|SECTION||ITEM||SUGGESTION||PRIORITY||ESTIMATE||TEAMS||NOTES||Prototype:||Study Dates:||Administered By:||Documentation:|
|Dej Mejia||9/27/16 - 10/4/16||Dej Mejia||Tricia Bayne|
|Inconsistencies going from initial Chase bank branding email to a 3rd party enrollment portal||Ensure branding is either fully 3rd party or is continuously co-branded with 3rd party and the originating brand that offered the service||1 - Low||Marketing, Client services|
|Following initial email to user, they expected to see an informational page regarding the service rather than the enrollment page||Consider provising a pricing grid with explanation of services even if the service is free. Assigning monetary value to the service can enhance value||1 - Low||1 - Low||Marketing||study did not show a launch page; users were directed from email to enrollment. this was just a side observation from users|
|Email frequency requirements varied: daily, weekly and only if something is wrong||- Allow users to manage email frequency|
- Include learning information with monthly summary emails
|1 - Low||3 - High||Marketing||42% of users would not want learning emails|
|Email (price)||Some users wary of the service if it was provided free of charge||- explicitly state terms of free service|
- provide discounted service instead of free services as a discount seemed to convey a more legitimate service offering
|1 - Low||Marketing|
|Providing users with information that could increase curiosity and enrollment||- Intro email with statistics resonated with users; consider including these if not already in place|
- Educate user about ID threat to elevate value of service
|1 - Low||Marketing||Stat in email "In 2015 alone, 13.1 million adults were victims of identity fraud. "|
|ENROLLMENT & WELCOME MODAL|
|Enrollment & welcome modal||Expectations on password criteria||Design an experience that checks user's PW input against security criteria and/or informs user of PW strength in real time||2 - Med||Design||Active input of PW wasn't tested; users provided feedback on clickable prototype form. one comment: "I'm expecting PW criteria to make sure I'm meeting that, not using easy PW. first checkmark is I met criteria, second is PW match."|
|Enrollment & welcome modal||Confusion around service expectations: what will the user receive, if anything||Require more clarity around services, what they will communicate to users, how, and how frequently||2 - Med||Marketing, Design||Enroll/Welcome tab, row 4|
|Enrollment & welcome modal||Missing (optional) collection of phone number confusing||Accompany the phone number with messaging regarding how it will be used; some users thought they would be sent texts about their monitoring service. It may also help to communicate in line with the email address collection that it will be the main point of contact with the use||2 - Med||Design||Re: phone number one user stated:|
"still curious why I'm not asked for my phone number? so they know what phone number I'm calling from. if I'm not available via email, etc. would want multiple avenues to reach me if something really bad happens"
|Enrollment & welcome modal||Users need reassurance of security and privacy regarding their entered data||- enhance the 3rd party digital signature on the left side of the page|
- provide more inline security confirmation
- link to more information about security
|2 - Med||1 - Low||Design, Dev, Prod||Note: prototype contained an enhanced security container. Comments:|
- "digital signature, I'd be looking for that. 3rd party protecting info."
