Amazon One FAQs

Amazon One enables frictionless, secure biometric authentication for both businesses and customers using AWS-encrypted palm authentication. Simplify user experiences while enhancing operational efficiency and security across touchpoints e.g. at point-of-sales terminals or check-in kiosks. No ID cards, passwords, or wallets needed.

Our palm authentication technology provides a unique biometric signature for each user minimizing risk of duplicated, shared, or compromised credentials, even in the most sensitive enterprise environments.

Amazon One delivers sub-second authentication, enabling fast and seamless access to services, systems, and secure areas.

User data isn't shared with third-parties, and only used to operate and improve the AO service.

Users can choose where and when to use their palm for verification, manage business enrollments, and protect their data with instant encryption and deletion rights.

Palm data and Amazon One payment information are not stored on mobile devices when users sign up, nor on our Amazon One device. When users scan their palm, the palm and vein images are immediately encrypted and sent to a highly secure storage area in the AWS Cloud, built on industry leading infrastructure using well tested best practices, where a unique palm signature is created.

Customer trust is our top priority. We protect user data with AWS's high security standards, leveraging the AWS Cloud, along with multilayered security controls built into the Amazon One hardware, software and cloud infrastructure to ensure that customer data stays encrypted and secure.

Multiple security controls protect user data at all times, including, but not limited to, encryption, data isolation, and dedicated secure storage areas with restricted access controls.

The palm is unique, and the features of a palm change little over time—offering a convenient, secure, and accurate way to authenticate identity. We chose palm authentication over other biometrics because it is more private, contactless, and intentional. Waving a palm requires an explicit action, putting users in full control over when and where they can use this service.

Amazon One works with certified hardware and approved form factors. Our certified devices are designed to meet strict security, performance, and anti-spoofing standards.

Enrollment is completed through the Amazon One mobile app (available for download in iOS and Android app stores), AO integrated into enterprise-specific workflows (via app clip or instant app), or in-person using AO-enabled devices at participating businesses. The process is quick, secure, and optimized for enterprise environments—enabling users to authenticate in seconds after enrollment.

Amazon One reduces risk of shared, lost, or stolen credentials. Each authentication is tied to a single individual, helping prevent unauthorized access.

Yes. Amazon One supports integration through secure APIs and certified deployment models, allowing it to connect with identity platforms, access control systems, and enterprise applications.

Amazon One is currently available in the United States.

Yes. Amazon One has a data protection architecture built on AWS's proven security infrastructure and is used in sectors that require strong identity assurance, such as healthcare, finance, and travel.