M’s Kyle Field, and more.

To see locations within 30 miles, enter your zip code on the Amazon One Location Finder and it will show locations on a map and list. 

What’s next for Amazon Go?

What’s next beyond expansion to more merchants? You can link loyalty cards to the account, as well, and if you can link loyalty, you will be able to link other things. In fact, they’ve added age verification for alcohol purchases. Because Aramark is one of the first providers, and they sell a lot of beer, wine, and alcohol at sporting events—and are required to check an ID for every drink sold—not having to check IDs really speeds up the lines, saving both time and money and making customers happy that lines move faster. You do have to scan your ID and selfie for verification. So now we’re back to privacy issues, but they’ve that figured out and don’t store your ID and selfie – they just securely transmit the images to an ISO 27001-certified identity verification­ provider and update your account as age-verified if your ID shows you’re over 21. Why the selfie? Just like a live verification, it’s so you cannot use some else’s ID.

Additionally, if Amazon decides to license the technology, it could be used where any other biometric or badge swipe security exists – if it’s financially viable.

Does ACI have a connector for Amazon One?

Currently, we do not. When an ACI customer implements Amazon One palm readers in their stores, ACI will add this innovative alternative payment method. Amazon could potentially code to the ACI Payments Orchestration Platform via our Open Payment Platform single unified RESTful API to facilitate access to Amazon One by our clients to quickly expand the use of this breakthrough in-store alternative payment method (APM).
Until then check out the global and local APMs and major POS vendors our clients continue to enjoy.

eCommerce and Omnichannel Merchants - Marketing

Terry is a seasoned marketing professional with over 30 years of experience. While he has worked in payments for only five years, he has experience with both eCommerce and omnichannel merchants as well as with payment intermediaries. He enjoys building and repairing things with his hands and coming up with innovative ideas to solve complex problems.