- " I feel like if I'm thinking of my parents, they're a little ignorant, probably don't know what SSL technology is"
|Enrollment & welcome modal||Welcome modal performed well.||1. Default post-enrollment state should include Welcome modal to|
- inform user of what is next
- guide user towards My Account data entry once within product
2. Users seemed inclined to enter data when:
- they were informed of how to complete a "data profile" (in My Account)
- they could see that they were within the product
- there were clearly marked avenues for arriving to My Account to manage data
|3 - High||1 - Low||Design||- Removing Cyber from the enrollment flow offered an opportunity for users to arrive into the product, which can seem safer as a place to enter more details for monitoring rather than requiring this up-front in enrollment|
|My Account||Users unsure of when monitoring would begin for data they have entered for monitoring||Provide tentative timeline for when the data monitoring begins (immediately, for example) and when they should receive an alert after the item is scanned||2 - Med||1 - Low||Design, Data|
|My Account||Account data currently laid on one page||Split out Account data into several tabs within the Account page||2 - Med||3 - High||Dev, Design, Prod||Comments re: tabbed My Account view:|
- "overall it's clear and clean"
- "self-explanatory. everything that is regarding my account, things I want monitored, certain elements turned on and off, subscription"
|My Account||User not currently encouraged to enter data for monitoring||Provide an indication of the user's progress in terms of completing their account information||1 - Low||3 - High||Dev, Design, Prod||Comments:|
- "one thing: goal oriented, having a "you filled out 2 of 6 items so like you're X% covered" but it would annoy me if I had insufficient data to fill all Cyber slots"
- This has been discussed for years but it would be difficult to assign a value to each component of Cyber/My Account
- Users may be frustrated if they cannot arrive to profile completion because they do not have the data that is being collected
|CYBER DATA COLLECTION|
|Cyber||Users perception of Cyber is incorrect; contributes to reluctance to add monitored data||Overall we need more clarity around Cyber|
- provide examples for scenarios involving user's compromised data
|2 - Med||1 - Low||Design, Marketing, Prod||Comments:|
- "the explanation sounds like someone else is using my email address"
- "if I were to add data, it would track if anyone has hacked into my emails"
|Cyber||Cyber asks a lot from the user in terms of entering private data ("It's a lot of info")||- Reduce visual weight of modal container to minimize bulk|
- Reduce container width
|1 - Low||1 - Low||Design||Comments:|
- "I was thinking if CSID ever got hacked I don't want all info to be in one spot"
- "I really don't like sharing my social security number - freaks me out. would share for monitoring purposes. in general don't like putting that stuff out there"
|Cyber||Users reluctant to enter data||Add some security box|
|Cyber||Missing Cyber enhancements make service seem weak||Considerations|
- add ability to recognize the bank by routing number boosts the credibility of the service
- consider verifying data entry for some fields (enter in a phone number twice for safety, especially because we hash out the dat after it has been entered for monitoring)
- even if it does not matter for monitoring, asking if the account is checking or savings may add to authenticity of service
|1 - Low||2 - Med||Dev, Design, Prod||Comments|
- "automatically tell me what bank it's from - typically the way it works. name of bank would make me feel that the system is working properly and that it knows what bank is connected to the routing number."
- "I'm surprised it doesn't make me enter information twice"
- "maybe asking if checking or savings account?"
|All Alerts||Alert frequency is unclear||- Communicate last scan information|
- within Alerts widget or supplemental widget provide context around monitoring schedule (for service or per product)
|1 - Low||2 - Med||Marketing, Design, Data||Comments:|
- "would like to know last date of a run for checking"
|All Alerts||Expanded Cyber Alert callout details are unclear (Compromise Type)||- Reduce the information that is included in the red highlight above an alert|
- Include glossary of terms/other widget information regarding what these types mean as most users do not understand
|2 - Med||1 - Low||Dev, Design, Prod||Note: the user experience of receiving the Cyber alert email, logging into their accounts, being put on the Dashboard with an All Alerts container (all alerts collapsed) worked well with users.|
|All Alerts||Delete mechanism works but may need updates||- Most users fine with in-line delete|
- this work to remove the modal delete messaging may not need to happen; modal is in line with native delete prompt
|1 - Low||1 - Low||Dev, Design, Prod||Note: inline delete was designed to align with Cyber monitored info delete and move away from modal delete messaging. |
- mechanism here: https://projects.invisionapp.com/share/ZE6KWGTRV#/screens
- ticket here: https://csidentity.atlassian.net/browse/IMCB-17956
|Dashboard||Risk Analytics informative but does not provide data in context to the user||Provide data in context to the user - how does the user compare to other people? (similar to your credit standing compared to others)||2 - Med||2 - Med||Design, Dev, Prod, Data||Comments: |
- ""average number of notifications" maybe would interest me. then I would know where I stand among other subscribers."
|Dashboard||Risk Analytics are unclear as to what these numbers pertain to||Clarify source for these values:|
- are Identity notifications sent by my bank (if service offered through bank)?
- is the number count related to subscribers of this particular service bundle, or CSID overall customers?
|1 - Low||2- Med||Marketing, Design, Prod||Comments:|
- "area personalizes to me but not sure I understand CyberAgent # is that people, homes? not sure what it means"
- financial institution "is telling me how many people are subscribers - surprised they are giving me those details"
|Dashboard||All Alerts container coould get bulky on this screen and decrease visbility of other widgets||Considerations to accommodate a large number of Alerts:|
- add pagination to container or
- add a CTA to View All which would take users to the All Alerts page
|2 - Med||2 - Med||Prod, Design, Dev|