About NAB Connect Authenticator / Physical Token replacement.

NAB Connect (NABC) is the business banking arm of the National Australia Bank. All NABC customers receive a RSA one time password physical token that they need to use while making payments via the NABC customer portal.

As part of this project an app was design to replace/decommission the physical tokens.

Customer research survey findings & declining NPS.

A third party agency was engaged to create a survey and conduct an investigation into the customers experience and to try and quantify which specific pain points are leading to the poor net promoter score (NPS).

The customers & their pain points.

The customers using NABC are business but often the users of the platform are the employees (Including directors, payroll staff/accountants, accounts payable staff). The big pain points that I could see from the report are:

• New customers can’t make payment until they receive the physical token which can take upto 2 weeks once its ordered. This means they have just signed up for an account and they effectively cant use it for another 2 weeks.

• If the token becomes damaged or not working properly, that specific user with have to ask someone else in the organisation with a working token to make the payment until they receive their replacement (which takes 2 weeks).

NABC pain points.

Replacing these tokens is getting costly for NAB as on average each token is getting replaced once within the first 12 months of being issued. To make matters worse the poor experience of customers needing to wait to make payments was highlighted in the research findings and it is often a reason for a customer to keep their business account active with other banks.

The hypothesis.

We believe that by shortening the wait time for a token to be available to our customer (new / existing) will help them perform their business activities quicker and with no down time. We will know this to be true by seeing:

• A trend up for our NPS

• No more complaints about setting up an account but not being able to use it

• No more complaints about loss of efficiency due to token issues.

• A savings for NAB as token replacement won’t require

Research on alternatives to physical tokens.

There are alternatives to using a physical token such an email/SMS one-time password only solutions however they don’t provide the same level as security.

The promising alternative which has just surfaced in market around that time is the concept of a soft token. similar to physical tokens a 1 to 1 relationship between a user and a token still needs to be established.

Working within the banks security requirements.

Security did have a requirement that the token issuing process needs to capture the users customer ID, password and and SMS code verification step to their mobile number on record.

The banks security team identified a SDK we could use to leverage a soft token solution. We would still be able to customise the sign up process, the generating of the OTP and challenge code will be taken care of by the SDK.

Soft token issuing / linking process.

Generating a OTP/Challenge Code flow.

Gorilla testing.

Tested the setup flow and 2 alternative home screen flows. The testing was conducted with 5 existing NABC customers and 5 non-NAB customers.

The alternative designs for the home screen / main flow was due to a finding that came out of looking at payment analytics 83% of payments in last 2 years required a one time password only and the remaining 17% triggered a challenge code.

Results & learnings from user testing.

Alternative flow 2 performed better than flow 1 when it came to the navigation. It appeared that customers were able to complete the action using both the mobile and computer quicker with 2.

We did have a vital learning that we needed a quick way to switch the user between OTP and challenge code at the end of the flow as often users are trying to approve multiple payments quickly.

See updated prototype here.

Outcome in production & NPS improvement.

In production this was a hit. Customers loved that they could start operating from their new account instantly. They are able to onboard new staff instantly without having to wait for the physical token to arrive. 3 months after go live and after the new app NABC Authenticator was rolled out to 60% of customers, the NPS jumped by 50pts.

Please note.

I worked on this project 2014-2015. This application is still in production but was re-branded in 2019 NAB Connect (the word Authenticator has been removed) as the feature set has expanded to include payments and balance checking.

See on the Google Play Store & Apple App Store.