Startup trials POS palm payments

Doing one-to-many matching is "challenging", mildly speaking - scaleability IS a huge issue. Then there is a question of template storage in the cloud - that's illegal in Europe (USA will likely follow).

Alex, good point, and we've been there before with thumbprints, and the blood vessel scans were to overcome false negatives after a fishing or handyman weekend. Here we have 5 times the data. I should probably mention a little thing I did with thumbprint sized pieces of plasma TV screens. Small LED's might suffice. I do wish them luck.

Some security issues in Europe might hamper the adoption. Since the Keyo solution is based on a remote payment transaction (at the end of the day it's a digital wallet payment done in a brick&mortar location), the recently published EBA RTS on SCA & CSC provide that a two-factor authentication must be applied for such payments but the low-value ones (max 30 EUR).

Interesting to see if TRA (Transaction Risk Analysis) could consider this biometric solution appropriate for exempting the strong customer authentication.

This is more a question than a comment.  It sounds like Keyo covers both (very good) concerns brough up by @Alexander and @Dean?  It provides enough additional data that false negatives should be eliminated and it is really no different than other mobile pay solutions.  

Isn't the multi-point palm scanner very accurate?

Hi Vernon, clearly 5 datasets is exponentially better than 1, however I don't recall false positives being as much of an issue with blood vessel scanning, as opposed to (thumb)fingerprint scanning. The amount of data you compare doesn't make any difference to the outcome provided the back end is secure (except time to process/transmit/process). Of course no back-end is secure with state actors back-dooring everything the back-end relies upon, 'secure' doesn't mean what it used to be. Personally I don't favour biometrics because they are non-renewable credentials and once compromised, they are never again 'secure'. For that reason I prefer an approach where credentials are renewable and where merchants require no additional technology (or responsibility) and there is no reliance on the security of the network.

Those are excellent points.  In fact, I have never heard anyone address the non-renewable aspect of biometrics.  Having these compromised would be exponentially worse than being a victim of identity theft today.

Cheers!