Frictionless Authentication of Consumer Transaction

Role: Product Manager

Project Team: Francis Rodrigues, Gilberto Cardenas, Paul Tutty, Juan Flugelman, Manuel Ryan Espinosa

When: April 2018 - September 2018

Project Summary

This work was part of the capstone project of my master's degree in Human-Computer Interaction & Design from UCI. The main goal was to research best practices for increasing mobile permission opt-in rates for e-commerce and banking applications.

Our Client MSignia

mSIGNIA is a software cybersecurity company specializing in SDKs – especially mobile app SDKs for iOS and Android – which collect identity and risk data to protect payment transactions like those defined by EMV 3DS and EMV SRC. mSIGNIA’s SDKs collect the data required for multi-factor authentication in compliance with PSD2 SCA and proprietary authentication methods like behavioral and digital biometrics.

Best-in-class frictionless mobile authentication and user-device recognition solution.

Patented and privacy-compliant digital biometric technology

Seamless user experience for browser access and mobile apps.

CLIENT GOAL

PROVIDE A BEST PRACTICES WHITEPAPER TO THEIR INDUSTRY TECHNICAL BODY THAT REINFORCES THE VALUE OF GOOD USER EXPERIENCE.

PROJECT GOAL

RESEARCH AND DEVELOP A RECOMMENDATIONS DOCUMENT FOR THE MOBILE USER EXPERIENCE AROUND REQUESTING PERMISSIONS AND SHARING DATA.

Approach | Framework Followed

We followed the Design Thinking framework for this project. We adapted this approach to include an exploration phase to gather insights from academic papers and narrow scope before we went into user research.

Explore Goals

Our team needed to grok our client's

highly technical product and product

space before moving into user

research. We read a large amount of

industry & academic research before

feeling confident to develop our

problem statement.

Empathize

We surveyed over 100 iOS users

who consider themselves early

adopters. Additional qualifiers

included living in North America and

age 18-40. Additionally, we

interviewed ten early adopters to

understand how they feel about

mobile security and authentication.

Define

Being spread over two continents,

our team used RealTimeBoard to

collaboratively synthesize our

findings. We identified more than

150 unique data points. Through

grouping and categorization we

were able to hone in on the most

important problems.

Ideate

Using the 6-3-5 method, we defined

six problem statements that guided

us through the ideation sessions and

several ideas on how to solve them.

We prioritized two of them

according to our client’s goals and

proposed a few ideas that would

turn into wireframes.

Prototype

Focusing on e-commerce, we

developed two prototypes initially.

Both considered placement of the

experience within the customer

journey, with UX writing, user

pyschology, and logical flow

considered throughout the design.

Mid-fidelity design was used to

avoid design bias.

Test

Both prototypes underwent

unmoderated user testing. After

consolidating results, our research

team was able to develop and test a

second prototype iteration. The

second iteration received more

positive feedback, which helped

shape our final recommendations

and user flows.

Highlights of User Research

After an intense review of academic papers, further data was gathered through surveys and interviews, to gain further insights into the motivation that mobile users have when performing online transactions.

Survey

Over 100 randomly sampled early adopters and current e-commerce users across the United States.

Interviews

We conducted 10 semi-structured interviews in order to gain insight on how users currently manage privacy and permissions on their phones.

Synthesis of Data

130+ data points were collected from 10 user interviews. This allowed us to identify patterns such as:

People overwhelmingly reuse passwords.

80% of participants believe permissions are used purely for targeted marketing.

Location is the most cited permission.

Most participants prefer to know what permissions are required as early as possible.

Prototype and User Testing

Focusing on e-commerce, we developed two prototypes initially. Both considered placement of the experience within the customer journey, with UX writing, user psychology, and logical flow considered throughout the design. Mid-fidelity design was used to avoid design bias.

Unmoderated Usability Testing | Tool: UserTesting.com

Conducted to test the frictionless authentication on real users representing our target group. The benefit from doing an unmoderated test was that it would take less time to schedule participants, obtain less bias as the absence of a moderated would provide more natural results. It was also cheaper and easier to recruit participants.

Prototype Concepts A & B

Options to be tested based on two shopping experiences

Prototypes A & B

End of registration vs. end of checkout

User Testing Second Iteration

Results of second iteration of user testing

Prototype Concepts A & B

Options to be tested based on two shopping experiences

1/5

Outcomes

After user testing, it became clear that:

Three permissions in one sequence was the limit before users fatigued.

Aligning permission text with the value to the user reduced confusion.

One-page introduction screens empower users as they are now requesting the permission dialog.

Contextualizing permission requests reduced friction.

Conclusion

The value proposition to consumers is one of convenience - the ability to quickly complete transactions with at least as much security as existing methods.

Conveying the value proposition to the user in a concise manner is of utmost significance.

The focus of the project was iOS within the U.S. Android and other markets require further study.

Our exploration phase was a gap analysis. Our research filled a large gap and left others.

We, therefore, designed our research to be repeatable to allow comparative studies.