Telstra introduced a secure, accessible verification flow in the My Telstra app to allow users to complete high-risk transactions independently. By combining one-time PINs, 4-digit PINs, and optional biometrics into a seamless journey, the experience balanced strong security with user convenience. The new flow built trust, reduced support dependency, and made sensitive account management simpler for all users.
Telstra needed a secure way for users to complete high-risk transactions in the app—such as adding an authorised account holder—without needing to contact support. The solution had to strike the right balance between security, accessibility, and ease of use.
The goal was to introduce a seamless and secure user verification flow that empowered users to complete sensitive actions independently, while meeting accessibility standards and supporting modern device capabilities like biometrics.
I focused on designing a flexible, secure, and accessible verification experience that integrated one-time PINs (OTPs), 4-digit PINs, and biometrics into a smooth journey. Here’s how it came together:
We began the flow by sending a one-time PIN to the user’s mobile or email address. Users would then input this code to verify their identity before proceeding to sensitive areas of the app.
Once verified, users were prompted to create a simple 4-digit PIN. This added an extra layer of security for future high-risk transactions without requiring repeated OTPs.
To make the experience more convenient, we gave users the option to enable biometric authentication, such as Face ID or fingerprint recognition, depending on their device capabilities. This reduced friction in repeat use while maintaining a secure experience.
To meet Android accessibility guidelines, I redesigned the OTP component to ensure all tappable areas met the required 48 x 48dp minimum touch target size with 8dp spacing. Rather than using separated fields, we grouped the inputs within a single large tappable area (328 x 64dp), making it easier for users with dexterity challenges to interact with.
The new verification flow offered a secure, accessible, and user-friendly way to complete high-risk transactions within the app. It built trust through clarity and ease, while empowering users to manage sensitive account tasks on their own—no phone call required.