🏢
🗓️
🚀
🎯
User accounts taken over by fraudsters reached an all-time high
Diagnosing the real problem
Designing The Strategy
Rather than immediately implementing a new solution based on my intuition, I advocated for a systematic experimentation approach. I worked with my PM and Product Analyst to design a testing framework that would help us understand not just whether different trigger points worked, but why they worked and for whom.
I identified three fundamental questions we needed to answer:
Does timing matter more than messaging — Do users respond better when we let them complete their intended task first?
Does perceived risk drive urgency — Will users set up PINs more readily for high-value transactions when we make the security implications explicit?
What's the right balance between conversion optimization and user experience — Should we make it harder or easier to defer PIN setup?
While working on the PIN adoption experiments, I noticed that our design library had multiple inconsistent bottomsheet implementations. This wasn't just an aesthetic inconsistency, it was creating cognitive load for users who were seeing different interaction patterns across the app, and it was forcing every designer to make the same decisions repeatedly.
I saw this as an opportunity beyond my immediate project. Along with two other designers facing similar challenges, I initiated a collaboration to audit all bottomsheet usage across the platform, identify the common use cases, and propose a standardized component that would work for various contexts.
We documented not just the visual specifications but the interaction principles. Some examples are, when to use dismissible vs. persistent bottomsheets, how to handle keyboard interactions, accessibility requirements, and content guidelines etc.
Identifying opportunities for standardization had impact beyond just visual consistency. It accelerated design and development velocity by providing teams a proven pattern to implement. It improved user experience by creating predictable interactions across the platform, and established a model for how designers could contribute to the design system while collaborating and working on their own projects.
Increase in PIN Adoption Rate meant that existing and new users who did not set up their PINs decreased from 18% to 10%.
Increase in Total Payment Volume (TPV) indicated that users tend to spend more when mandatory PIN setup was discarded.
Improvement in Top-Up Completion Rate as the removal of the PIN setup no longer obstructed users from topping up their wallets.
What this taught us about security UX
This experiment validated a broader principle that has implications far beyond PIN adoption. Mandatory security measures often fail not because users don't care about security, but because we design them to conflict with users' primary goals.
The success of our end-of-flow prompts showed that users are most receptive to security interventions when they've already experienced value rather (i.e topped up their wallet or completed a transaction) than getting interrupted.
This insight has informed how we think about security UX across the entire platform. Rather than viewing security as something we enforce on users, we've started designing security interventions as value-added services that happen in natural moments of pause.
Moving away from “How do we make users do what we need?” and toward “When are users most receptive to our recommendations?” signals a more mature, user-centered approach to designing behavioral change at scale.