Mastercard Instant Onboarding

Concept

Over the course of a number of sprints, we tested various types of onboarding methods and locations. Where does it make the most sense? Where would prospective users be most receptive to hearing about Continuous Authentication and opting in to a service for it? We used a small business website, using a Payment Service Providers (PSPs)Over the course of a number of sprints, we tested various types of onboarding methods and locations. Where does it make the most sense? Where would prospective users be most receptive to hearing about Continuous Authentication and opting in to a service for it? We used a small business website, using a Payment Service Providers (PSPs) [define] like Shopify, as the target vessel and integrated a number of different introductions in a checkout flow. like Shopify, as the target vessel and integrated a number of different introductions in a checkout flow.

Research Questions

How do we demonstrate how Continuous Authentication works?
How do people respond to being asked to provide their personal data?
How much do people want to see the details of background data collection?
Do they perceive background data collection as creepy? Trustworthy? Transparent?
Is transparency a requirement for trusting the system?

Methodology

Number of Users: 9

To test these prototypes, we conducted a 60 minute interview and Think Aloud, where we asked users to first go through different onboarding scenarios before we asked them to shop online on a small merchant website (Haptic Lab).

Prototypes and Testing

The onboarding experience, and the experience of a user's first purchase in a Continuous Authentication paradigm is critical. A big part of that is clear and concise language explaining exactly how the process works, what the value is to the user, and why it is worth giving up all their identifiable data.

Findings

01.Show context of use and data collection in action

"I'd like it to show me what Continuous Authentication is while I'm doing it"

"Check boxes help me know that I have to acknowledge and accept what I'm agreeing to…"

02.Fear of detailed data being constantly tracked

Growing acceptance or indifference with data collection

"I feel fine, companies are doing all this stuff (collecting location, device etc data) for marketing, it's common."

No one wants to use camera in browser.

"Probably wouldn't use camera ever"

Showing too much information makes the user more concerned about privacy and security.

"Don't need to remind me how potentially invasive it is"

Skepticism, and lack of clarity with how it works

"How can they promise security?"

"What if someone mimics my behavior?"

"What if I use two computers with different layouts? Some computers don't have a numpad. Will it still work?"

Difficult to understand multi-factor authentication

"For example, if I'm eating [and] typing slowly [different to how they would normally type], how does it work then?"

03.The first version was more preferable.

But the visual in the 2nd version was liked by users.

"Liked the visual of the second one, but preferred the first version, more clear, more control"

"I liked the 1st, it took [the opt-in process] step by step, asking for consent at each step. With the second [version] it was more 'yes' or 'no'" [not as flexible]

04.Don't show what exactly is being collected at the moment.

"There's no need to remind me how potentially invasive it is"