Amazon One

A couple weeks ago I was doing our family’s weekly grocery shopping, making it through all 15 or so aisles of the store, picking up meat from the butcher, canned and packaged items, fresh salads and hot foods from the deli and some desserts from the bakery. It only happens once a week so after about 45 minutes I got up to the cashier with a full cart, waited in line for the two customers in front of me, then proceeded up to the counter. The cashier, bagger and I all made small talk, I handed them my reusable bags ubiquitous here in California and they proceeded to ring up and bag my groceries.

When the cashier was ringing in the last few items I reached towards my pocket to take out my wallet so that I could pay and I had this immediate sinking feeling in the pit of my stomach…. I had forgotten my wallet at home. Ok, no problem I’ll just use my phone I thought, as I started opening my primary payment app only to discover that when I had changed phone services about a month earlier I had decided to go from one app (having deleted my cards already from the app) to another, but hadn’t gotten around to migrating my credit cards, and there was no way to do it on the spot without having the credit cards in front of me (as I don’t memorize expiration dates and CVV codes.

Let me tell you, that was an embarrassing conversation because I wasn’t going to make the round-trip home and back that day and all of the food would have to be either restocked or thrown out.

Image: Amazon

Fast forward to today when I decided instead of going to the Nugget supermarket in Eldorado Hills, CA I would hit up our local Whole Foods here in Folsom, CA for a little variety. I again went through the routine of shopping, got up to the counter, loaded all my food items onto the belt and handed them my bags. Then I looked down and saw a scanner device inviting me to sign into my Amazon Prime account. I hadn’t used Amazon One prior to this point, but I had read about it, knew what it was and was immediately intrigued to get signed in.

The process occurred in less than the time the cashier took to ring in the rest of my groceries. After inserting an Amazon Prime-connected credit card I scanned both of my palms into the system, stood back and waited for the cashier to finish. Once she was done I simply put my hand about 4 inches over the top of the scanner and it accepted my palm image for payment.

Even though this technology has been out for many years, and I’ve used it to access secure data processing centers, I’d never seen it “in the wild”. Amazon started rolling this out back in Sept 2020, but it was only at a couple of their trial Seattle Stores according to the BBC. I hadn’t shopped at a Whole Foods since probably late 2021 and it wasn’t installed at that point in my local store, as it wasn’t rolled out across California until the Fall/Winter of last year.

Having read up on the technology prior to this I knew that palm scanners are generally considered one of, if not the most, secure form of biometric identification. Theoretically, fake hands designed to spoof palm readers have been made, but it is still far more difficult to obtain the veinous infrastructure of a target’s hand than it is their fingerprints, voice or facial features.

Palm scanning still has its detractors, and those questioning Amazon’s motives, but as someone who has already been pretty comfortable providing my biometrics for dozens if not scores of professional (work applications, laptop login, facilities access, etc.) and personal (teaching license, passport application, home refinance, crypto AML/KYC verification, CLEAR’s expedited travel program and more) occasions across the years I’m just not feeling that same level of concern here. Additionally, as both a Security and IT professional I’m constantly at odds assessing the likelihood and impact of a threat versus the benefit it adds to my life or work. In the case of Amazon One I certainly don’t need it to function, but I also don’t see it as a significant comparative threat either.

Tell me in the comments your thoughts on Amazon One, how it addresses privacy and security as it stacks up against business efficiencies, customer experiences and personal convenience. As an IT or Security professional does this concept concern and scare you, excite you or something in between?

This isn’t the last we’ll hear of this either. Dilip Kumar, VP Applications, spoke on this topic at re:MARS2022, where he stated for him and his team, “it’s always Day 1” meaning things are just getting started. And now that I know the technology is being incorporated into the Panera next to my Whole Foods, I may need to stop in sometime soon.