Collaboration: Design, iOS/Android Engineering, IT Backend Engineering (APIs), Customer Service
Collaboration: Design, iOS/Android Engineering, IT Backend Engineering (APIs), Customer Service
Collaboration: Design, iOS/Android Engineering, IT Backend Engineering (APIs), Customer Service
Frictionless Authentication of Consumer Transaction
Role: Product Manager
Project Team: Francis Rodrigues, Gilberto Cardenas, Paul Tutty, Juan Flugelman, Manuel Ryan Espinosa
When: April 2018 - September 2018
Project Summary
This work was part of the capstone project of my master's degree in Human-Computer Interaction & Design from UCI. The main goal was to research best practices for increasing mobile permission opt-in rates for e-commerce and banking applications.
Our Client MSignia
mSIGNIA is a software cybersecurity company specializing in SDKs – especially mobile app SDKs for iOS and Android – which collect identity and risk data to protect payment transactions like those defined by EMV 3DS and EMV SRC. mSIGNIA’s SDKs collect the data required for multi-factor authentication in compliance with PSD2 SCA and proprietary authentication methods like behavioral and digital biometrics.
CLIENT GOAL
PROVIDE A BEST PRACTICES WHITEPAPER TO THEIR INDUSTRY TECHNICAL BODY THAT REINFORCES THE VALUE OF GOOD USER EXPERIENCE.
PROJECT GOAL
RESEARCH AND DEVELOP A RECOMMENDATIONS DOCUMENT FOR THE MOBILE USER EXPERIENCE AROUND REQUESTING PERMISSIONS AND SHARING DATA.
Approach | Framework Followed
We followed the Design Thinking framework for this project. We adapted this approach to include an exploration phase to gather insights from academic papers and narrow scope before we went into user research.
Explore Goals
Our team needed to grok our client's
highly technical product and product
space before moving into user
research. We read a large amount of
industry & academic research before
feeling confident to develop our
problem statement.
Empathize
We surveyed over 100 iOS users
who consider themselves early
adopters. Additional qualifiers
included living in North America and
age 18-40. Additionally, we
interviewed ten early adopters to
understand how they feel about
mobile security and authentication.
Define
Being spread over two continents,
our team used RealTimeBoard to
collaboratively synthesize our
findings. We identified more than
150 unique data points. Through
grouping and categorization we
were able to hone in on the most
important problems.
Ideate
Using the 6-3-5 method, we defined
six problem statements that guided
us through the ideation sessions and
several ideas on how to solve them.
We prioritized two of them
according to our client’s goals and
proposed a few ideas that would
turn into wireframes.
Prototype
Focusing on e-commerce, we
developed two prototypes initially.
Both considered placement of the
experience within the customer
journey, with UX writing, user
pyschology, and logical flow
considered throughout the design.
Mid-fidelity design was used to
avoid design bias.
Test
Both prototypes underwent
unmoderated user testing. After
consolidating results, our research
team was able to develop and test a
second prototype iteration. The
second iteration received more
positive feedback, which helped
shape our final recommendations
and user flows.
Highlights of User Research
After an intense review of academic papers, further data was gathered through surveys and interviews, to gain further insights into the motivation that mobile users have when performing online transactions.
-
Survey
Over 100 randomly sampled early adopters and current e-commerce users across the United States.
-
Interviews
We conducted 10 semi-structured interviews in order to gain insight on how users currently manage privacy and permissions on their phones.
Synthesis of Data
130+ data points were collected from 10 user interviews. This allowed us to identify patterns such as:
-
People overwhelmingly reuse passwords.
-
80% of participants believe permissions are used purely for targeted marketing.
-
Location is the most cited permission.
-
Most participants prefer to know what permissions are required as early as possible.
Prototype and User Testing
Focusing on e-commerce, we developed two prototypes initially. Both considered placement of the experience within the customer journey, with UX writing, user psychology, and logical flow considered throughout the design. Mid-fidelity design was used to avoid design bias.
Unmoderated Usability Testing | Tool: UserTesting.com
Conducted to test the frictionless authentication on real users representing our target group. The benefit from doing an unmoderated test was that it would take less time to schedule participants, obtain less bias as the absence of a moderated would provide more natural results. It was also cheaper and easier to recruit participants.
Options to be tested based on two shopping experiences
End of registration vs. end of checkout
Results of second iteration of user testing
Options to be tested based on two shopping experiences
Outcomes
After user testing, it became clear that:
-
Three permissions in one sequence was the limit before users fatigued.
-
Aligning permission text with the value to the user reduced confusion.
-
One-page introduction screens empower users as they are now requesting the permission dialog.
-
Contextualizing permission requests reduced friction.
Conclusion
-
The value proposition to consumers is one of convenience - the ability to quickly complete transactions with at least as much security as existing methods.
-
Conveying the value proposition to the user in a concise manner is of utmost significance.
-
The focus of the project was iOS within the U.S. Android and other markets require further study.
-
Our exploration phase was a gap analysis. Our research filled a large gap and left others.
-
We, therefore, designed our research to be repeatable to allow comparative studies.