Scam Protection: Designing clearer decisions in high-risk flows

OCBC Bank • 2022 – 2023

Digital scams were rising. Some users didn't see it coming, but many did and still got caught. Familiar UI made users comfortable, and scammers knew it. We had to break that autopilot.

iMPACT

SGD $12M

Losses prevented

1.3M

Users

47

Markets

MY ROLE

Primary designer on the fraud prevention initiative

End-to-end risk intervention design, from intervention strategy to UI execution. Led stakeholder alignment across engineering, risk and compliance, and legal teams.

Collaborated with UX researchers on discovery, and with product owners on intervention approach, particularly around compliance constraints and rollout sequencing.

TEAM

Product, engineering, legal, editorial, UX research.

CONSTRAINTS

Regulatory limits restricted how transactions could be blocked.

Over-intervention risked disrupting legitimate transactions and eroding trust.

Rapidly evolving scam patterns required adaptive solutions.

KEY FINDINGS

Familiar pages created false trust

Users assumed confirmation flows were legitimate.

Learning: Familiar patterns build trust, but in high-risk moments, that trust becomes a vulnerability.

Users didn't hesitate, even on risky actions

Scammers exploited urgency and anxiety. Even users who sensed something was off felt pressured to proceed.

Learning: Awareness ≠ behavior change.

Risk is recognized too late in the flow

By the time users hesitate, they are already committed.

Learning: Intervention must happen earlier and repeatedly.

KEY STRATEGIES

Designing for safer decisions in real time

Shifting from informing users → guiding decisions

01.

Disrupt autopilot actions

Not all actions should be easy. We introduced cooling periods before new payees could be added and before limits could be raised: small pauses designed to interrupt autopilot right before the point of no return.

02.

Reduce reliance on user judgment

Instead of trusting users to catch suspicious activity themselves, manual intervention validates transaction intent and flags anything that looks off.

03.

Reduce blind trust

More verification barriers, including email-based authentication and two-factor reinforcement, to close the gaps that overconfidence tends to leave open.

TRADE-OFFS & CHALLENGES

Designing for fraud prevention required balancing speed, trust and safety.

Speed vs safety

Introducing friction reduced risk but slowed legitimate transactions

Awareness vs fatigue

Too many warnings led to dismissal and reduced effectiveness

Trust vs skepticism

Challenging familiar UI patterns risked confusing and annoying users

Key decision: Scam patterns were evolving faster than we could ship. Blanket warnings would have added noise without changing anything. So we made a call: targeted friction, explained clearly, was worth the short-term frustration. The goal was to protect accounts without making users feel like the bank was the obstacle.

This meant pushing back on proposals like dropping all default transaction limits across the board, or implementing cooling periods without explaining why. Both would have protected assets on paper. Neither would have held user trust.

Key decision: Scam patterns were evolving faster than we could ship. Blanket warnings would have added noise without changing anything. So we made a call: targeted friction, explained clearly, was worth the short-term frustration. The goal was to protect accounts without making users feel like the bank was the obstacle.

IMPACT

Over S$12M in customer losses were prevented

Contributed to preventing over $12M SGD in scam losses. Increased user hesitation at risky moments, and scaled across all payment flows, expanding into cross-border transfers.

Beyond metrics, this project help established a framework for risk-based UX interventions that influenced future fraud prevention design patterns across the organization

REFLECTIONS

Friction can be a feature

I'm trained to optimise for speed and ease. This project asked me to do the opposite, and that was genuinely uncomfortable. Having a clear reason for the friction made it defensible, and that matters more than following convention.

Transparency earns trust

Users frustrated by added steps changed their minds once the rationale was clear. The design didn't change, the explanation did. Communicating the why is part of the design, not an afterthought.

It needs to work for everyone

Volunteering with older customers through OCBC's Digital Silvers Programme made this real. Friction that feels sensible to confident users can be completely overwhelming for others. You can't design protection that only works for the assumed user.

Sometimes the harder push is the product mindset

The screens weren't the hard part. The hard part was convincing a team that had spent years optimising for speed that slowing users down was sometimes the right call. Sometimes the real design problem is the assumption the team hasn't questioned yet.