Scam Protection: Designing clearer decisions in high-risk flows
OCBC Bank • Aug 2022 – Dec 2023
IMPACT & OWNERSHIP
Contributed to preventing >$12M SGD in scam losses as part of a broader anti-fraud initiative
Improved user decision-making at critical transaction moments
ROLE
Senior Product Designer
Led UX design for fraud prevention experience within payment flows
Owned end-to-end risk intervention across transaction journeys
Secured stakeholder buy-in and collaborated with engineers, risk & compliance, data and legal teams
PROBLEM
Digital banking scams were rising — from account takeovers to users unknowingly authorizing fraudulent transactions.
The issue wasn’t awareness, but decision-making under false confidence. Users believed they were in control even when being manipulated.
CONSTRAINTS
Regulatory limits restricted how aggressively transactions could be blocked.
Over-intervention risked disrupting legitimate transactions and eroding trust.
Rapidly evolving scam patterns required adaptive, not rule-based solutions
Key Insights
1
Familiar UI patterns created false trust
Users relied on familiar flows (OTP, confirmations), assuming legitimacy.
Implication: We couldn’t rely on standard UI signals to communicate risk
2
Users completed risky actions with high confidence
Even when signals existed, users dismissed them under social pressure.
Implication: Awareness ≠ behavior change
3
Risk is recognized too late in the flow
By the time users hesitate, they are already committed.
Implication: Intervention must happen earlier and repeatedly
STRATEGY & SOLUTION
Designing for safer decisions in real time
Shifting from informing users and enabling actions to guiding safer decisions through three principles.
ONE.
Disrupt autopilot actions
Introduced friction at high-risk decision points
Implemented cooling periods for new payees and limit increases to slow irreversible actions
Lowered default transaction limits to reduce exposure
Enabled real-time transaction alerts from $0.01 to increase awareness
Fig: Increase of transaction limit takes effect after 12 hours
Fig: Default transaction limits lowered
TWO.
Reduce reliance on user judgment
Minimize the need for users to identify and act on risk themselves
Flagged suspicious transactions for bank-led review instead of relying on user detection
Introduced transaction holds to allow time for verification before processing
Enabled manual intervention (e.g. follow-up calls) to validate intent in high-risk cases
THREE.
Reduce blind trust
Strengthened authentication to reinforce identity verification in high-risk scenarios:
Introduced email-based authentication as an additional authentication layer beyond SMS OTP
Added step-up authentication for sensitive transactions to validate identity at execution point
Enforced retry limits and session logout after repeated failed verification attempts to prevent unauthorized access
Fig: Customers must authenticate via email to complete transaction
Trade-offs & Challenges
Designing for fraud prevention required balancing speed, trust and safety.
Speed vs safety: Introducing friction reduced risk but slowed legitimate transactions
Awareness vs fatigue: Too many warnings led to dismissal and reduced effectiveness
Trust vs skepticism: Challenging familiar UI patterns risked confusing and annoying users
Key decision: Prioritizing targeted, contextual friction over seamless speed and blanket warnings
IMPACT
Over S$12M in customer losses were prevented
Contributed to preventing >$12M SGD in scam losses as part of a broader anti-fraud initiative
Increased user hesitation at risky moments
Scaled across all payment flows, expanding into cross-border transfers
Beyond metrics:
Established a framework for risk-based UX interventions
Influenced future fraud prevention design patterns across the organization
REFLECTIONS
Rethinking friction—not as cost, but as a mechanism for trust
The urgency of phishing threats required introducing friction that reduced speed and convenience. This direction faced early internal concerns from product stakeholders, with fears that added friction could impact engagement and push users toward competing banks with smoother flows.
To validate this shift, I conducted usability testing and interviews. While users initially expressed frustration with added steps, they consistently prioritised safety when the rationale was clear. With greater transparency, they not only accepted the friction but appreciated its intent, reinforcing our decision to make deliberate trade-offs in high-risk moments.
Personally, this was uncomfortable. It challenged a long-standing product mindset optimised for speed and seamlessness, requiring a shift toward intentional friction where risk outweighs convenience.
Through volunteering in the bank’s Digital Silvers Programme, supporting older customers with digital banking, I saw how these decisions play out in real use, particularly for users with lower digital confidence. It reinforced that designing for safety is not only about preventing scams, but about balancing protection with accessibility—ensuring users feel both secure and capable across different levels of tech literacy.