Biometric security is difficult to bypass. It requires the physical verification of an individual’s characteristics to authorize a login or some other transaction.
Stealing a Biometric ID is Even More Difficult: Devices are designed and rigorously tested with this in mind.
Picture This: Supposing instead of a thief having to pick or break a lock, he simply convinces the owner to open it for him?
That’s how a growing spate of fraudulent apps work on mobile devices. People are used to providing biometrics for authorization, but are also conditioned to trust the biosensor for health apps – so the bad actors have learned to exploit people’s desire to take more interest in and control of their health to acquire biometric consent which is then used to commit fraud.
A good safeguard is a double-authorization for payments. iPhone users can enable the “double click to pay”, while other reputable payment processors (e.g. PayPal) offer 2-step verification with an authenticator app or a code sent by SMS. Sure, it slows down the frictionless payment experience a little – but also keeps you in control of your authorizations.
Relying on fingerprints alone has been doubtful for quite some time now.