I did say there has been an attack on fingerprint in my comment above, BTW.
Everything can be stolen. I am not sure if you can stop identity thief. Someone would have done so if it can be stopped. The goal is to make stealing harder. Combine fingerprint with other verification (see above too). My original comment was on the fact that once you sign in with fingerprint, you are good to with for a duration (Captial One logs you out automatically after ~2 minute of inactivity on my iPhone, which is wayyyyyy more secured than other bank apps I have used).
Read the linked post. It explains why the distinction needs to be made between identity and authn/authz.
Point being biometrics is a bad idea to start with. CapitalOne doing this means they are failing to make the same distinction much like a 6 char password minimum etc. etc.
Everything can be stolen. I am not sure if you can stop identity thief. Someone would have done so if it can be stopped. The goal is to make stealing harder. Combine fingerprint with other verification (see above too). My original comment was on the fact that once you sign in with fingerprint, you are good to with for a duration (Captial One logs you out automatically after ~2 minute of inactivity on my iPhone, which is wayyyyyy more secured than other bank apps I have used).