Changing PIN at ATM - risks involved ?

ovisirius · 2019-01-31 20:07:15 UTC

Hey all, this is about changing your PIN at an ATM.
Recently tried this with a Premium Revolut Mastercard and it worked flawlessly. The only issue, which I consider a pretty big security risk, is that you are not notified at all of the PIN change.

This could lead to a situation where an attacker can obtain your PIN and your card (granted the first one is harder to do) and then happily change the PIN at an ATM and continue using your card.
Of course you would suspect something is wrong when you get a transaction notification but I think a PIN change should be confirmed only from the APP. Or at least, the system should send a notification of the PIN change to the app.

Regalia · 2019-01-31 20:09:24 UTC

In what country and what ATM could you change the PIN?

Preprocess · 2019-01-31 21:32:27 UTC

Well if they have your original pin, changing it doesn’t really make it easier. They can just keep using the original pin.

redi · 2019-01-31 23:58:36 UTC

It isn’t card’s issue. This is ATM’s matter. (E.g. in Poland you are able to change the PIN in almost (?) each ATM.

ovisirius · 2019-02-03 09:51:33 UTC

@Regalia . Romania , Transilvania bank
@redi, I am not sure who you’re responding to or what you’re referring to

I was stating that changing your pin doesn’t notify the user at all.

rob · 2019-02-04 14:01:24 UTC

I doubt the first thing a potential mugger would do having obtained your card and demanded you supply your PIN would be to run to the nearest ATM to change it. I would expect they would be more keen to withdraw cash from an ATM as quickly as possible using the PIN you’ve given them, and then use your card as much as possible before it’s blocked.

That said, a notification in the feed indicating a PIN change has occurred certainly cannot hurt.