The U.S. Department of Justice (DOJ) in 2010 issued its final ruling on standards for accessibility under the Americans with Disabilities Act (ADA). New guidelines affect ATM physical access, communication, features, and privacy controls.

• Same level of privacy for all types of input/output
• Speech and Braille enabled
• Speech capable of being repeated or interrupted
• All displayed information usable by visually impaired
• TTY and TRS (Telecommunication Relay Services)

These all raise interesting security control issues for the financial industry. A person using speech mode should have the option of privacy using headphones and making the screen completely blank. Even more complicated is the use of a relay service, which by definition is a person in the middle (PitM) of a secure exchange.

Perhaps most interesting is the definition of “power-driven mobility devices”. Even a Segway qualifies, so an ATM has to be accessible to them unless a financial institution can prove that its use is unreasonable or would cause a “fundamental” change to their operations.

I also noted that the federal rule calls for one compliant ATM per location (outside is not considered in the same location as inside) but California has a 50% rule.