Open Banking 2018: building trust in end users
We analysed the authentication flows of open banking and challenger banks to identify friction. Here’s some constructive feedback addressed at CMA9s to promote open banking adoption.
TL; DR:Building end user trust: Compliance is not enough. UX and tone of voice are the key differentiators to increase open banking adoption.CMA9 bank UX: Some banks need to redesign their flows and use better 2FA to stay competitiveChallenger bank UX: Challenger banks are leading the market with frictionless authentication flowsData analysis: A qualitative comparison between the user journeys shows how each bank is performingInformation: Educational campaigns addressed to end-users are needed to demystify wrong perceptions about data usage and empower new financial services.
Creating trust for end usersPSD2 precipitated the urgency of developing a unified ecosystem for all the EU financial products. — the new UK initiative implemented by the CMA9 banks aimed at empowering consumers and businesses over their banking data — is a great start to deliver some of the benefits of PSD2. But the regulation itself is not enough to win end-users’ trust.It’s as simple as this:
- If users can easily use your service, they will be loyal to your offering.
- If they cannot, they will start looking for other options.
One goal, different journeysAccessing users’ identity information, balance, and transactions in real-time allows companies to build account aggregation functionalities, perform fast and accurate bank account verification, and helps them make better credit decisions.Consequently, market players — lenders, marketplaces, credit bureaus, personal financial management applications, accounting firms, but also payment processors, insurance, rental and retail companies — understood the importance of redesigning their products to provide a better, seamless, and more reliable service to their users.Today, almost all the high streets banks — AIB, Bank of Ireland, Barclays, Lloyds, Nationwide, Danske, Royal Bank of Scotland, and Santander — published their APIs in the Open Banking directory. Each of them created a unique user interface that tried to be consistent with their own brand and their own visual language. But while some of them were able to release fairly usable journeys, for others, there’s still a long way to go to keep their users loyal and survive the competition of other CMA9s.Additionally, challenger retail banks such as Monzo, Starling, and Revolut are trying to disrupt the complexities of traditional banking. A relevant part of their business strategy is to provide simplified user experiences, and most of them, you’ll find, use a reassuring and transparency. And, given their fast and increasingly large portfolio of users, we’d say it’s definitely working.Let’s take a look at both CMA9s and Challengers’ authentication flows.
CMA9 flowsLloyds, Natwest, HSBC and BarclaysThe visual hierarchy and the scalability of information of some of the flows make the end-user journey more complex and convoluted than necessary. Some interfaces look cluttered and extremely verbose. Consequently, the end-user journey becomes tedious and un-engaging.We think that to leverage the attention-information gap and succeed in the so-called , the rule of thumb is to understand that what end-users want are focus and clarity. Especially when dealing with sensitive data.
Challenger bank flowsStarling and MonzoChallenger bank customers can forget about the verbose and cluttered interfaces and leave the “remember username and password” struggle behind. The connection between their challenger bank account and applications is very likely just a QR code or a magic link away. Hopefully, CMA9s will take these simple and delightful flows into consideration when revising their current solutions.If you want to play with the Open Banking, Challenger Banks, and Credentials Sharing flows yourself, you can do it now by using our Data API demo application: .
“Worst User Journey 2018” AwardsThere’s not enough quantitative data available yet to analyse Open Banking conversions and current usage. Still, we are constantly monitoring its uptake and collecting data based on what’s available through our customers, their users, and across the industry.At TrueLayer, we identify negative friction that causes the end-user to not complete some authentication journeys. To better understand their behaviours, we decided to analyse some UI features of certain CMA9 and Challenger banks’ flows:
- Avg completion time — How many minutes are needed to complete the journey?
- # steps — How many steps are needed to complete the journey?
- # inputs — How many input fields need to be filled by the user?
- Avg # words — How many words are contained in each step of the process?
- 2FA enabled — Is two-factor authentication needed to authorise access?
- Page length — Are actionable items going below the fold?
According to the data collected, HSBC, Barclays, and Lloyds’ UIs are the most cluttered because of the number of words used. Lloyds, NatWest, and Barclays are the slowest. Lloyds, NatWest and HSBC are the most complex in terms of usability.Needless to say, challenger banks just nail it. They also demonstrate how 2FA can be used without creating additional friction.Ideally, the number of steps should be as few as possible in order to reduce the average time of the whole journey and prevent the end-user from leaving the flow prematurely.In terms of readability, our suggestion for some banks is to re-approach copywriting and visual hierarchy. It is well known that complex and verbose sentences are harder to read than simpler ones.Banks that have two-factor authentication steps have more friction than the ones not using it. 2FA, though, will be enforced for all banks starting in September 2019 as part of . Consequently, banks should think about integrating better 2FA methods such as the ones used by challenger banks — QR codes and magic links — but also biometric, fingerprint or face scans. This concept is also advocated in the latest version of OBIE customer experience guidelines. Approaching decoupled redirect and deep-linking in the right way, can definitely reduce friction and help increasing adoption.Last, but not least: page scrolling. It is true that people scroll vertically more than they used to, but new eye-tracking data shows that 80% of users’ viewing time is spent above the fold. () Some of the banks’ open banking pages are incredibly long and show input fields at the end of the page, rather than at the beginning. End-users’ laziness and inattentiveness should lead to very specific UI decisions, such as designing the content to be fully contained above the fold or — at least — showing input fields on top.
What end users wantWith the open banking flows being released just 10 months ago, more time is needed to see relevant adoption in order to analyse hard data, and monitor how end-users’ interaction changes over time.Demographic targeting into user testing sessions may be helpful in the process of establishing more about differences in users’ behaviours. Demographic variables such as age, income, and education — specifically for financial products — can be predictable indicators of the user interaction with the interface.According to our data, for example, end-user behaviours are different depending on our client use case.On the other hand, the great majority of usability experts agree that UX metrics are more accurate when measuring the prior experience or knowledge about an industry a user has, rather than looking into demographic details.We’ve assumed that open banking flows may be perceived as more credible by end-users because of their shared traits with their own bank’s UI. Still, credibility is not enough to ensure that end-users find value in what has been provided to them. The complexity of the information, along with the slow, demanding experience, causes frustration which leads to failure in completing the authorisation process.
According to — author of Architecture for the World Wide Web and acclaimed IA and UX keynote speaker — a balance of usability, desirability, accessibility, credibility, usefulness, and availability are mandatory in order to create a meaningful and valuable user experience. The content should be original and fulfil a need. It should also be easy to use and accessible to people with disabilities. It should evoke emotions and appreciation. Finally, it should be able to create trust and lead the user to believe what the interface is telling them.
Educating end usersHigh-street banks encouraged users via misleading ‘educational’ campaigns not to use their bank credentials in third party applications, except for their official bank website and app. Despite the understandable security reasons, this created scepticism and misconceptions about banking data usage.
Now with GDPR ensuring data protection and privacy for all individuals within the European Union, end-users are informed about the security aspects of sharing their data and can be assured of the resultant benefits they will derive from giving explicit consent and access of their data to applications.In early 2018 when PSD2 came into force, the UK regulator, the Financial Conduct Authority (“FCA”) asked banks to update their Terms and Conditions (“T&Cs”):
Your banking terms and conditions should not prevent you from sharing your credentials with regulated AIS or PIS providers. Your bank cannot hold you responsible for unauthorised transactions just because you have shared your credentials with regulated AIS and PIS providers.