Improving security for counter fraud strategies to meet regulatory requirements.
Challenge
Discover, refine and refine again.
A security risk was highlighted in a clients audit, whereby any user could make changes to specific areas which were directly impacting their counter fraud strategy. Those areas were highlighted and a focus area was chose to initiate the new product feature.
Current Issues & Problems
Producing an audit of the focus area, of creating rules for the strategy to run against, we noticed where these problems stemming from. As part of a previous implementation there was no need to have any security or authorisation of deleting or editing a rule.
The current experience doesn’t provide the user with any ability to undo any mistaken changes or provide any informative advice throughout the process.
Research & Discovery
We spoke directly to the users to understand their pain points and their needs, which led to a discussion around only having certain people be able to delete/edit. From this the conclusion was drawn to have different levels of users, approvers and standard, to spread the work load among the users so the approvers didn’t have to do all the deleting and editing they could just review and approve.
Approach
User journey and experience was the core of the build.
To tackle this, it was approached from two user point of views, the ‘Approver’ and the ‘Standard’ user.
For the ‘Standard’ users journey, we considered the need for making the journey as informative and fool proof every step of the way, as well as them not being able to edit or delete without the approval. Extensive user flows for both users were curated and scrutinised by the team of Designers, Product Managers and Developers, to ensure the flow was not only correct but achievable for the engineers.
Working for the user flows, concepts were created and then refined to created a seamless end to end, fully functioning prototype. A hierarchy system was created whereby the ‘Standard’ user sends a request to the ‘Approver’ to generate a onetime passcode, which will allow them to complete the action. This still requires a bit of manual work for the ‘Approver’ to provide this code via email, message etc. to ensure complete security. A clean UI was implemented and new components were created to add to the current design system.
Findings
Decreased errors and met industry regulations.
After the prototype was finalised we tested the journey on a selection of the effected users to gather feedback. This was met with positive feedback along with an area for improvement, which was they wanted to be able to see who their approvers were, so this was designed alongside the development process as to not hold up the product launch.
With feedback gathered before, during and after allowed the new feature to be at it’s best possible chance of success before being released. Clients reported that there has been no mistaken rules deleted or edited since launch and the users have increased proficiency in their counter fraud strategies, due to being more knowledgeable on the product.
Next Steps
As for next steps, this feature can now be implemented across other areas where this problem occurs. It also encouraged the business to keep track more closely of any regulations and also user issues our clients may face.
