MFK Design
MFK Design
Michael Ferguson-Kang - UX designer

User Sign-up

User needs

Discovery showed that people wanting to self-exclude:

  • Were likely to be in an heightened emotional state.

  • May be intoxicated

  • More than likely didn’t want to sign-up and were driven here by a negative event.

More than ever, designs needed the sign-up as simple and intuitive as possible:

  • Copy needed to be concise, allowing users to make easy intuitive decisions without being overwhelmed

  • Users were unable to receive any feedback as to where an identity verification (IDV) may be failing, requiring clear instructions and guidance

  • Friction could see some users who felt pressured to register abandon and not return

Legislative requirements

Under the legislation the following requirements had to be met while designing the best user-experience possible:

  • Registration must take less than 5 minutes for 95% of users

  • The registration must be a single process

  • A user may be able to nominate up to 5 support people on registration

  • Offer a user anywhere from a minimum of 3 months to a lifetime of self-exclusion

  • Review and accept the privacy policy

  • A user has to opt-in to their account remaining open upon self-exclusion expiry, otherwise the account will be automatically deleted.

  • Create an account so users can manage their self-exclusion

  • Verify a users identity

  • Verify a users contact accounts including phone number and email

  • Collect only the relevant information for the operation of the NSER

Iteration #1 - Biometrics to facilitate sign-up

Why we tried biometrics

When I joined the project there was a lot of concern around the issue of non-consensual sign-up. This issue could present itself in two ways:

  • Well-meaning family or friends trying to sign up an individual without their permission

  • Users who had buyers remorse trying to say that they had been signed-up without their permission

This presented a difficult challenge as both scenarios would present themselves in the same way.

 

A real review left for the UK’s self-exclusion program. There is no way of knowing if this is a real review or someone trying to game the system.

 

How biometrics works

Biometrics came at the suggestion of the tech team as a way to limit non-consensual sign-up scenarios.

The biometrics platform promised to:

  • Verify who a user was by recording a small video to check for liveliness.

  • Compare the video to the ID provided and flag entries for review when required.

  • Reduce friction by pre-filling user data from scanned forms of ID.

The concerns around biometrics

On the face of it, it seemed like a good choice of technology, however from the discovery, several concerns were raised:

  • Users may be in a highly agitated or possibly even inebriated state, how would the platform work with those who may have an unsteady hand?

  • Would it work for users with disabilities that hamper the use both hands?

  • How would it handle in low light environments for those who were signing up in the early hours?

  • Would users on older devices be able to complete the sign-up flow?

  • How would it handle users with unstable connections?

  • Could the upload take so long that we risk users abandoning the sign-up out of frustration?

The biometrics test build

 
 

User testing results of biometrics

The biometrics platform worked well in a perfect lab environment. For users that got through without issues it was well received.

However, as soon as the smallest of variables was introduced it became increasingly unstable and added a large amount of friction.

  • Out of 12 testers, only 3 were able to complete the sign-up flow without experiencing any issues

  • 7 experienced issues with either the ID scanning or facial recognition scanning

  • Users from Victoria suffered issues due to the clear strip on their licence not providing a consistent background

  • 4 testers were unable to complete the flow due to biometrics technical failures

  • 6 testers either could not get through, or said they would have dropped off in a real sign-up scenario

  • Some users indicated that the platforms instructions to capture liveliness, such as “Turn to your right”, felt like they were having a criminal mugshot taken

 

An example of a Victorian ID giving an inconsistent background

 

Biometrics outcome

At the conclusion of testing it became evident that use of biometrics in it’s present state was not fit for purpose.

 
 

Iteration #2 - GreenID

Re-assessing risk implications

At the conclusion of the biometrics testing we contacted risk and security consultants to discuss the risk assessment for non-consensual sign-up scenarios.

Their assessment was:

  • The risk of non-consensual sign-up was high, almost certain that it would be attempted at some point.

  • The implementation of any identity verification service would be enough to reduce the risk rating from almost certain, to unlikely.

Several deterrents were put in place so that those claiming to be falsely registered could not easily get out of their exclusion period. For example, these users:

  • Would be required to fill out a statutory declaration that they had been falsely registered

  • Have to seek out and be witnessed by a JP

  • The 7 day cooling off period may stop those with a moment of weakness

GreenID to facilitate sign-up

With the assessment from the risk and security consultants, it was deemed sufficient:

  • To verify users through an approved government ID, phone and e-mail.

  • That the effort required to remove oneself from the platform was enough of a deterrent for most users.

GreenID was selected as the platform of choice for government ID verification.

 
 

The company providing GreenID IDV presented us with several challenges:

  • Widgets provided were not accessible in both pixel height and colour contrast

  • The form layout consisted of one large form which created an unintuitive and overwhelming amount of options

This created the necessity to design and develop our own UI elements while providing other benefits:

  • I was able to match and exceed WCAG 2.0 standards

  • It allowed me to break down the form into logical & intuitive steps

  • Matching the look and feel of UI elements created a seamless experience as the user progressed through several third party services

 
 

User Testing results

  • Participants found the introduction to the sign-up flow self explanatory and easy to scan with the aid of bullet points

  • The selection of self-exclusion length was met with positive feedback

    • Participants found the page clear and easy to comprehend

    • Participants appreciated the predetermined lengths with the addition to choose their own period

  • The privacy policy agreement developed by the legal consultant received the following feedback

    • 6 participants aid they wouldn’t read it

    • 3 said they would skim over the first few lines, then skip the rest

    • We recommended that the legal consultant look at consolidating the privacy policy messaging and bring it to an accessible reading level

  • The screen enter a password was confusing for some users

    • This page was provided by Auth0 and in the default state presented for some like a login screen

    • This was re-designed to provide concise instructions and formatting to help guide users.

  • All users found the progress bar to be useful.

Final ratings

A scale was given of 1 to 5. With 1 being very easy, 5 being very hard.

  • 4 users rated it 1 out of 5

  • 4 users rating it 2 out of 5

  • 1 user rated it 4-5 out of 5

Most users gave the positive rating stating it was either easy, straight forward or simple. One user whose test failed at the password requirements rated it badly.

 
 

Personal Reflections & learnings

While biometrics will likely become a standard for IDV, in its present state it was not ready for use. I am keen to watch the space to see how it progresses and overcomes its issues.

Decisions and security requirements legislated by the Government added a lot of friction to the sign-up flow. These well-meaning intentions were unfortunately cemented into legislation before discovery.

  • By default, users accounts were deleted at the completion of self-exclusion unless a user opted-in for it to remain open. This went against standard account patterns and created suspicion and confusion among users.

  • Green ID didn’t allow for any sort of prompts to help a user if they failed to be verified. For example, there is no warning message for users who may have missed a number when inputting their licence, as this was viewed as a security liability.

There is a review of the BetStop service legislated for one year after going live. I am hopeful that the legislation can be amended to allow a better user experience.

 
 

View other outcomes

 

Background

Discovery

Home Page

User Portals