It was the year 2007, and a designer at General Electric, Doug Deeds, just finished a two and half year project designing an MRI machine. When he got the opportunity to see it in action at a local hospital, he jumped at the opportunity. Standing next to his new design, Doug admired his work. He saw this gleaming white machine in a sanitized room, and the sound of the machine was beautiful to him. Then, the technician taps him on his shoulder and asks him to step out, as a patient is coming in for a scan. He steps out and stands on the outside of the room and looks in through a window.
A little girl comes in. After a while, Doug notices that the little girl is crying hysterically. Her father kneels and tells her “My girl, we talked about this. You need to be brave.” The technician then calls the anaesthesiologist as the girl needs to be sedated. Doug asks the technician how often this happens, the technician says, “oh, it is quite common. As much as 80% of all children must be sedated as they are simply too scared”.
Doug was heartbroken. For the first time, Doug saw this machine and room from the perspective of the little girl. He sees yellow and black lines on the floor showing where you are allowed to move, almost like an accident scene. On the wall is a huge magnet with a danger sign on it, and the sound of that machine now sounds like a monster to him[1].
Upon reflection, Doug realised that he needed to adopt a human-centric design approach. Together with his team, they did exactly that. They put stickers on the floor that look like little rocks, and kids were told that they must only walk on the rocks. The played waterfall sounds and changes the flatbed into a canoe. Kids are told if they lay still, fish might jump. The human-centric design approach completely transformed the entire experience for the kids. As a result, the number of kids required to be sedated went down from 80%, to less than 20%. Satisfaction scores also went up to 90%.
When it comes to securing data (or any customer or end-user facing systems), we can learn from this. As designers and builders of systems and platforms, we are always looking for ways to do things faster, cheaper, and better. Our customers, however, looks at experience. As designers we need to have empathy, and design with our customer in mind. We must acknowledge that on the other side of every security feature or control is a human. The friction introduced by security controls must be understood in the context of the customer journey and experience.
Security impacts customer conversion
According to research done by EYStudios in 2022, reasons why customers abandon their cart include long or complicated checkout processes, mandatory requirements for an account to be created, and web pages taking too long to load[2]. Barnyard performed similar research in 2022 and supported the findings of EYStudios. They found that across a sample of 4384, 24% of customers abandon their cart because the site wanted them to create an account, 18% because they did not trust the website their credit card details, 17% because the checkout process was too complicated or took too long, and 13 % because the website had errors[3].
Being mindful that security controls directly impact the account creation process (authentication and registration), checkout (validation and payment security), and slow website (latency), one could argue that security is no longer just about securing systems and data; it directly impacts the customer experience, and therefore directly impacts customer conversion and retention. A human-centred approach to data security is therefore compulsory.
[1] Creating a “Kid-friendly” MRI scanner with Design Thinking – M-Powered Projects
[2] Tactics For Re-Engaging Abandoned Cart Customers – EYStudios
[3] Reasons for Cart Abandonment – Why 68% of Users Abandon Their Cart (2022 data) – Articles – Baymard Institute
I’ve come to the cross-road where I’ve seen that at point where have all skill and no Certs you can’t…