Some bugger (this is a true story, no ID required)
nicked me name, address and phone number the other day. They tried to set up an account with some share trader. I got a letter asking me to deposit €500 and if I could activate the account. Anyway the convo went like this:
Me: Hello. I got a letter this morning asking me to register an account with the stuff you sent me.
Them: Oh, yes OK.
Me: I haven't opened this account.
Them: Oh, I'll pass you on to customer services.
Them: Hello, customer services
Me: This account you're trying to open for me, I don't want it nor have I authorised it.
Them: OK
Me: Can you give me the details of what you have?
Them: Yes.
<name>[right]
<address>[right]
<phone>[right, but numbers in wrong order]
<date of birth>[wrong]
<e-Mail>[wrong]
Me: This is NOT ME!!! Some stuff is wrong. Close this account.
Them: OK - we've closed it. Check your bank etc etc.
The rest of the day was then spent checking everything, fortunately nothing suspicious has happened. However, had this site opened an account for me and deposited said €500, I would be the one being chased for it, copping any comeback. During the convo they mentioned that it had been done before.
A stolen address and phone number is enough to cause folk all sorts of problems, let alone a whole set of biometrics. Biometrics assumes that entropy (e.g bindness or accidents such as chopping off fingers, newly emerging gene therapy etc) doesn't happen, so it's doomed to fail. It proves one thing: You can't prove who you are; all you have is supporting evidence.