Standards, Laws and Accessibility
According to Standards Australia, globally there are well over half a million published Standards. These are the products of over 1,000 recognised Standards Development Organisations (SDO) worldwide.
The International Standards Organisation (ISO) has a portfolio of accessibility-related standards, but curiously Accessibility has yet to be identified as one of the benefits of standards by ISO and other SDOs.
The UN International Year of Disabled Persons (IYDP) (1981) and the subsequent UN Convention on the Rights of Persons with Disabilities (CRPD) (2006) have been instrumental in driving many positive reforms in this social policy area, as have the three standards under Australia’s very own Disability Discrimination Act (1992):
- Disability Standards for Accessible Public Transport 2002
- Disability (Access to Premises – Buildings) Standards 2010
- Disability Standards for Education 2005.
But in this digital age, in Australia and internationally, there is a startling want of laws and standards governing digital technology, particularly requirements for incorporating Accessibility and Usability features in digital products and services.
Yet the need is evident and urgent: people with disability, older persons, those who are socially disadvantaged and those with limited tech-savvy skills are among those who experience the biggest barriers when using online services, mobile apps, touchscreen home and office appliances, automated services and the myriad of other technologies now so embedded in our everyday lives.
It is against this backdrop that the Digital Gap Initiative (DGI), a not-for-profit, grassroots Australian organisation, was founded on 7 December 2014, to advocate for legal, policy and other systemic reforms, including national and international standards, with the objective of closing the gap between those able to participate in the rapid transformation of our society and those who are being left behind.
Where to begin?
The challenges of tackling the accessibility barriers of our digital age are great, but not insurmountable. Our motivation to overcome these barriers is deeply rooted in necessity, and above all driven by the conviction that digitalisation offers unprecedented prospects for universal access and real social inclusion.
DGI has therefore identified priority areas for action, among these the surge of touchscreen technologies.
Currently no national or international standards incorporating accessibility requirements for touchscreen technologies exist, a question DGI has been raising since its inception.
But standards can take many years to create and work their way through the adoption process, so it is important to set short-term, achievable goals alongside more long term goals for closing the digital gap.
While DGI is working on its position statement on Australia’s adoption of the EN 301 549 Accessibility requirements suitable for public procurement of ICT products and services, based on its submission to the recent public consultation conducted by Standards Australia, the current barriers presented by touchscreen payment devices, particularly the PIN entry issue, have highlighted a more immediate human rights issue, the basic daily activity of purchasing goods and services independently, so it is this area that our first position statement will focus on.
At the time of writing, a number of new touchscreen payment devices are being released on the Australian market. The first of these, however, and the one on which DGI has the most information is CommBank’s Albert. Another similar device called Blade is being released by the ANZ Bank, but DGI is yet to acquire sufficient information to comment on this device. Therefore, Albert is named by way of an example, but all comments apply generically to all similar devices. For the purpose of this position paper, we have not directly addressed the particular issues connected with touchscreen ATMs.
Albert has been available to Australian merchants since March 2015 and the bank is marketing it to retailers, including cinemas and restaurants, festivals and events, and medical, transport and government services that use EFTPOS terminals. CommBank attempted to retrofit an Accessibility Mode for PIN entry by people who are blind or vision impaired and cannot see the virtual keypad on the touchscreen. But 3 key issues have emerged:
- Many people find the current gesture-based PIN entry solution inaccessible, resulting in people divulging their PIN, violating the privacy and security of their payment information and subsequently breaching Payment Card Industry Data Security Standards (PCI DSS);
- Accessibility Mode to use this solution can only be activated by the merchant, and people report that many merchants do not know how to do this; and
- Accessibility Mode does not extend to the customer-facing and business-related apps on the device.
History of Touchscreen Payment Systems and Accessibility
Although touchscreens only became popular recently, concepts for their application go back 50 years to 1965. The world’s first colorgraphic touchscreen point of sale computer was created in 1986.
Ideas of designing touchscreen interface for the vision impaired (IVI) have been around for many years. For example Patent US6464135 “Method and system for assisting the visually impaired in performing financial transactions”, was published in the United States on 15 October 2002.
The possibility of using mobile apps to assist the blind, and others, to interact with touchscreen point-of-sale devices have been touted. But almost five (5) years on since this solution was suggested, there’s no standard secure procedure for mobile payments.
It is worth noting also that as far back as 2000, the Australian Human Right’s Commission’s report on Access to Electronic Commerce For Older Australians and People With A Disability referred to the then newly emerging touch-sensitive EFTPOS devices and touchscreen kiosks, noting that people who had difficulty using these were being forced to reveal their PIN. It is disquieting to read through the 19 recommendations made by the Commission at the time, and to then realise that some 16 years on we are revisiting many of the same issues.
