It started when he signed up at a new bank, giving them his phone number. Somehow the bank enrolled his in their online banking system, which notified Samsung, who remotely initiated the "let's give your phone a pin" flow, presumably to protect him during online banking.Do you have a proof that this actually a thing? I don't see what mechanism exists to do this and I don't see why Samsung would even bother to do this.