SCAPortfolio

To comply with my non-disclosure agreement, I have omitted and obfuscated confidential information. All information is my own and does not necessarily reflect the views of Lloyds Banking Group.

Understand

Understand what matters to the user

Impacting over 30 million Lloyds Banking Groups customers. Strong Customer Authentication is designed to verify that an online customer is who they say they are.

Most people use passwords as a way of proving it's them. Sadly, passwords can be guessed or stolen by fraudsters. So by adding a second layer of security to check, it's the customer, and make it harder for anyone else to.

There are three ways a customer can verify themself:

  1. "Something they know" - this is a piece of secret information that only they know, like a password.
  2. "Something they have" - this is a device they own, like your mobile phone or card reader.
  3. "Something they are" - this is unique to them, like a fingerprint.

They will need to provide two of these three ways to verify it's themselves. This is called 'two-factor authentication'.

The move is intended to prevent fraudulent payment transactions, stopping millions of pounds worth of fraud every year.

I was the lead designer in a team of around 90, and my role was to make this a seamless as possible experience for 34 million customers.

Incubate

Ideas to find opportunities that meet what matters to the user

I joined the project midway through the discovery phase, replacing the previous Lead Designer. This meant that I had to get up to speed quickly to become effective as soon as possible.
To do this, I ran a series of stakeholder interviews with all relevant business analysts and product owners to deeply understand the requirements from both a product and a compliance perspective.
After the interviews, I created a set of design principles to help us in aligning people around what matters for the customer and the business. We used these as our guiding star to be used throughout the project. These were as follows:

  1. Provide an easier and faster authentication experience 
  2. Be more secure and feel more secure
  3. Provide consistent authentication experience across all channels
  4. Give customers choice on how they authenticate

In total SCA affected a total of 180 different customer journeys, across five different brands of Lloyds Banking Groups. The main types of journies were logon, payments and eCommerce transactions. Each of these then had several different authentication methods.

One of the key challenges was balancing the need for users to logon or authenticate their payment as swiftly as possible. But also keep in mind the cost to the business, as each authenticator varied in cost (e.g. SMS 7p per use). LBG typically receive 12,000 logons a second, so this could accumulate a substantial cost to the bank very quickly.

I began with Lloyds Retail customer as this is the largest of all user groups and meant I could use them as a blueprint for the other channels.

I sketched out the authentication flow and then used post-it notes to draw low fidelity screens. I then ran them through with the relevant stakeholders to quickly obtain feedback and make any required changes.

Develop

Design and develop a solution through test and learn

I began the design process in sketch, taking the low fidelity proto up a notch. For this project, we were trialling our in-house design system so made prototyping much quicker. I first started with the logon journey and then worked on the payments journey as these would be the first journies I wanted to user test with our customers.

I then created a discussion guide to be used as the map that would lead me to the learnings I wanted and would help ensure that the research sessions were productive.

The structure for the qualitative research was seven sessions each lasting 45mins to an hour. It was followed by another seven sessions a week later to allow for design iteration. The participants were a varied demographic with varying computer literacy to ensure the designs met everyone's needs. We would test both happy and unhappy scenarios (errors).

The critical findings for the first seven sessions were that when the customer was presented with too much choice in terms of authentication methods, it slowed them down and sometimes confused them. In addition to this, some of the copy on the authenticator hindered the progress of the user. Again causing confusion during the steps, they needed to take.

How do we fix this?

To overcome this problem, I opted to present the most appropriate authentication method based on their profile which is obtained during initial login stages. Then if they were unable to complete with that method, we enabled an option to switch to a different way, e.g. an SMS or automated phone call. On top this, I worked with our conversation designer highlighting where customers were going wrong in the process and worked on corrective copy together to aid in the design.

During the second group of qualitative sessions, I observed a significant improvement. Users understood the flow much better, and 5 out of the 7 completed it using the first authentication method. The remaining two opted to switch and completed the journey using an SMS.

Our key findings were that the two people who got stuck we jumping ahead of the instructions. To solve this problem, I worked with a visual designer to create animated steps for the user to follow for that particular authenticator. In addition to this, I worked with the conversation designer making tweaks to strengthen the instructions presented to the user.

I then scheduled a third round of testing to ensure the changes that had been made corrected the previous problems observed. Thankfully the tweaks worked and were ready to hand it over to developers and put into production code.

Deploy

A solution that delivers and measures customer value, business value and quality.

Now that user testing had proved a success, we handed over our designs to the developer feature team. I worked closely with them to ensure the design was implemented correctly and answered any questions or queries.

I also worked closely with them on the error catalogue along with our conversation designers to ensure messaging was correct and allowed for the corrective action.

Now we had code we could test I arranged accessibility testing which tests a broad range of accessibility issues from visual or hearing impairments to cognitive impairments too.

To measure success and to help optimise in the future, I worked with the developers on the tagging of every component in the authentication flow. Using adobe analytics and platform capabilities, we are now carrying out in-depth data analyses and reviewing customer behaviour in the journey to develop a backlog of improvements and optimisations.

Business & User Outcomes

  • Significant reductions in fraud-related cost to Lloyds Banking Group and its customers
  • Increased security for customers
  • Prevents customers from falling victim to fraud
  • Seemless authentication experience for customers