Two key PIN entry method for public access terminals: evaluated with a method using principles from universal design and safety

Abstract

This thesis takes a look at universal design and it’s principles to test a new personal identity number (PIN) entry method with public access terminals. We argue that universal design can not only make the evaluated solution better for more people, but may also solve other problems. A new model combining ideas from universal design, security and safety where the user interface is looked at as a set of modalities sending messages back and forth between the user and the system is used to evaluate the human computer interaction of the PIN entry method. Instead of looking at how users disabilities restricts their usage of the system we look at it as another constriction to the usage. Constriction do not apply only to the user, but also to the device, environment and social settings. The same messages can be intercepted by a third party to gain unauthorized insight of the information. The evaluation method was used on a novel prototype payment terminal and was tested on a group of users with visual constrictions and a group with normal vision to see if the new PIN entry method was usable and more secure. The PIN entry method was found easy to learn and use by both groups, but was slower and only showed a little improvement against observation attacks. The evaluation method was useful to get a good understanding on how different effects from modalities is restricted by different factors and that the same effects could influence the possibility for observation attack. We further think that by divide possible errors into intentional and unintentional and difference between violations and normal errors is helpful for designing system where people are involved. The need to create simple and standard user interfaces, remove unnecessary elements that is not needed for the user, are something that should improve both accessibility and security for everyone using payment terminals.