User experience of reusable KYC credentials.

A case study of collaboration between uPort & Onfido.

This is the second in a series of articles about uPort’s journey as part of Cohort 5 within the UK Financial Conduct Authority’s (FCA) Regulatory Sandbox. This article covers the UX process of building the uPort & Onfido pilot, including findings from research around privacy and data sharing.

At uPort, we build tools that enable people to manage their personal data. Users can store their information in the uPort mobile app wallet and securely share it as needed with companies and businesses to access or sign up for services.

The concept of a reusable digital credential is relatively new.

We are accustomed to the burdensome process of having to enter our data into a form every time we want to sign up for any new services. And yes, while there are multiple solutions on the market that let users sign up with one click (Connect with Facebook, Google, etc.), they come at the inordinate cost of being tracked all over the internet and a loss of the right to privacy. Even more alarming is that the loss of our privacy only affords convenience for the simplest form of authentication: a username and email address.

When interacting with a bank, customers are requested to provide a far more sensitive and robust set of attributes in order to identify themselves. This procedure of gathering users’ highly sensitive data is necessary for banks to comply with “Know Your Customer (KYC)” regulations and is required of any institution that provides financial services to customers. This is why every single time we set up a new bank account or apply for a credit card, we’re asked to fill out the same identical form all over again. It’s not fun for either us, the customers, or financial institutions which are forced to require the repetitive process of everyone. These same institutions are also in ever-growing competition and are struggling to provide a good user experience. A Thomson Reuters survey from 2017 showed that 85% of bank customers had a poor experience due to the complex KYC process.

To address both the tedious, repetitive customer onboarding to financial services platforms as well as growing concerns around online privacy, uPort teamed up with Onfido.

As part of cohort 5 in the UK’s Financial Conduct Authority Regulatory Sandbox, we’ve built a pilot that provides a solution of reusable KYC credentials.

The pilot consists of 3 important parts:

1. Verifying identity with Onfido.

Onfido’s role in the pilot is to provide a customer identity verification service. Instead of standing in a long line to get verified in person and/or filling out endless forms online, a user simply uploads a copy of her passport/ID and takes a selfie. Onfido’s APIs then verify the ID is real and whether the selfie matches the photo on the ID. The process is fast, highly accurate, remote and secure.

2. Storing Onfido credentials in the uPort wallet.

uPort provides a wallet in which Onfido-verified credentials are securely stored. The credentials are portable, meaning that a user can access them at anytime provided they have their phone. They’re also stored locally on the device, giving the users control over where and by whom their information is used.

3. Reusing Onfido credentials

Using the uPort wallet, a user can share access to her Onfido-verified credentials in order to sign up for third-party services that participate in the pilot. It’s just one click, every time.

User research and usability study

Our first step in building an experience where both privacy and usability are equally important was to conduct user interviews.

We wanted to learn the following:

• Values in relation to privacy and data protection
• Habits of sharing personal data
• Mental models of reusable credentials
• Trust towards business and institutions
• Usability of the pilot prototype

We recruited 10 participants who:

• were UK citizens
• have signed up for a financial service no later than three months ago
• have more than 2 bank accounts
• rate their digital confidence from average to extremely confident

The interviews were for 1-hour each and held via video call.

Key findings

From uPort’s user research report

Participants share personal and financial information with trusted institutions and brands.

We learned the status of institutions that have well-known and respected reputations significantly increases trust among users. Most of the participants said they feel safe to share their personal data with government agencies, post offices, and renowned brands.

Participants are more comfortable sharing personal and financial information if they understand why.

Additionally, we learned that it’s not only the status of organizations requesting the data that matters to customers. Participants admitted that they get suspicious if they’re asked to share their data without a clear explanation where and how it’s going to be used.

Attitudes towards privacy are nuanced and not mutually exclusive with trust

Most participants didn’t mind sharing their data as long as they saw the reason why it was requested. However, the concept of “privacy” was extremely subjective. Perspectives ranging from total ambivalence to extreme concern were expressed by interviewees.

Participants who were not concerned with privacy saw time-savings as the primary benefit

Many users found the opportunity to use Onfido and uPort simultaneously to have a huge value proposition by saving significant amounts of time when signing up for financial services.

Participants enjoyed the idea of having a place with aggregated services that accept their credentials

Most participants pointed out that the ability to know which services they can sign up for, and whether they’re eligible for them or not without having to go through registration first, would save them a lot of time and frustration.

These are just the main insights derived from the interviews that we ran throughout the entire process of building the experience. An iterative approach allowed us to be flexible and quickly react to participants’ feedback.

Building trust with design

Neither uPort nor Onfido are widely recognized brands by consumers. As much as we would love to be one soon, we know it’s not going to happen overnight. Luckily there are solutions to overcome that challenge:

1. Professional-looking visual design. This should go without saying. But, the fact that it must be said here should highlight how often it doesn’t.
2. Making sure that sufficient information is provided on what’s happening at each step of the process. We worked hard to avoid users getting lost or distracted. Not only for obvious usability reasons, but also for security ones.
3. Provide education around data storage. With uPort’s user-centric approach, it’s the customer who controls and stores their data on their phone. To provide education around the new privacy paradigm and enhance users’ trust, we quickly realized that it’s crucial to provide clear information on what’s happening to users’ data at each step as they go through the pilot.

Reusable credentials mean multi-branded experience

Providing users with an ability to use Onfido-verified credentials across experiences was the core goal of the pilot. However, it is a challenge to build an experience that sits at the intersection of multiple brands. Onfido is a company that verifies users’ identities and issues an Onfido ID. uPort is an app wallet where those credentials are stored. Additionally, the pilot features a variety of financial services for which users can register with their Onfido ID. That’s a lot of companies, brands, and names floating around. We sought to ensure that users know when they interact with any particular brand and what that brand helps them to accomplish.

Pilot vs. Reality

As much as we wanted the pilot to reflect a real-world scenario, there were multiple design tradeoffs that we had to make.

We believed that outside of the pilot, there would be two ways in which a user accesses services using reusable KYC credentials:

1. A user would start her journey from a financial services website. There, after browsing through services and selecting the one she’s interested in, she would be prompted to create her Onfido ID and store it the uPort wallet app.
2. A user would visit a website where she could see all of the services aggregated from various financial institutions that accept the Onfido ID credential. After choosing the one she prefers, she would be redirected to the business’s website and then prompted to create her Onfido ID.

For the purposes of building a seamless experience that our partners could easily integrate, we decided to build a streamlined flow in which the user first gets her Onfido credential, stores it in the uPort wallet and only then selects the financial services she wishes to sign up for.

It’s just the beginning…

Many view the concept of reusable credentials as an ultimate solution to on-boarding hurdles currently faced by both customers and businesses. It is a great way of providing a seamless experience that bonds all of the users’ siloed accounts into one that they can fully control.

However, we plan to go even further. There are still many UX considerations to take into account. The pilot is still ongoing, and as we add new partners we’ll soon learn even more of how customers manage their identity while interacting with various businesses.

Stay tuned!

Email us at partnerships@uport.me if you’d like to be part of our pilot and accept the Onfido ID credential to onboard customers. To stay informed on the latest uPort news, sign up for our monthly newsletter here.

Psst… Many thanks to Sharon Kaziunas for helping us facilitate the user research! 🙌🏻