I was in Nature’s Basket the other day. When I took out my credit card to pay the bill, I noticed the fancy all-touch-screen POS the cashier pushed towards me. It’s a device with a cradle charger, and frankly looks quite fancy, though I do not have any qualms with the usual all-black push button POS machines we see everywhere else.
Nevertheless, it caught my attention. It looks somewhat like this:
Except, when my card was inserted and I had to enter the PIN to authenticate, it looked somewhat like this:
Do you see the difference? Yes the digits are switched around. Possibly some team convinced everyone that it is a high security feature and would reduce fraud/misuse of cards. Here’s my take on why this design decision has gone wrong.
What are we trying to solve here?
- Negative use case: Someone is carrying a stolen card and has somehow figured out the PIN, though a skimmer, social engineering, maybe overheard the owner somewhere, or looked over their shoulder. Such users remember the PIN’s digits, commit them to memory, and would maybe revise it in their head while the card is being swiped. Does this interface gimmick prevent them from using the keypad? I doubt it. They are anyway going to be looking for the digits on the screen, and pausing after every keypress. There is hardly any change in behaviour for such people.
- Positive use case: The actual owner of the card. Most of us do not repeat the 4-digit PIN in our heads before punching it. After the initial 5-10 times, we just repeat the keystrokes on the POS. It’s muscle memory for most of us. Because of this design change, we have to punch in the keys like anyone from the negative use case bracket would – punch-pause-punch-pause, and in between try to remember if 2 came before 8 or after and if there really was a 7 in the middle, because the keys aren’t where our brains expect them to be. All this design change does is make the legitimate users look like they have just cracked the PIN to a card they found on the street.
- Now let’s talk about the other positive use cases: The elderly, disabled, kids carrying the card. Those who do not depend on muscle memory to punch in PINs. These people might anyway be remember one digit at a time, so should it be okay to switch the digits around? These people are not going to touch type, why are we making it difficult for them to look for digits? Nothing is where you expect it to be.
What is the point really of such an interface change, when it a) prevents legitimate users from using the system effectively, and b) does nothing to prevent misuse/fraud, when I’m sure that fraud prevention would have been cited as the reason number one to implement this.