What is the risk in the following scenario:
- A bank wants to use an ATM pin (debit card and/or credit card) as an additional form of authentication after the customer logs in to her online/mobile banking platform
- As the bank owns the cards, it may select to use the ATM pin in whichever way it wants, so it does not violate any compliance requirement
- Also, assume that all the cards use EMV i.e., chip and pin
If criminals steal all of the ATM pins, what can they possibly do with it? What is the risk exposure to the bank in this scenario?