Mythbusters spent 3 days experimenting with ways to break into a high security thumbprint lock. They did it in ten minutes using both a photocopy of a fingerprint, and a more complicated method of using a cast fingerprint lifted off of a CD.
For the few customers who do work with equipment that’s secured with biometrics, it is something to consider. If someone with less than honest motives was working at a car dealership that had access to your thumbprint, they would also have your employer’s name and information.
Update: some interesting links via an old boingboing post:
Gummi bears defeat Fingerprint Sensors
Some dealerships say that thieves are deterred when thumbprints are taken. But since they don’t tell you about about this policy until the last minute, customers must make a very awkward choice: put your thumbprint in a box and feel like a criminal being booked, or say no thank you, and walk out the door knowing they believe you to be a thief, deterred by their clever tactic?
I believe their faith in this is misguided. When you can pick out any glass bottle out of someone’s trash and create a false prosthetic print from it with superglue fumes, how does that protect anyone? If it becomes necessary to use someone else’s thumbprint to steal a car, that’s exactly what thieves will do.
Imagine if every dealer uses this technique. It won’t stop the thieves. They’ll just get more creative.
What if your print was stolen and used to acquire a car? It could work like this: the print is run through the DMV database. Your name comes up – a perfect match, but you’ve never even set foot in that dealership. How can you ever hope to prove your innocence? Better hope you had a good alibi.
A forged thumbprint can be a damning indictment, far worse than a badly forged signature.