WebAIM - Web Accessibility In Mind

E-mail List Archives

Re: A question about credit card numbers

for

From: Jukka K. Korpela
Date: Sep 23, 2004 4:11AM

On Thu, 23 Sep 2004, marc wrote:

> The best method I have found is to have one field and a script that
> automatically enters a "-" after every fourth character.

This, too, suffers from the problem of potential surprise and confusion.
Actually even more than automatically inserting spaces, since the number
printed on a credit card probably does _not_ contain hyphens. Moreover, it
does not really help. If the user wants to enter the number in four-digit
groups, fine; if not, don't disturb that.

> What
> you also will want to do is prevent the user from entering in any other
> character other than numeric characters (Don't alert, just don't let them do
> it).

This is questionable, and at least a space and maybe a hyphen, maybe some
other characters as well should be allowed and treated as insignificant
separators. Disallowing input other than digits (and allowed punctuation)
silently might be useful, or it might not. Someone who tries to type data
and then sees that nothing happens will probably get disoriented. And he
probably was confused already, with a wrong idea of what should be typed
here, so it could be a big mess. Maybe you should at least have a counter
for attempts to enter nonacceptable characters into the field and a test
that causes an alert and an explanation to be show to the user, explaining
the situation. But it would simpler, and perhaps just as good or better,
to have the data checked only when leaving the field, or only when
attempting to submit the form, or only in the form handler.

After all, the form handler _must_ (for several very good reasons) be
written so that it is robust and can handle literally any data
(including a gigabyte of junk, lack of any data, and anything between)
and can issue a well-designed understandable error message for any
incorrect data, along with a new form that has been prefilled with the
part of data that was acceptable and with indications of missing and
invalid data. Doing this _right_, which is crucial, tends to keep people
so busy that there are little resources left for client-side pre-checks,
no matter what additional value they might have. In any case it's best to
start from it, and consider client side scripting afterwards, with a
critical mind - it is easy to add scripting that might help _some_ people
_some_ of the time, but it might hurt others or in other situations.

--
Jukka "Yucca" Korpela, http://www.cs.tut.fi/~jkorpela/