Enhancing Security Features
Adyen's B2B SaaS Platform
PROBLEM STATEMENT
Despite the increasing prevalence of cyber threats, only 7% of our merchant users have adopted multi-factor authentication (MFA), leaving a significant majority vulnerable to security risks. Given the critical role of MFA in safeguarding sensitive data, this project aims to increase MFA adoption to 80% by identifying and addressing barriers to adoption, optimizing the user experience, and implementing effective incentives and communication strategies.
MY ROLE
Handled research, ideation, prototyping, and testing, working closely with engineering to ship the product.
TEAM
1 Designer, 1 Product Manager, 1 UX Writer, 1 Data Analyst and 8 Software Engineers
What does the product do?
Adyen's customer area streamlines payment management and enhances merchant insights:
Optimize payment processes
Manage risks, view disputes, defend chargebacks
Strengthen sales strategies with actionable insights
Gain a deeper understanding of user shopping behavior
What is MFA?
MFA is an authentication method in which users are granted access only when they successfully present two or more pieces of evidence.
Why MFA?
Using MFA adds an extra layer of security to the user’s accounts and makes it harder for malicious actors to gain access.
Knowledge
Secret Questions
PIN
Inherence
Fingerprint scans
Retina scans
Voice recognition
Facial recognition
Possession
Authenticator application
SMS
Email account
Security keys
Competitor Analysis
Stripe supports three primary methods of two-step authentication:
Text messaging (SMS) authentication
Mobile apps authentication
Hardware security keys
They also support using Windows Hello or Touch ID for two-step authentication once one of the above authentication methods is in place.
Text messaging (SMS) authentication
Authentication apps
Text messaging (SMS) authentication
Authentication apps
Research Findings
We conducted interviews with a diverse range of Adyen’s clients, some with a strong emphasis on security and others with varying priorities. Here are the insights we gained from our research.
Why are we at 7%?
Low awareness around MFA
Users are not comfortable installing another app on their phone
Secure, but cumbersome process
How do we reach 80%
Educate users on the security benefits of MFA
Give users a choice between different authentication options
Make the MFA process easy enough to use
Eventually, force it
Project Timeline
Users
Merchant Users
Uses the customer area for payment management
Merchant Admins
Activates the right user roles and permissions
Merchant Admin Flow
The admins are responsible for enabling MFA for all users within the company. All these configurations can be managed through the company's settings page.
They need to evaluate and decide which types of MFA to offer, such as app-based authentication or SMS verification, or both.
They must establish the duration for which each session remains valid.
Merchant User Flows
Registration Flow
Offering the user the option to pick between SMS or Authenticator app
Storing the user's phone number or device when they register
Removal Flow
Remove or replace and authentication options
Authentication Flow
Sending the code when the user needs to authenticate while logging in
Capturing the code that the user enters
Displaying error and success messages
Registration Flow
Removal Flow
Authentication Flow
We successfully shipped MFA globally, significantly increasing adoption by simplifying the enrollment process, reducing friction, and designing an intuitive, user-friendly experience.
