Scam Protection: Designing clearer decisions in high-risk flows
OCBC Bank • 2022 – 2023
Digital scams were rising. Some users didn't see it coming, but many did and still got caught. Familiar UI made users comfortable, and scammers knew it. We had to break that autopilot.
iMPACT
SGD $12M
Losses prevented
1.3M
Users
47
Markets
MY ROLE
Primary designer on the fraud prevention initiative
End-to-end risk intervention design, from intervention strategy to UI execution. Led stakeholder alignment across engineering, risk and compliance, and legal teams.
Collaborated with UX researchers on discovery, and with product owners on intervention approach, particularly around compliance constraints and rollout sequencing.
TEAM
Product, engineering, legal, editorial, UX research.
CONSTRAINTS

Regulatory limits restricted how transactions could be blocked.

Over-intervention risked disrupting legitimate transactions and eroding trust.

Rapidly evolving scam patterns required adaptive solutions.
KEY FINDINGS
Familiar pages created false trust
Users assumed confirmation flows were legitimate.
Learning: Familiar patterns build trust, but in high-risk moments, that trust becomes a vulnerability.
Users didn't hesitate, even on risky actions
Scammers exploited urgency and anxiety. Even users who sensed something was off felt pressured to proceed.
Learning: Awareness ≠ behavior change.
Risk is recognized too late in the flow
By the time users hesitate, they are already committed.
Learning: Intervention must happen earlier and repeatedly.
KEY STRATEGIES
Designing for safer decisions in real time
Shifting from informing users → guiding decisions
01.
Disrupt autopilot actions
Not all actions should be easy. We introduced cooling periods before new payees could be added and before limits could be raised: small pauses designed to interrupt autopilot right before the point of no return.
02.
Reduce reliance on user judgment
Instead of trusting users to catch suspicious activity themselves, manual intervention validates transaction intent and flags anything that looks off.
03.
Reduce blind trust
More verification barriers, including email-based authentication and two-factor reinforcement, to close the gaps that overconfidence tends to leave open.
TRADE-OFFS & CHALLENGES
Designing for fraud prevention required balancing speed, trust and safety.
Speed vs safety
Introducing friction reduced risk but slowed legitimate transactions
Awareness vs fatigue
Too many warnings led to dismissal and reduced effectiveness
Trust vs skepticism
Challenging familiar UI patterns risked confusing and annoying users
IMPACT
Over S$12M in customer losses were prevented
Contributed to preventing over $12M SGD in scam losses. Increased user hesitation at risky moments, and scaled across all payment flows, expanding into cross-border transfers.
Beyond metrics, this project help established a framework for risk-based UX interventions that influenced future fraud prevention design patterns across the organization
REFLECTIONS
Friction can be a feature
I'm trained to optimise for speed and ease. This project asked me to do the opposite, and that was genuinely uncomfortable. Having a clear reason for the friction made it defensible, and that matters more than following convention.
Transparency earns trust
Users frustrated by added steps changed their minds once the rationale was clear. The design didn't change, the explanation did. Communicating the why is part of the design, not an afterthought.
It needs to work for everyone
Volunteering with older customers through OCBC's Digital Silvers Programme made this real. Friction that feels sensible to confident users can be completely overwhelming for others. You can't design protection that only works for the assumed user.
Sometimes the harder push is the product mindset
The screens weren't the hard part. The hard part was convincing a team that had spent years optimising for speed that slowing users down was sometimes the right call. Sometimes the real design problem is the assumption the team hasn't questioned yet.



