Security experts from from Germany's Security Research Labs have broken into Samsung’s fingerprint technology by taking a fingerprint smudge from the smartphone and creating a "wood glue dummy" finger with it. Apparently the S5 falls for the fault every time.
The problem is because the scanner has such a high trust rating within the phone, it will also mean that any thief will have access to the owners PayPal account. Neither of these actions require an additional password to be entered. PayPal has said that while it was taking the findings from Security Research Labs seriously, it was confident that fingerprint authentication offers and easier and more secure way to pay on mobile devices than passwords or credit cards.
The scan unlocks a secure cryptographic key that serves as a password replacement for the phone and this can be deactivated from a lost or stolen device, and you can create a new one. Paypal also uses sophisticated fraud and risk management tools to try to prevent fraud before it happens.
However you would think someone would have learnt by now a similar method was used to break the iPhone 5S' fingerprint scanner last year. A better method was to cut the iPhone owner’s finger off. It was more messy but a lot more satisfying. There is a video of German researchers figuring out ways of making your phone talk after the break.