Any merchant that would release goods or services without an approval code exposes themselves to a loss. Of course it's possible for a merchant to store the card information and post it later, but it's far from a good idea.
The ATMs can be configured for both cases. If the ATM is in a well-trafficked area, with a (normally!) low degree of crime, the bank may set it for high-availability vs. hard-transactional to avoid inconveniencing their customers.
Don't forget that the banks make their money from ATMs off the transaction fees, so if a foreign customer's bank is unreachable at that moment, they may still take a chance and give them their money (plus charge them the $4).
Most larger chains have a limit up to which they'll accept that risk. For obvious reasons what those limits actually are is very closely held information.
