01 / The Problem
With today’s increased concern of privacy and protecting people’s data, US Bank’s Corporate Payment System saw the need to create a more secure login process for clients that use our corporate banking web applications. The request was to implement multi-factor authentication on the web portal that then grants access to our various banking apps. The pages are all based on legacy code, so we needed to ensure that the flow is simple and adheres to established legacy patterns.
02 / Plan
Working closely with the Business Analyst, the Product Owner, and system architect, we mapped out the current login flow. We then discussed and brainstorm how to include a second level of authentication for the user using a combination of a mobile text message and entering the passcode from the text to authenticate them.
Other factors of concern was how to display terms and agreement, how to verify a new mobile number if they enroll for the first time, how to clear/change a mobile number if it is no longer valid, and also to ensure that it adheres to ADA standards.
03 / Draft & Iterate
We went through many drafts and iterations prior to the beginning of the sprint. There were multiple UX review sessions spent tweaking and refining the flow such as the instructional text, general UI, and making sure designs adhered to security and 508 accessibility standards.
The UX team also conducted usability testing using a prototype that I created. I helped with writing the test script, and was a notetaker for each of the test sessions. The findings were then summarized in a report, and UX improvements were presented and incorporated into the wireframe.
04 / Final
The final design incorporated numerous UX feedback sessions and usability test findings. I settled on separating out multiple steps into separate pages so that it would be easier for the users to follow, and well as for those that use screen readers (accessibility factors). Because of strict security requirements, I also incorporated a flow that requires the user to view/read and agree to the Terms and Conditions before they are able to proceed.
Additionally, I made updates to the way in which a user’s manager can clear the user’s security preference so that the user can re-enroll in the Enhanced Security, and enter in a new mobile number (in the case the user is unable to log in and gets locked out).
05 / Implementation
Enhanced Security pattern was also applied to our other CPS apps such as Access Online (desktop) and Access Online (mobile app).
Currently we are in the process of incorporating an additional security factor that users can use upon login — email factor. I am also designing for the future, meaning that US Bank CPS plans to incorporate additional factors of security (much like the consumer sector), so I am making sure that my design is flexible and future-proof. More to come as I finish that project.
