No wallet, no phone, no problem: How you could pay with just your palm in future
Palm scanning technology uses vein patterns that are difficult to replicate, but experts say fraudsters are always coming up with new ways to scam people.
A Visa employee making a purchase at Alchemist cafe along Robinson Road. The cafe is the first location in Singapore where Visa is piloting palm payment. (Photo: CNA/Jeremy Long)
This audio is generated by an AI tool.
SINGAPORE: Hold your palm over a scanner for two seconds, then wait a few more for payment to be processed.
That’s how some Visa employees have been paying for their coffee at a cafe near Tanjong Pagar.
The Visa-Tencent pay-by-palm machine at the Alchemist 71 Robinson was set up in October, but for now, it's only available to selected employees of the payments giant.
When the pilot is expanded, Visa cardholders from DBS, OCBC and UOB will be able to pay using their palms as well.
This is likely to be available at the Alchemist first, before other stores get on board.Â
HOW IT WORKS
Visa has not said when it plans to expand the pilot. But when the time comes, here’s what you need to know.
It starts with a terms of use agreement that spells out how your data will be collected, stored and used.
Biometric data will be collected from scanned images, but the original images will not be stored, according to the Tencent Palm Pay privacy policy used during the pilot. The final four digits of credit card numbers will also be collected to facilitate payment.
Information collected would be used to set up an account, verify and authenticate transactions, comply with its legal obligations and enforce its legal rights. The terms of use may not be exactly the same when the public starts using palm payment.
Once you click accept, the machine will prompt you to scan your palm.
Using Tencent’s palm recognition technology, the machine verifies both the palm print and the unique pattern of veins under the skin.
The biometric data is then converted into a template, which is like a string of code, and stored in the system. Once the conversion is complete, the raw biometric data is deleted.
Next, tap a Visa card on the screen to pair it with the palm that has been scanned. The cardholder will receive a notification from the bank that issued the card for approval, similar to the process of authentication when making an online transaction.
After that is completed, the machine will charge the card when your palm is presented.
The entire process takes just about one minute according to early tests, but could be faster in future, Visa said.
IS PALM PAYMENT NEW?
Palm payment has been available in Singapore since as early as 2019, though it has yet to become a mainstream form of payment.
Octobox, which runs a chain of unmanned smart convenience stores, allows customers to link their palm to their DBS PayLah! wallet.
Its first store opened in July 2019 at the National University of Singapore (NUS), and it is set to open its seventh outlet in January next year.
Customers are also required to scan their palms to enter the store.
Mr Jeffrey Sun, founder and CEO of Octobox, said 200,000 people have registered their palms, though they may choose to pay for their items using other methods besides palm payment.
At the NUS outlet, around 3,000 to 5,000 people enter the store each day, he told CNA.
The palm scanning technology used in Octobox stores can be linked to credit cards, but Mr Sun said the company would probably consider doing so only if the processing fee can be lowered.
Those who want to use credit cards in Octobox can still do so using traditional point-of-sale systems.
CONVENIENT, BUT SECURITY CONCERNS REMAIN
The main advantage of palm payment is convenience for consumers, said Mr Dmitry Volkov, chief executive of Group-IB, a cybersecurity firm.
“You can leave behind your cash, wallet, bank card or electronic device, but your palm is always accessible,†he said.
Your palm is also not something that can be misplaced, which makes this method of payment more reliable, he added.
But fraudsters are always coming up with new schemes, experts said.
Mr Arun Kumar, regional director of technology management company ManageEngine, said artificial intelligence and deepfake technology could be used to create fake versions of palms.
“Countermeasures, such as liveness detection, need to be in place to detect whether there are spoofed or impersonated identities,†he said. Liveness detection refers to techniques used to determine if a person is alive and real.
Companies must also ensure their systems are secure and protected.
“While individuals can replace a stolen credit card, it would be challenging to replace someone’s palm if their biometric data is stolen,†he said.
Mr Chua Zong Fu, head of managed security services at Ensign InfoSecurity, said palms are more difficult to spoof because they use two forms of data – the palm print and the vein pattern.
But it is still another set of personally identifiable information. “It raises similar privacy concerns as it could potentially be abused for surveillance or unauthorised tracking.â€
IS SINGAPORE READY FOR PALM PAYMENT?
Besides security concerns, another barrier could be the cost of setting up pay-by-palm machines in stores, said Mr Chua.
“Palm payment technology requires new hardware to be purchased by merchants. Mobile devices are not able to natively perform pay-by-palm,†he said.
Some stores may also find that the machine – about the size of a laptop – would take up space on their countertops.
He noted that consumers have embraced contactless payment, including the forms that involve biometric authentication – facial or fingerprint recognition.
But the added convenience of pay-by-palm may be limited since most people carry their mobile devices around and can already use that for payment.Â
Mr Kumar of ManageEngine said some may find it more challenging to accept biometric payments.
“As compared to iris scans at airports, where the data of citizens is stored by the government, individuals are more wary about private companies handling their biometric data.â€
Younger people are generally more accepting of new digital payment methods because they value convenience and have grown up around technology, he added.
When CNA visited the Alchemist 71 Robinson, at least one customer asked the staff about the pay-by-palm machine and how it would work.
Octobox’s Mr Sun said consumers care less about their palms.
“The palm is useless,†he said. “For fingerprints, you can open your door at home, you can use it at customs, maybe at the office.â€
He said Visa and Tencent’s foray into palm payment affirms Octobox’s decision to focus on this in 2019.
“It makes us feel that our strategy was right,†said Mr Sun. “We’re happy about that.â€
