If the security token is not received, then the user should check their spam or junk folder. The email is from Elastic Email on behalf of Embassy Bank. The one-time registration password is forwarded to the email address that is on the cardholder record. The one-time Forgot Password security token is sent to the email address that the user entered when registering in CardValet.