Amazon has described Amazon Go as "a new kind of store with no checkout required”, which essentially means that you won’t have to stand in line to make payments. The Go store works with the new Amazon mobile app that detects the items placed in your basket and seamlessly bill your Amazon account using sensors when you exit the store. Amazon is pushing the boundaries of machine learning, sensor fusion, and computer vision to provide a massive shift in commerce and user experience. This brings along with it a lot of questions around identity theft, mobile security, and credit card fraud.
Account Takeover Fraud
Uber, PayPal and even Netflix accounts have become much more valuable to fraudsters than your credit card numbers, as evidenced by the price these stolen accounts now fetch on the dark web. "Stolen Uber account information on the dark web sells for an average of $3.78 per account, while personally identifiable information (PII) was listed for $1 to $3.30 on average" according to data compiled by Trend Micro. With usernames and passwords being widely reused by consumers, these compromised credentials can either be used to build a fuller picture of a victim for identity theft, or they can even be used to takeover your Amazon account.
So, how does Amazon know whether it is the real user who is logged into the mobile app and not some fraudster who has compromised your credentials. Amazon Go would benefit by leveraging technologies such as behavioural biometrics - that learns users habits and interaction patterns such as gait, the way you hold your phones, the angle you hold it among others as you moving through the stores sensor gates - to spot anomalies, fraud and step up authentication.
Quite a few apps have started turning on two-factor authentication, which is useful - but introduces a lot of friction into the experience in a world already overwhelmed with usernames and passwords. On the other side we have experiences like Uber that makes the payment process invisible, as opposed to fumbling for cash or card at the end of the ride. Amazon has been doing this for several years with their 1-click online buying experience.
Already, Uber like companies are targeting customers where it matters – in convenience. Today, there are apps that allows drivers to pull up to a gas station, fill up and drive off - using automatic number plate recognition to debit your card and top up your loyalty points.
Online commerce took off because it gave us more choices, mobile commerce succeeds because it brings these choices closer. App and conversational commerce is going to take over both by making it faster and more convenient than ever before. The key in enabling this frictionless experience is establishing trust with users and consciously supporting and protecting you while you take on the associated risks.
Mobile Fraud and Behavioral Biometrics
A couple of major security issues to consider would be account takeover fraud (where fraudsters get hold of user login credentials) and new account registration fraud (where fraudsters create new accounts using stolen card details). It will be interesting to see how Amazon Go will address these challenges, but behavioural biometrics, continuout authentication and deep device fingerprinting will play an important role in identitying the real user behind the transaction and fighting fraud by fitting in seamlessly into the invisble payment experience.