It is therefore evident that while it is desirable, possible and necessary to develop a universal accessibility mode for use with payment devices, and codifying this in an international standard, this aspiration is not currently on the near horizon.
On the other hand, since 2004 in California USA, the law has required that any newly purchased touchscreen-based credit card terminals, or any upgraded units, must be equipped with tactile number keypads.
The Law Office of Lainey Feingold, and Co-Counsel Linda Dardarian, has negotiated close to a dozen agreements with national retailers requiring telephone-style keypads at point-of-sale devices so that people who are blind do not have to disclose their PIN when using a PIN-based card.
The Fundamental Principles of Accessibility and Usability
Underpinning the rationale for this Position Statement, and others DGI will develop, are the following fundamental principles.
Principle: Accessibility makes good business sense.
Application to this issue
- People being held up in a queue while someone has difficulty using the payment device is not good for business;
- As the US cases above demonstrate, businesses risk being sued if a customer is unable to use the payment device on the grounds of their disability;
- Businesses also lose significant revenue if a customer does not have the cash to pay to cover purchase of over $100 in the event they are unable to enter their PIN.
Principle: Accessibility and usability should be incorporated in the design phase, not retrofitted.
Application to this issue
- The accessibility and usability barriers to those touchscreen payment devices currently on the market is a direct result of not considering, and incorporating, accessibility and usability into the design phase;
- All attempts to retrofit these needs now are likely to be costly and to fall short of providing an effective, standardisable, solution.
Principle: Human Factors (HF) should be at the core of all technological design.
Application to this issue
- Evidence-based research went into the design of the telephone-style tactile keypad (dial pad) that was used as the basis for numeric keypads used in point-of-sale devices. It evolved out of the pioneering work of Jon E. Karlin in Human Factors Engineering (HFE);
- The European SDO ETSI has incorporated this principle in its Human Factors (HF); Telecommunications keypads and keyboards; Tactile identifiers Standard;
- ETSI is working to develop a common standard for tactile identifiers through harmonisation with other European and international SDOs, including ITU-T and ISO for a worldwide standard;
- Comparatively, despite the long history of touchscreen devices, there is little evidence-based research incorporating HF studies. A notable exception is the research done around Human-Computer Interaction (HCI), but this is still an evolving field.
Principle: Digitalisation has no inherent accessibility barriers.
Application to this issue
- There is no technical reason why all software and apps components of a complex payment system cannot be made fully accessible;
- Hence, there is no technical reason why a touchscreen cannot be made fully accessible using gesture-based input for those who prefer this method;
- However, other factors such as Human Factors Engineering (HFE) and diverse access requirements such as are being researched in Human-Computer Interaction (HCI) studies, need to be considered;
- There is no technical reason why a touchscreen device cannot be harmonised with other input and output mechanisms (to support the diversity of needs and abilities in human society).
Principle: Don’t reinvent the wheel.
Application to this issue
- The wheel for transportation was invented 5,520 years ago and the inclined ramp 4,620 years ago, the period known as the Bronze Age.
- While both of these inventions are what some would term “dated”, they have been successfully incorporated, or co-exist, with more modern inventions that actually enhance access;
- Braille as a literacy medium for the blind was invented over 200 years ago, and the concept as a military code for reading combat messages in the dark pre-dates this, yet today not only is Braille still used in its original form, but it has been successfully electronically adapted for use with computers, mobile phones, etc.
It is generally accepted that the Braille system has succeeded because it is based on a rational sequence of signs devised for the fingertips, rather than imitating signs devised for the eyes.
An example of this is the recent addition of tactile dots on Australian bank notes [see full story];
- The hardware tactile keypad should be retained until at least such time as a viable alternative mechanism has been developed, tested and standardised (something that has yet to occur);
- As in the above example of the marriage of Braille with new technology, tactile keypads could be adapted to access auditory (or Braille) account information not currently accessible when using tactile keypads on standard POS devices.
Principle: An existing and proven accessibility mechanism should not be removed or omitted from a product or service, without first executing an equivalent or superior alternative accessibility mechanism to replace it.
Application to this issue
- The tactile keypad is a mechanism that has provided near universal accessibility for secure and private PIN entry into point-of-sale systems globally for decades;
- No alternative mechanism by way of gesture-based screen access, mobile access, or other pathway has been successfully implemented to serve the purpose, or standardised;
- The tactile keypad is already standardised.
Principle: The onus for accessibility and usability of a product and service should be with the designer, manufacturer or seller, not the user.
