Security Step-UpsRelated Prototypes: Lemonade Stand / Customer Journey Study
Throughout the course of normal use, a user's trust scoreInstead of logged-in vs logged-out, the user gets a rating of how "authentic" they are at any given time. NuData will periodically fall below an acceptable level for authentication. If they are trying to log in or authenticate during a checkout, they will be prompted to provide more data to authenticate with. This prompt is called a step upA step up is a prompt for the user to provide another data point, or factor, for added security. NuData.
Security Step-Ups through a step-up does add an extra step in the checkout process. Becuase it adds more friction, it can make people feel slightly hindered, but also safer. Periodic step ups, even without a security need can reassure users that "someone is watching out for them"
Ideal Flow Demo
Types of step ups
Two uncommon ones as a possibility for more data collection and engaging integrations:
01.Play off current mental models
People feel more secure if its something similar to what they currently use (like 2FA SMS)
[On email step-up] “It noticed the change. [I] feel even better about the process.”Customer Journey Study “I liked PIN and phone tap because it's more like how it works today.”Coffee Shop
Users also compared some step ups to captchas, and sometimes thought that the security aspect was more focused on identifying if they are a robot, rather than identifying them as a specific user.
“I think it is a Captcha type of thing, they are verifying you are a human. I find it annoying. Why is it happening?”Customer Journey Study
02.Be careful with words
Users don’t need to know exactly why they’re going through a step up
“I'd be happy that you're being protective, but tracking my behavior? To heck with you!”Customer Journey Study
03.Design an exit strategy
Sometimes, users are unable to navigate through a step up and the system should revert to a recovery scenario
Allow user to exit.
Provide no clear exit.
04.Tell, and tell again
Provide messaging repetitively throughout the customer journey
Step Ups are a necessary break in the checkout flow. This can provide an opportunity for re-education, and reinforcement of the secure nature of the system.
05.Friction reinforces security
Some friction in the payment process may be preferable as it creates a sense of security
When experiencing something new, people like to fall back on what they know. Leverage existing mental models and design experiences that are similar to what users already perceive as secure.