Community

The process you describe makes total sense Melvin, in particular as Chip and PIN is primarily focused on the international traveler (if I am abroad I can't present myself at my branch). It does also highlight additional potential security vulnerabilities concerning PIN resets and spearphishing.

Many thanks Melvin. You are correct that this is the process in the UK, unless of course the consumer has forgotten their PIN entirely which requires a reminder or a new PIN to be send by post. In the US the process appears to be different as the banks I spoke to don't allow PIN resets at the ATM, instead relying on a process whereby the customer must appear in person at the bank with their card and ID. 

Hi Melvin, in general today, payment card transactions aren't subject to a proximity check. So when an exception occurs, which happens frequently (in particular when traveling abroad), the transaction is declined and either the customer contacts the issuing bank, or in some cases the issuing bank pre-empts the situation and contacts the customer. Applying a proximity check can "second guess" the issuing bank's risk management engine decision to dramatically lower these false positives. On the assumption that the customer has lost the phone but not contacted the bank, the "second guess" will in all probability fail and the bank will decline the transaction (which will in any event cause the customer to contact the bank). If the customer has already contacted the issuing bank, the "second guess" can be taken off for that customer which would mean that their payment cards operate as they do today.