Application to this issue
- Consumers and merchants should not need to compensate for the lack of accessibility of a product or service, including being expected to bear additional costs for adjustments or training, etc. (i.e. just as wheelchair users are not expected to carry a ramp with them to board a bus, consumers should not have to carry extra gadgets to use a POS terminal);
- The Australian Government’s recent adoption of accessible ICT procurement standards support this principle by placing the onus on the supplier to ensure accessibility;
- Although consumers and merchants need to familiarise themselves with new technology, technologies should conform to usability principles by design, and should not require an unreasonable amount of training;
- All customer-facing features should be able to be activated by the customer, including Accessibility Mode and other support features.
Principle: People with disability and others with accessibility needs are not just consumers.
Application to this issue
- Albert has Pre-installed Apps, and at the time of writing we were unable to obtain verifiable information if these apps are accessible;
- Accessibility Mode does not currently appear to provide access support to the other apps on board the Albert;
- On the Pi App bank support pages, which feature basic descriptions about each app available for use on Albert, there is no mention of Accessibility;
- App developers and merchants have been encouraged to design new apps for the device, and there is a Software Developer Kit (SDK) but it is only available to registered developers and there is no reference to Accessibility whatsoever in its Pi Developer Terms and Conditions Agreement;
- This means that Albert could not be used by employees or business owners who require accessibility features to use the apps;
- As the use of these touchscreen payment devices rapidly expands and older systems are withdrawn, it may adversely impact these employees and business owners.
Outcomes we are seeking
- All touchscreen payment devices should be equipped with an integrated or auxiliary standard tactile keypad as an interim, secondary method for ease of secure, private and independent PIN entry by customers, until an equivalent or superior mechanism or superior method to perform this task is developed, tested and standardised. The keypad should be coupled and cabled to the device to ensure constant availability;
- Accessibility mode, help and training features and all customer-facing apps should be able to be activated by the customer;
- All on-board apps on touchscreen and other payment devices should be accessible, based on the WCAG 2.0 ICT informative notes;
- Merchants, app developers and other third parties should be required to make their app accessible, as per above, as part of their contractual agreement with the supplier of the payment device;
- All manufacturers of touchscreen and other payment devices should be required to abide by the principles of HFE, HCI and inclusive design, including incorporating accessibility features at the design stage.
Actions and Approaches to these Outcomes
- DGI supports the current Disability Discrimination Act (DDA) complaints lodged by Blind Citizens Australia (BCA) and some individuals around the accessibility of Albert, issues we first brought to the public’s attention as far back as September, 2015;
- DGI will continue to circulate the Change.org petition it co-initiated with blind double-amputee advocate and cricket enthusiast Martin Stewart, calling for the retention of the accessible tactile keypad on touchscreen POS devices;
- DGI will approach the Payment Card Industry Security Standards Council (PCI SSC) to recommend developing accessibility criteria as part of the compliance requirements in the PCI Data Security Standard (PCI DSS), including for PIN Transaction Security (PTS) devices and methods for all PCI-certified touchscreen payment terminals
- DGI has been approached to contribute to the current review of The Australian Bankers Association’s (ABA) Industry Standards on Accessibility of Electronic Banking which were first introduced in 2002. The voluntary ABA standards cover ATMs, EFTPOS, Automated Telephone Banking and Internet Banking. DGI will comment on all of these, advocate for the ABA to adopt guidelines that would prevent recurrences of the release of inaccessible POS devices, and take this opportunity to recommend a review of the ABA’s Guiding Principles for Accessible Authentication (2007);
- DGI plans to also confer with the Office of the Australian Information Commissioner (OAIC) to raise the privacy issue of people being placed in the untenable position of divulging their PIN, and confer with other such authorities as appropriate;
- DGI will continue to confer with federal, state and local government agencies, bodies and business groups to encourage them to apply the EN 301 549 Standard in their ICT Procurement Policy when considering the purchase of touchscreen payment devices and similar products;
- DGI proposes that the Australian Human Rights Commission (AHRC) should develop Advisory Notes to the DDA on touchscreen technologies, including payment devices, ATMs, self-service kiosks, etc.;
- DGI will continue to confer with Standards Australia around the development of relevant international standards on touch screen technologies;
- DGI will continue to work collaboratively and constructively with other organisations and individuals, including experts, to explore alternative approaches to achieve solutions to the issues.
