Driving Mobile Adoption for Security
Driving Mobile Adoption for Security
To strengthen account security in preparation for the introduction of multi-factor authentication (MFA), it became a priority to ensure all users had a verified mobile number linked to their account. With over 30% of users unverified, this posed a significant security gap. The rollout was structured in phases to raise early awareness, give users time to act, and provide a clear path toward compliance by encouraging mobile verification before it became mandatory.
To strengthen account security in preparation for the introduction of multi-factor authentication (MFA), it became a priority to ensure all users had a verified mobile number linked to their account. With over 30% of users unverified, this posed a significant security gap. The rollout was structured in phases to raise early awareness, give users time to act, and provide a clear path toward compliance by encouraging mobile verification before it became mandatory.
Driving Mobile Adoption for Security
To strengthen account security in preparation for the introduction of multi-factor authentication (MFA), it became a priority to ensure all users had a verified mobile number linked to their account. With over 30% of users unverified, this posed a significant security gap. The rollout was structured in phases to raise early awareness, give users time to act, and provide a clear path toward compliance by encouraging mobile verification before it became mandatory.
Phase 1: Awareness and Education
The goal of Phase 1 was to build early awareness and educate users on upcoming security changes before introducing friction.
I designed a message card in the Notification Centre, working with CRM to surface it via Braze targeting for members without a linked mobile number. Braze enabled contextual messaging at scale without disrupting the user journey, allowing for quick, frictionless, introduction to mobile verification.
Messaging focused on communicating the importance of protecting one’s account and introduced the new security improvements. This was initially A/B tested on 50% of the cohort to measure engagement, where 25% of users successfully added a mobile, validating the approach before moving to the next phase.
Phase 1: Awareness and Education
The goal of Phase 1 was to build early awareness and educate users on upcoming security changes before introducing friction.
I designed a message card in the Notification Centre, working with CRM to surface it via Braze targeting for members without a linked mobile number. Braze enabled contextual messaging at scale without disrupting the user journey, allowing for quick, frictionless, introduction to mobile verification.
Messaging focused on communicating the importance of protecting one’s account and introduced the new security improvements. This was initially A/B tested on 50% of the cohort to measure engagement, where 25% of users successfully added a mobile, validating the approach before moving to the next phase.
Phase 2: Encouraging Action
This phase focused on converting unverified users ahead of the mandatory rollout, without disrupting their shopping experience. To support this, I designed a full-screen modal triggered on sign-in, selected as the most reliable entry point based on session behaviour and technical constraints.
To balance urgency and flexibility, the modal triggered a 14-day grace period, where users could either verify their mobile or skip and continue shopping. Those who opted in entered a modular flow for mobile capture and MFA verification, which was later adapted in Phase 3.
This flow was directly informed by the earlier competitive analysis, showing that a progressive approach to security using contextual prompts and educational messaging led to higher adoption and user trust. This insight informed a flow that introduced friction without blocking tasks, helping users adjust gradually while meeting compliance needs.
Phase 2: Encouraging Action
This phase focused on converting unverified users ahead of the mandatory rollout, without disrupting their shopping experience. To support this, I designed a full-screen modal triggered on sign-in, selected as the most reliable entry point based on session behaviour and technical constraints.
To balance urgency and flexibility, the modal triggered a 14-day grace period, where users could either verify their mobile or skip and continue shopping. Those who opted in entered a modular flow for mobile capture and MFA verification, which was later adapted in Phase 3.
This flow was directly informed by the earlier competitive analysis, showing that a progressive approach to security using contextual prompts and educational messaging led to higher adoption and user trust. This insight informed a flow that introduced friction without blocking tasks, helping users adjust gradually while meeting compliance needs.
Phase 3: Mandatory Verification
In the final phase, mobile verification became mandatory through a non-skippable full-screen modal presented at sign-in. Users who attempted to exit or refresh the page were logged out. These safeguards were implemented in collaboration with engineering to close edge cases and ensure full compliance.
With differences between the web and app platforms, I worked to align the flow and interface across both to create a consistent user experience.
While this phase introduced stricter requirements, the overall experience was intentionally designed to feel familiar. By carrying forward patterns from earlier phases, users were guided through the update with clear messaging and minimal disruption.
Phase 3: Mandatory Verification
In the final phase, mobile verification became mandatory through a non-skippable full-screen modal presented at sign-in. Users who attempted to exit or refresh the page were logged out. These safeguards were implemented in collaboration with engineering to close edge cases and ensure full compliance.
With differences between the web and app platforms, I worked to align the flow and interface across both to create a consistent user experience.
While this phase introduced stricter requirements, the overall experience was intentionally designed to feel familiar. By carrying forward patterns from earlier phases, users were guided through the update with clear messaging and minimal disruption.
Impact
✅ 65% of users successfully added a verified mobile number, significantly improving account security readiness for MFA rollout.
Impact
✅ 65% of users successfully added a verified mobile number, significantly improving account security readiness for MFA rollout.
