Smart PIN

Problem Statement

How can we validate users in way that is more reliable and easy to adopt? How can we validate 100% of our customers without sending them back to the carrier and without giving anything away to fraudsters?

Solution

While researching a possible solution and looking into various options such as photo ID upload, fingerprint etc., two factor authentication (2FA) or OTP (One time password) came out as one of the possible solutions that is industry vetted, simple and easy to adopt. And while static PINs and passwords are subject to numerous attacks, Smart PIN promises to be far more secure. Further, it is not only to validate the customers successfully but to be sure of "you being you" will lead to reduced friction through out the claim flow. So we get:

• Better customer verification experience. Higher first pass yield on validation. 
• Strong mechanism to defeat fraud 
• Confident on 'You being you', leading to reduced friction in further claims flow. 

We implemented Smart PIN in addition to the carrier PIN to test the technology and gather some production level data. We refer this as Test 1.

Prototype: https://asurion.invisionapp.com/share/3UVEVF2NZY7

Test 1 results (Launched September 2017)

• Smart PIN Success Rate 59%
• Smart PIN Failed 7.5%
• Smart PIN Expired 3.5%
• Smart PIN Inaccessible/No Action 30%

Positive results from Test 1:

• Very high first pass yield when users chose to use Smart PIN. 98% of the cases got their PIN in first go.
• That infers a great customer experience. 
• The SMS and email turn around times are within the industry benchmarks. 
• 0% Program Abuse on users who got Smart PIN verified.

Next step—We did not consider ramping up the test because:

• The flow required a customer to get through both Carrier PIN and Smart PIN, which is an overkill and a bad customer experience. 
• Considering the nature of Smart PIN, which requires either a valid enrolled email or ability to receive SMS on the enrolled MDN, we have to consider users who do not have either option in case of lost/stolen peril.
• Led to reasonably high workload.

We would like to test other design flows and compare the data.

Test 2

Flow: We would like to test Smart PIN as a fall back option to Carrier PIN. Users who fail their carrier PIN twice or click on the 'Forgot your Sprint PIN?' will get the option to use Smart PIN. With this flow, our goal is to retain users in the channel and get them verified without the need to going to the carrier.

Prototype: https://asurion.invisionapp.com/share/JYGLT7FH2S8#/287060655_D_Get_Started_NEW

User testing video: https://www.usertesting.com/v/cf41baf0-4056-46f1-8c2f-86f944c6205b?encrypted_video_handle=bapWwMjNCvhfScy92LY34w&shared=f4H9scbX

User testing details: https://www.evernote.com/l/ArMH5zVN9VdNDLAepD82kHSmnNmsZENRpNU
Launch date: 04/03/2018.  Ramp up the traffic to 1% on Sprint.

Test 3

Flow: This is a design variation of test 2. We would like to test Smart PIN as another equal option with Carrier PIN on a single UI screen. This flow will truly determine user's preference for verification method.

Prototype: https://asurion.invisionapp.com/share/Y7GLT6NTZBJ#/288250716_D_Get_Started_NEW

Prototype user testing video: https://www.usertesting.com/v/2d81a222-543e-4c66-8684-656f49696793?encrypted_video_handle=VfIdfTNZRo7sL5FWwLs4EA&shared=M9w-4ydU

User testing details: https://www.evernote.com/l/ArMH5zVN9VdNDLAepD82kHSmnNmsZENRpNU
Launch date: 04/18/2018. Ramp up the traffic to 1% on Sprint.

Ramp up 100%

By comparing the user testing results and production data, we are confident that test 2 performs better among our users and we decided to ramp up the test to 100% (90% Sprint and 10% Cricket) on May 17th, 2018.

Significant increase in web initiations starting on May 18th, 2018.

Smart PIN success rate is around 84%

Beyond Smart PIN - Veiled experience

By combing the MDN and PIN screen, we eliminate the possibiliy of fraudster guessing whether the MDN is valid or not. From a legit customer perspective, it also eliminates the asking for additional information that are not required for authentication. Enrolled MDNs can successfully get authenticated through Smart PIN or carrier PIN. Same authentication experience for enrolled and unenrolled MDNs. Unenrolled MDNs will NOT receive Smart PIN code through email or SMS.

Prototype: https://asurion.invisionapp.com/share/VHI2RT8DFEM

Other Smart PIN Related Work:

1. Smart PIN as an FRM constraint: We have established that Smart PIN enables good customer experience by helping the customers stay in the channel and get validated when they do not know their Carrier PIN. At the same time, it is a strong mechanism to defeat fraud. Here we are leveraging the existing implementation of Smart PIN and re-using it as constraints at any of the sync checks with FRM.  This is a way to increase our portfolio of weapons to fight fraud. We are partenering closely with the FRM team on this one.
2. Smart PIN would be removed for the orphaned docs flow.
3. Smart PIN to be implemented on IVR