And now we know why it's so broken. None of those methods should be used for true security (especially when you're talking about a billion people). Biometrics are not much better than SSNs - once they're stolen, it's game over (for life).

The reality is the government chose biometrics primarily so it can more easily track people. It wasn't to make it easier for them to use banking services.

Biometrics as a third factor to password and otp would be ideal. However biometrics as a second factor to otp is good enough, to make it frictionless.

If that's why it is broken, then I would be happy with it. Nobody is using fake biometrics to authenticate yet. And even then there is the second factor of otp.