Panera Bread restaurants in select locations will install Amazon One devices that scan the unique features of the palm to record a signature for purchases.
Though advertised as making paying easier, the technology has raised security concerns.
Users pre-enroll online at Amazon One, and then complete enrollment in person at a location that uses Amazon One palm-scanning devices.
Specifically, with Panera Bread, users link their personal MyPanera loyalty account with their Amazon One account.
Panera Bread, the first national restaurant to use Amazon One, will initially deploy the technology in its home city of St. Louis, Missouri, with plans to expand to other states later.
“After a simple scan of the palm, Panera associates will be able to greet guests by name, communicate their available rewards, reorder their favorite menu items, or take another order of their choice, extending the guest experience into a true and meaningful relationship,” the company said in a press release. “When they are done ordering, guests can simply scan their palm again to pay.”
Panera Bread said the technology is optional.
Amazon One is currently used at over 200 locations, such as select Amazon Go, Amazon Fresh, and Whole Foods Market stores.
The devices are found in entertainment venues, major airports like Atlanta, Dallas, Nashville, and Los Angeles, and sports stadiums such as T-Mobile Park, Climate Pledge Arena, and Texas A&M Kyle Field.
Security Concerns
Despite its convenience, some users and politicians expressed concern over how protected the stored personal data truly is.
On March 16, Alfredo Perez filed a lawsuit (pdf) against Amazon, alleging that the company didn’t notify customers in Amazon Go that it was tracking, collecting, and storing customers’ biometric information.
The lawsuit cites a 2021 New York City law that states if a business collects, stores, or shares biometric information, it must post signs near its entrances to alert the customers.
“Since 2019, when Amazon first opened several Amazon Go stores in New York City, Amazon has collected, converted, retained, and stored the biometric identifier information of all customers who enter its Amazon Go stores,” the lawsuit states.
“Unlike traditional grocery or convenience stores where cashiers scan what customers are purchasing and charge them for the goods, an Amazon Go customer typically leaves the store with the goods they want and is automatically charged for such goods without waiting in line, scanning, or interacting with a cashier.”
This “Just Walk Out” technology allows stores to accumulate customers’ biometric identifier information, including palm-scanning and movement tracking.
In 2021, Sens. Bill Cassidy (R-La.), Amy Klobuchar (D-Minn.), and Jon Ossoff (D-N.C.) requested information about Amazon’s biometric data collection after expressing concerns following reports of the company offering credits to those who would share their biometric data.
“Amazon’s expansion of biometric data collection through Amazon One raises serious questions about Amazon’s plans for this data and its respect for user privacy, including about how Amazon may use the data for advertising and tracking purposes,” the lawmakers wrote.
“Amazon One users may experience harm if their data is not kept secure. In contrast with biometric systems like Apple’s Face ID and Touch ID or Samsung Pass, which store biometric information on a user’s device, Amazon One reportedly uploads biometric information to the cloud, raising unique security risks. … Data security is particularly important when it comes to immutable customer data, like palm prints.”
‘Palm Recognition Most Secure,’ Says Amazon
In Panera Bread’s press release, it said personal, private data shared with Amazon One is securely stored with “multiple security controls,” and the palm images aren’t stored on the Amazon One device.
“All images are encrypted and sent to a highly secure area custom-built for Amazon One in the cloud where palm signatures are created,” the company said.
When reached for comment, an Amazon spokesperson told The Epoch Times that Amazon chose palm recognition because it is considered the most private of other biometric options because identity can’t be determined by scanning their palm.
“It also requires an intentional gesture—hovering your palm over an Amazon One device—to use,” Amazon said. “Additionally, protecting customer data and safeguarding privacy are foundational design principles of Amazon One. For example, Amazon One is protected by multiple security controls, and palm images are never stored on the device. Rather, the images are encrypted and sent to a highly secure, custom-built area in the cloud where we create a unique palm signature. We do not share your palm images with anyone.”