A visual access token, such as a two-dimensional (2D) barcode, provides optically-readable data to a system that includes an image reader, so that a user presenting the visual access token can access functions or information provided by that system. The system allows the user to access the system based on the data extracted from the visual access token by the image reader. For example, a 2D barcode may encode a Web site Uniform Resource Locator (URL) and some transaction data. The 2D barcode may be presented to a computer having a 2D barcode reader, so that the computer accesses the encoded Web site and provides the transaction data to that Web site automatically as a result of reading the 2D barcode.
It would be desirable to be able to create a visual access token that includes private information, since this would be needed to access some Web sites or other resources (such as self-service terminals (SSTs)). Such private information could be encrypted within the visual access token to prevent third parties from extracting this private information. However, it may not be desirable to enter the private information if the user is in a public location, particularly if voice input is being used to enter the private information. This is because a passer-by or some other third party may overhear the private information. Even if a user entered the private information using keystrokes on a menu-based graphical user interface (GUI), there would still be the possibility of someone else “shoulder surfing” the user to observe the private information.