Appendix C. Improved security flow

A series of logging off and on frustrations emerged while traversing between apps.

I sketched out a flow to allow the “drafting” of forms without logging in (Figure 1) or when off-line. This matches our users’ real-world experience of filling out forms in a bank branch foyer before handing them to the teller through the security partition, or via a mailbox or machine for processing.

sketch of completing banking forms outside the app security
Figure 1. Sketching a task model avoiding security hurdles after becoming frustrated with repeated Touch ID events when performing tasks using data from other apps

The forms save as drafts. When ready, our user selects and submits the form and the app logs on to the server to complete the transaction securely (Figure 2).

Our research suggests our users do not always want to know their balance before making a payment. The balance is not a factor in their in-app decision process. They want to make the payment or transfer, etc.

Before logging on, they do not see their balances. When asked to confirm the transaction during the secure part of the process the app can notify our user of the balances should they be useful then.

task model
Figure 2. Suggested task flow to avoid logging in and session timeout issues by making DRAFT form completion available before the security wall