I understand that various types of malware attempt to steal ATM pins .
Presumably the attackers have no access to the physical card, so what can they do with the pin?
In this case, is it needed to keep the pin secure? Or is this part of an attack that involves stealing the actual card?