Users are bad designers; But they know bad design

TL;DR:
If your customers are complaining about the user experience on your app/website, it means the user experience was badly designed (they know bad design). More often than not, they are going to tell on how your app/website should have worked - don't let them design the user experience for  your (they are bad designers). Listening to your customers is not about doing everything they say you should do. It's about figuring out whether your design is good.

When we started our company, our foremost value was security so when we launched our product, we had two-factor authentication (2FA) built-in and compulsory for all customers on day 1 - we're a financial services company. 

The way it works was: whenever a customer wanted to make an important transaction (such as sending or withdrawing money) we would SMS a one time password they would have have to enter first for the transaction to be valid. Our reasoning was that if the customer had the account password for her account and if she could prove that she was carrying a mobile phone that contains the mobile number we have associated with her account (remember the one time password) then it was really her making the transaction. We were using a third party service provider to provide the SMS service and this worked fine initially until our SMS provider started having problems getting  those SMS message delivered to our customers (who are mostly in Zimbabwe).  At first the delivery problem was intermittent and wouldn't last for very long so we would just lodge a complaint and then call the customer to give them a one-time-password (OTP) over the phone. It started getting worse and at it's worst, we couldn't deliver SMS messages to mobile phones for a week. It also increased the burden on ourselves because we were sending out these OTPs  manually - I believe that during this period we even lost some customers for life. It also damaged our business financially because although the SMS messages were not getting delivered to the handsets, they were being delivered to the network and we would get charged for that. Add to this that, because it wouldn't work the first time, all of our customers would keep trying to request an OTP and we would get charged every time they tried. Sucks huh?

Almost all of our affected customers lodged their complaints and asked us to remove 2FA. Some even demanded it - the pressure to remove 2FA was too much.

If we thought 'listening to customers' was doing what they say, we would removed 2FA (even temporarily). Fortunately we knew that 'listening to customers' really meant that you use their feedback to determine if your design is good or bad so we didn't compromise on our most important value (security). We instead went back to the drawing and came up with a specification for a new design which gave our customers an option to use apps such Authy and Google Authenticator (which all don't rely on the unreliable SMS channel) and the option to get a phone call if you don't get an SMS (phone calls are more reliable than SMS too). However, being a small team that was already swamped, it was going to take us weeks to implement this new design but even then, compromising on our value wasn't an option. We came up with another idea: to call all our our service providers competitors and ask if they will give us the same service, at the same price but guarantee delivery. The first company we called was our providers biggest competitor - they guaranteed delivery, they charge almost  half of what we were being charged and the way they needed us to call their API was very similar to the way it worked with our current provider so we literally only had to change 3 lines of code to switch to them. 

Our customers are happy again, we've put a lower priority on the implementation of our new 2FA design and we've been reminded that users are bad designers. But they know bad design.



H2
H3
H4
3 columns
2 columns
1 column
Join the conversation now