Why the PIN Entry issue is DGI’s priority concern
As further noted by Vision Australia in their recent Touchscreen Technology Position Statement “more development is required before touchscreen-based payment terminals can be considered sufficiently accessible to be used in… financial transactions”, something DGI has been publicly asserting since September, 2015. It’s still within the realm of possibility that CommBank, the ANZ and other suppliers of these devices could put a hold on the marketing of these devices, at least in Australia, in response to DGI’s advocacy and community feedback exemplified by the signatures and comments to our petition and Vision Australia’s removal of its initial commentary about Albert on CommBank’s website. All approaches must be explored, but, in the meantime:
- No evidence-based practicable solution has been developed that can currently equate or better the use of a tactile keypad for secure, independent and easy PIN entry on touchscreen payment devices anywhere in the world, despite at least 15 years of concerted efforts to this end;
- A harmonised standard for gesture-based PIN entry that may facilitate a universal solution is not currently in force and may not be on the near horizon;
- PIN Entry is an everyday task and a solution to the accessibility barriers to the performance of this task cannot wait for a national or international standard to be created and adopted;
- The alternative for bills exceeding $100 is to pay cash or cancel the purchase (i.e. if the goods have not yet been consumed, as in a restaurant or hotel). This is an imposition on customers and merchants;
- Currently many people who are blind or vision impaired, older people, people who experience manual dexterity limitations, poor eye-hand coordination and others are being forced to provide their PINs to merchants, which is a violation of their privacy and a breach of the abovementioned PCI Standards;
- Even people who are savvy users of touchscreen smart phones have reported failure in their attempts to enter their PIN using the gesture-based method in accessibility mode, because of the fact that the operation has to be performed in noisy, busy locations, often with impatient customers waiting in the queue;
- DGI supports those who call for Accessibility Mode to be turned on by the user. However, we note that even if a merchant is aware of how to turn on this mode, or the manufacturer or bank devises a method for the customer to turn the feature on, this will not, in the immediate, provide accessibility to the on-board apps. It will only be useful for those who are familiar with, and confident in the use of, the gesture-based solution (evidence indicates a mean of two years of mobile, touch-screen experience is required to be able to confidently evaluate touch-based apps), and will therefore leave without relief those unable to use this solution. Otherwise, insanely, we may need to become familiarised with different PIN Entry gestures for each device, because the Albert method is patented, whereas a keypad is standard and universal;
- Kate Begley, Policy Advisor at Vision Australia, in their Submission to the Economy and Infrastructure Committee Inquiry into the regulation of ride sourcing services (dated 5 August 2016) (page 7), further states:
“Another area of technological development is in the use of touch-screen tablet devices, with gesture based input, for the purpose of processing financial transactions. The Commonwealth Bank’s Albert Payment terminals are one such example. There is a growing trend towards the use of touchscreen-based payment terminals that are completely inaccessible for the majority of people who are blind or have low vision.
Regardless of attempts to familiarise people who are blind or have low vision with tablet gesture based devices, it must be emphasised that this is neither the preferred, nor the most suitable payment option for the majority of our community.“
The steps CommBank has taken in the direction of retrofitting accessibility in Albert have still not sufficiently addressed the needs of the many people who are simply not able to enter their PIN number on the touchscreen at outlets where the payment device is currently in use, and now similar devices are arriving on the scene, unchecked. This is exposing people to the unacceptable risk of needing to reveal their PIN number in order to process payment. Being put on the spot to enter a PIN without the familiar raised buttons of the tactile keypad (with the dot on the 5 to orientate one’s fingers with surety), is causing people to make errors, and to have their payment card blocked if they fail 3 times. The experience of having to use the device at locations which are often busy and noisy, and when impatient customers in the queue make loud sighs or tch sounds, is causing anxiety, distress and embarrassment to many and risks reviving the outmoded stereotype that people with disability are unable to perform basic daily tasks without assistance when they have previously been able to be self-reliant when paying for their own goods.
This is an extremely sorry state of affairs, is occurring here and now in the 21st Century, and so demands an immediate solution. DGI urges the retention or addition of the tactile keypad to all touchscreen payment devices as an interim measure that can, and must be, applied now. There are no PCI, technical, financial, logistical or other objections that can be made for the implementation of this solution. This solution does not constrain the use of touchscreen payment devices, that are currently on the market, as intended, or the implementation and pursuit of other workaround solutions. The flaw here is not in the solution DGI has advanced, nor are we solely concerned about the single purpose of PIN entry. The flaw is that in the rush to design multi-purpose, state-of-the art payment devices, the diversity of needs of the different users are not considered, not even for the most basic purpose of entering a PIN to process a payment, let alone for the other purposes bundled onto these so-called innovative devices. The natural course of progress means that at times even the best practices have to give way to new ideas. But a new idea that makes it difficult for people to perform an everyday task that was previously simple is not progress or innovation.
DGI has a focus on systemic change. We hold that as a country founded on the values of egalitarianism, we cannot continue to permit that products are manufactured, imported and sold that completely disregard users with disability. How is it, we ask, that, despite the fact that this year we mark 25 years of the Disability Discrimination Act, so many inaccessible products continue to circulate? It is time that Accessibility be included under the mandate of the ACCC, be regulated under Australian Consumer Law, included in trade agreements, be subject to standardisation at all stages from design to retail, and be included as one of the social values and productivity drivers that govern public and private sector policy.
Digital Gap Initiative
4 January 2017