This is not because you are using a biometric system that it is secure: biometrics are only a small brick in a secure system, and you must be cautious when speaking of security.
The security of a fingerprint system may be divided into two main areas:
First of all, it's important to remember that absolute security does not exist: given funding, will, and the proper technology, nearly any security system can be compromised. So, protective techniques must be adapted to the cost of the object (or location) being protected.
When you are asked to prove your identity, it is not the fact that you are living that is required, but something more. What is desired is "I'm Mr. Mainguet and I agree to the transaction." In other words, "I'm a living person not under threat, and I agree to make such and such an action." This system is impossible to make today (how do we read your brain?!), but this would be the ultimate system.
For an unattended system (ATM for instance), it is important to have a fake/dead finger detection.
For payment in a store, using a fake will be much more difficult and risky, it's easy to check for that.
Showing your finger to the other person may become a normal gesture just to say,
"I'm honest, you can check for yourself."
Checking if you have a real sensor is exactly the same problem as the smart card: the card has to prove that it is a real smart card. The same solutions will apply.
The reference template must be processed exactly like the actual password used in smart card:
the reference template must not be corrupted.
The next page is about biometrics & cryptography.
I recommend to read the articles concerning biometrics written by Bruce Schneier,
who is absolutely not convinced into biometrics, and whose arguments are to be seriously taken into account.
Je recommande la lecture des articles concernant la biométrie écrits par Bruce Schneier, qui n'est absolument pas convaincu par la biométrie, et dont les arguments sont à prendre au sérieux.
An exemple of electronic security: it is better (understand: you must) to encrypt data: