I spent some time with Thomas Neudenberger, COO of realtime recently. His company, a SAP partner, offers a biometric security solution - to enhance SAP core security. It is primarily fingerprint driven but could also interface with retina or DNA scanner if the customer wanted . As he puts it, passwords are about what you know, smart cards and tokens are what you carry, but biometrics are truly what you are - the antidote to what he says forensic attorneys call SODDI!
A case study of the solution at Polk County School District - which had fraud preceding its implementation- is written up here. Only power users with access to critical functions are covered by the additional security.
The School District should, however, be on the watch out not to hire folks like Lukas Grunwald -)