- From: Joshue O Connor <joshue.oconnor@cfit.ie>
- Date: Mon, 09 Jul 2007 09:55:06 +0100
- To: Charles McCathieNevile <chaals@opera.com>
- Cc: Al Gilman <Alfred.S.Gilman@ieee.org>, wai-xtech@w3.org
>>> The Chevy Chase Bank talking ATMs echo the pin when an earphone is >>> connected. >> >> So there is actual practice along these lines. Thanks. [...] > I think this is about right. For what it is worth, when entering passwords on phone browsers with numeric key entry or even handwriting, >there is a screen echo of the character, that is replaced (typically with '*') after you start the next character or after a time delay. FWIW - The Chase Bank example would not be best practice or even common. I would be surprised if it was. There is understandable hesitancy amongst banks to make this echo feature a standard (or a feature users can _ever_ expect) for accessible ATMs as there are serious security considerations to bear in mind when echoing the users PIN numbers. I would think that what Chaals suggests (replacing the output with '*') would be more common - particularly with accessible ATMs. Therefore I have a hunch that the example of the Chase ATM is the exception rather than the rule. Why? If the PIN that the user enters is echoed via the audio output, would it be difficult for some device to be attached to the audio output which records this information and transmits it to a third party? Probably not. In Ireland there was no way an ATM with this feature would be allowed on the street, particularly as this feature was installed especially for blind users - who may not notice anything wrong with the ATM unit or detect any tampering with the facade of the ATM, until of course its too late. All it takes is a couple of high profile scams - where scammers abuse an accessibility feature - to set to cause of accessible banking back to the stone age (a tad dramatic but nonetheless true). Cheers Josh
Received on Monday, 9 July 2007 08:55:21 UTC