A few weeks back, I was curious about something. Anytime a relatively new fintech platform requested for my Bank verification number (BVN), to complete my onboarding experience, I went on to uninstall the app.
Do you do this also? I assume a lot of people do or maybe not?
Quick info: This is not exactly a design case study. It’s a mix of my curiousity and crowdsourced poll stats.
So I decided to test out my assumptions using twitter poll (as I often do). That way, at least, I could filter my biases and see exactly how others feel about this experience. Of course, I’m aware — twitter poll is not (enough) user research but it’s a good start.😊.
The Challenge: Privacy vs Fraud
Now, let’s start with a little context. In February 2014, the BVN was introduced by CBN to create a unique biometric identity and minimize fraudulent activities through “identity theft”. It was established to serve as a protection cover for bank customers across the financial ecosystem amongst other reasons. That makes sense right? From the fraud-protection point of view, yes.
Although, if we take things a bit further to involve third parties (products) — discomfort steps in. Think about it, It’s not about fraudulent activities — it’s just more about privacy and data consent. Hence, I find myself asking these questions:
- “How can a random software developer just have access to my entire financial history?” 😱Ding!
- “How much information can they gather from my BVN?”😨
- “How well can they secure that information?”
I keep asking these questions because there’s really not any guideline out there to provide clear answers.
Sourcing for a solution
About two weeks ago, I reached my threshold 😡and let things spill over with a twitter poll (see the poll result below) about the tricky position of BVN as a key KYC detail in onboarding skeptic users (like me)to most financial products and how much these products need BVN to carefully authentic users’ identity. I proposed a few straight forward solution options as poll answers — just to guide the UX points as quantitative as possible.
Now, the result above shows a strange pattern. The leading 33% believe a product should only request for BVN when a “user wants to do a transaction”. For the sake of context, this is still “not all positive” regarding building product trust. A strong 29% want digital products to be transparent about exactly what data they have access to. A tight 28% don’t want to give their BVN at all. Lastly, 9% prefer to fill in any detail required manually just to avoid putting in their BVN. Whew 😥.
Digging further, I went on to research and snoop verification API documentation from the likes of Smile Identity, Paystack, Verify.ng. The intent was to understand what (data) exactly they have access to through the BVN. For example, Smile Identity has a verification API which allows them to view the following data from a BVN query:
- First name
- Telephone number
- Date of birth
That sounds fair, right? Although, Verify.ng gives all of the above plus middle name, date of registration and gender — Oversabi 😏. In fact, I paid N25 to verify my BVN on NIBBS’s BVN validation portal and I only got my full name alongside the validity status of my BVN — I wanted my money back 😅.
After my research, I got to understand that digital platforms do not have access to my “financial history” via BVN as I earlier feared. But there were still a few security lapses (especially: verification of BVN ownership) with BVN as I later discovered from the twitter thread below.
Validation of Users’ Fears
I decided to create another poll to specifically understand people’s fear of giving out BVN. Check below. From the poll, I was able to glean the following:
1. Users are generally uncomfortable with giving their BVN because they are not aware of the kind of data third-party apps have access to.
2. Users don’t just trust the product enough.
It’s a common knowledge that a lot of products don’t care enough about their drop-offs which are fueled by to “lack of trust” — In product and brand. So, I decided to combine all suggestions in the polls to help craft a design solution that can help fintech products earn trust faster and reduce product dropoffs — related to BVN requests
Major UX Touchpoints
- Only request for BVN when a user wants to carry out a transaction
- List the details you can access through the BVN
- Deliver value first to users before requesting for sensitive data i.e allow users to try out your product without BVN until they want to use a key feature or carry out a transaction.
Lack of trust can easily be solved with transparency and social proof. If you think about it, when there’s a good understanding of what kind of data a product is extracting from your BVN and the service provider (e.g. Smile Identity)they are using to extract the data — surely, it would be easier to make decisions.
Below are my proposed solutions
I’m hoping this solution is adopted industry-wide, so if you’re building a fintech product or you currently run one — Send an email to: email@example.com. I’ll forward the Sketch file to you.
I will love to learn the impact of this solution on your product over a month, so kindly pay attention to your stats.
I’m very open to feedback on this and how we can improve product trust using design. Shoot me a DM.
- Usman Abiola (Originally Published on his Medium)