I think the introduction of biometric verification is a good move. I also think that the clients details should be immediately sent to the system and the agent should make sure to let the client know that his information has been forwarded. This will prevent the attacker from even causing any damage.