Keeping bank accounts secure with minimal disruption
RBC • Servicing | Lead Interaction Designer
As Lead Interaction Designer, I led a rapid discovery phase with Online and Mobile Banking teams to assess the impact of the solution proposed initially by the Compliance team.
Our research revealed that implementing it as originally requested would disrupt clients' day-to-day banking.
In parallel, I developed a risk assessment and mitigation plan to help the business understand the implications of forcing password changes.
This work influenced the product roadmap by prompting improvements to the user experience and informed changes to the project’s release strategy.
6 million
Active users impacted
30%
Mobile-only users
27% = Mobile + web
Disruption reported to assisted channels
0%
Design Thinking
Product strategy
Compliance
I was asked to comply with regulations
To comply with updated Canadian regulations, RBC needed to ensure that all clients met new minimum password security standards for online and mobile banking.
However, the design team was brought into the conversation late in the compliance timeline. The initial business proposal was to simply display a message at sign-in, instructing users to reset their passwords.
But forcing it would be disruptive
While users are accustomed to being asked to change passwords on other websites, they don’t expect this from their banks. When signing in to online or mobile banking, clients typically intend to complete quick, often time-sensitive transactions.
Forcing a password change at sign-in introduces significant friction. It’s a cognitively demanding task with multiple validation steps, including entering their current password, which many clients forget, as they now rely on biometrics or passkeys for faster access.
As a result, mandatory password changes at sign-in can be highly disruptive and increase the risk of account lockouts and a spike in calls.
Data showed that 30% of clients were mobile-only, while 27% were mobile + web.
My tactical approach to ship fast
Re-platform and refresh to incorporate the most recent UI patterns and enable advanced encryption technology.
Adopt a proactive communication strategy that is prominent but less intrusive, following the pattern of another Compliance project.
Incorporate the Change Password flow in the Mobile App using webviews to speed up development.
Develop a strategy to force clients to change their passwords once they reach the target date.
After the initial solution was launched, I also partnered with the Product Owner and Researcher to:
Leverage Salesforce to roll out the password update in a staggered approach, minimizing spikes in call volume and reducing strain on support channels.
Review the current sign-in and "forgot password" journeys, as a surge in password resets is likely, since many clients may forget their newly created passwords.
Assess the risk of increased call volumes due to account lockouts, either from multiple failed password attempts or difficulties resetting passwords.
I wasn't happy and went even further
After a few iterations and trade-offs...
Staggered approach
Run multiple campaigns with smaller groups of clients as a way to mitigate the impact on Advice Centre.
Pilot
Test live with 40K users to measure the impact on Advice Centre channels before opening to millions of clients.
After Target Date is reached
The design team recommended displaying all password change fields immediately upon login to streamline the process. and avoid confusion.
However, the business opted to link users to the existing Reset Password flow instead.
This approach involves more validation steps and greater cognitive load, increasing the likelihood of user errors and potential spikes in support calls.
Design influence: going beyond the project objective
I relied on extensive research and data to demonstrate the real problem to stakeholders and its impact on the user experience and perception of RBC's security measures.
In the end, it was clear that to avoid a spike in calls related to Change Password, which would severily impact business operations, what RBC actually needed was:
Streamline the Sign-In and Reset Password flows.
Once the user meets the target date for changing their password, have them do so on the sign-in screen, rather than redirecting them to "Forgot Password".
Re-think the ways we allow clients to sign in and reset/change their passwords altogether for improved security and lower cognitive load.
Root cause and consequences
Human memory limitation
Underestimation of password strength
Lack of awareness/education on password security
Low motivation to create strong PWs
Harder PWs are hard to remember
Avoid changing it
Reuse PWs across multiple sites/apps
Lead to...
Which results in...
Clients who are vulnerable to fraud
Security and reputational risks for RBC
Clients mindsets
How clients may feel when signing in to RBC to do their banking and are asked to change or reset their password:
Annoyed 🙄
I don’t like to change passwords because it’s hard to remember
I don’t remember my old password
RBC is telling me to change my password
Confused 😒
I don’t know how to create a strong password
I don’t know how to keep my password safe
I don't understand why I have to change it
Unsure 🤔
I don’t think I’ll remember my new password next time I need to sign in
Confident and at ease 😎
RBC has my best interests in mind
RBC worries about my safety
I will change my password because I want to keep my account safe
Why people avoid changing passwords or creating weak passwords:
Usability test insights
With a grain of salt...
Familiarity
Participants were familiar with other websites and apps that requested them to change their passwords upon sign-in
Clarity
The message to change their password was considered clear and direct. All participants understood what they had to do and what would happen if they didn’t act by the target date
Annoyance Vs. Importance
Changing passwords is not a top-of-mind task because people have memory issues. However, several participants recognized the importance of keeping their accounts secure and appreciated the bank's proactive approach to protecting them.
Minimal disruption
Forcing clients to change their passwords wouldn’t cause a significant disruption on assisted channels. None of the participants said they felt they would need to call after seeing the message.
However....
"The real risk for burdening the assisted channels actually comes after clients change their passwords."
Due to...
Confusing Reset Password flow:
The current Reset Password process has multiple steps where clients get stuck:
Last name and Postal code - when they enter information that doesn't match their profiles
2-step verification - when they don't have a mobile device
Confusing Sign-in that leads to Reset failure:
Current sign-in is split into 2 steps that happen on separate screens
Error messages are unclear and don't help users to self recover
Mistakes made on sign-in are carried over to the Reset flow
Design influence
This extensive research was crucial for me to help stakeholders view the problem from a different angle and empathize with users.
It was clear that to avoid a spike in calls related to Change Password, what we actually needed was:
Streamline the Sign-In and Reset Password flows.
Once 30 days have passed from the initial communication, force users to change their passwords directly on the sign-in screen, rather than directing them to the Reset Password flow.
Re-think the ways we allow clients to sign in and reset/change their passwords altogether.
Added to the
product roadmap!
What research, data and call listening revealed!
