A crowded subway in Shanghai. People move quickly toward the turnstiles, but no one takes out their wallet or smartphone. A fluid wave of the hand, a quick scan and the payment is done. This is the dynamic of the new payment system launched in China. A technology that promises to make cash, cards and even smartphone payments obsolete, but raises questions about privacy (and the security of biometric data).
The future is already here, but are we ready?
The technological giant Tencent is leading China into a new era of digital payments. With the system Weixin Palm Payment just pass your hand over a sensor to complete a transaction. The technology uses a infrared camera to read each person's unique palm print and the veins under the skin, creating a sort of biometric signature that is impossible to replicate.
It strikes me that this innovation comes just as the debate over digital privacy is more heated than ever. On the one hand, we have the extreme convenience (no more forgotten wallets or dead smartphones), on the other, the subtle, disturbing sensation of literally handing over a part of ourselves to a centralized system.
And then, excuse me if I say it, but after the story of the Swiss gas pipeline that sent half the European banking system into a tailspin, it makes me smile: okay, the wave of the hand, but if then a technical issue it blocks everything, we are really left with nothing, and with our hand we wave goodbye to the shopping.
The challenge between East and West
This is not the first time we have seen such technology. Amazon has been using his system for a long time Amazon One in the United States, which allows customers to pay with the palm of your hand. But there is something different about the Chinese approach, a scale and ambition that goes beyond simple retail.
Guo Rizen, deputy director of Weixin Pay’s industrial application unit, expresses great confidence in the system. And who can blame him? In a country where digital payments are already the norm, this is just the next logical step.
But while in the West such innovations are greeted with a mix of fascination and skepticism, in China adoption appears to be proceeding apace, reflecting two profoundly different approaches to technology and privacy, and whispering something about the future.
The hidden risks behind the convenience of payment
Professor Edward Santow ofUniversity of Technology Sydney raises legitimate concerns. His vision is clear: people do not want to live in a state of constant surveillance, where every transaction can be monitored and recorded.
The risk, however, is not only theoretical. And formulas like "let the invasion of privacy be welcome, if one has nothing to hide" do not work. As Santow himself points out, when personal data is collected on a large scale, it becomes the sweetest honey for cybercriminals.
Any examples of malicious use of palm scan payment?
In Japan, where 80% of banks are using palm vein authentication to replace ATM cards, a criminal could replicate stolen venous patternsi to directly access the victims' bank accounts. Unlike a password or PIN, the victim would never be able to use that authentication method again once it was compromised.
Another example? Researchers at New York University and Michigan State University have demonstrated how they can create artificial “master fingerprints” by combining common characteristics found in several stolen biometric databases. These synthetic fingerprints can fool the sensors of most smartphones, potentially allowing unauthorized access to payment devices and apps.
Why is it particularly serious?
The fundamental problem, I repeat to better fix the concept, is that unlike passwords or credit cards, once biometric data is compromised, cannot be modified or replaced. The victim is therefore permanently vulnerable, with no possibility of “resetting” their biometric identity.
It's a bit like playing poker with all your cards face up: once you've shown them, you can't hide them. How do you feel about a future like that?