Biometric security is difficult to bypass. It requires the physical verification of an individual’s characteristics to authorize a login or some other transaction.
Stealing a Biometric ID is Even More Difficult: Devices are designed and rigorously tested with this in mind.
Picture This: Supposing instead of a thief having to pick or break a lock, he simply convinces the owner to open it for him?
That’s how a growing spate of fraudulent apps work on mobile devices. People are used to providing biometrics for authorization, but are also conditioned to trust the biosensor for health apps – so the bad actors have learned to exploit people’s desire to take more interest in and control of their health to acquire biometric consent which is then used to commit fraud https://www.forbes.com/sites/kateoflahertyuk/2018/12/03/scam-apple-apps-use-the-fingerprint-scanner-to-steal-cash/
A good safeguard is a double-authorization for payments. iPhone users can enable the “double click to pay”, while other reputable payment processors (e.g. PayPal) offer 2-step verification with an authenticator app or a code sent by SMS. Sure, it slows down the frictionless payment experience a little – but also keeps you in control of your authorizations.
Relying on fingerprints alone has been doubtful for quite some time now https://www.theatlantic.com/technology/archive/2017/03/new-biometrics/520695/