Paytm Login and Secure Access
Building trust between users and digital payments
My Role
-
User Test Login Flow on Paytm Android App
-
Improve the User experience of Login Flow
-
Reduced login failure and attempts to re-login
-
Reduced customer tickets
-
Proposed new login flow
-
Introduced lock to access wallet
Login Experience
Old Login Screens
Trust is the key
Mobile payments, has disrupted the Indian markets in the recent times. Indian government is encouraging the common man to go digital. But adoption to mobile payments has a major roadblock, security. Consumers have not wholeheartedly accepted the payment technology. Widespread adoption of mobile payments can only be achieved when there is trust in the system.
Creating a system which is parallel level of real world security in the virtual world is a challenge. We proposed a strong authentication mechanism that binds the identity of the user to the authorization of the transaction. Even if one looses their mobile phone, their authorization to transact can never be stolen.
Introducing 3 level authentication
Phone numbers are truly becoming a user’s identity. All bank transactions, Aadhaar Number are all linked a person’s phone number. Thus, it becomes vital for the users to be able to secure their account created via a phone number with their banks.
What we are proposing takes into consideration the fact that users do forget their passwords, and they should be able to easily and securely be able to modify their passwords.
Creating a secure login for first time users
User will be asked to verify their active phone numbers by verifying it via OTP. Thereafter the user would be able to create a password, choose a pattern, complete the profile. This is a one-time step that the user has to go through for ensuring maximum security.
3Ps for security
As humans, we are forgetful.
Understanding the fact, that we are forgetful, one goal that the product tries to achieve is to simplify retrieving accounts without compromising the safety and keeping the identity of the user intact.
Case 1:
User forgets their password, remembers pattern. User is unable to login to the app.
The phone number becomes the first identifier for the user, OTP will be sent,, auto filled and verified by the system. The second authentication will happen when the user is asked to put their unique pattern. Once both of them match a user is able to login and proceed with the app task. The user is also asked to change their password.
Case 2:
User forgets their pattern, remembers password:
User is able to login but unable to make transactions
To ensure that the mobile number is not being misused, the user will be sent an OTP to the registered mobile number and enter their password again. Users will then be asked to create unique pattern.
Case 1 and Case 2 will also help users to retrieve accounts on new devices with the help of their phone number and a combination of pattern or password.
Case 3: User forgets their password, pattern
Introducing Trusted Contact:
A trusted contact is set up by the user by adding ONE important contacts from their contact lists where OTP will be sent the user then will have to take the OTP from their trusted contacts, use OTP sent to their retrieve their account.
Implementation
The first release in a quick startup environment is MVP. In this case, the idea was implemented in a week by building the pattern lock feature on top of Android device lock.