Mr Arun Kumar, regional director of technology management company ManageEngine, said artificial intelligence and deepfake technology could be used to create fake versions of palms.
“Countermeasures, such as liveness detection, need to be in place to detect whether there are spoofed or impersonated identities,” he said. Liveness detection refers to techniques used to determine if a person is alive and real.
Companies must also ensure their systems are secure and protected.
“While individuals can replace a stolen credit card, it would be challenging to replace someone’s palm if their biometric data is stolen,” he said.
Mr Chua Zong Fu, head of managed security services at Ensign InfoSecurity, said palms are more difficult to spoof because they use two forms of data – the palm print and the vein pattern.
But it is still another set of personally identifiable information. “It raises similar privacy concerns as it could potentially be abused for surveillance or unauthorised tracking.”
IS SINGAPORE READY FOR PALM PAYMENT?
Besides security concerns, another barrier could be the cost of setting up pay-by-palm machines in stores, said Mr Chua.
“Palm payment technology requires new hardware to be purchased by merchants. Mobile devices are not able to natively perform pay-by-palm,” he said.
Some stores may also find that the machine – about the size of a laptop – would take up space on their countertops.
He noted that consumers have embraced contactless payment, including the forms that involve biometric authentication – facial or fingerprint recognition.
But the added convenience of pay-by-palm may be limited since most people carry their mobile devices around and can already use that for payment.