Building a Secure Authentication System for KBZ Bank’s Self-Service Portal

FinTech & Banking platform
WebApp and Mobile 
8 mons

Project Overview

KBZ Bank initiated the development of a new Self-Service Banking Portal to enable customers to access banking services digitally without visiting branches.

A core challenge of the project was designing a secure authentication system that:

  • Supports existing bank customers
  • Minimizes repeated KYC friction
  • Meets banking-grade security standards
  • Builds user trust during digital onboarding

This case study focuses on designing the authentication architecture and registration flow for existing KBZ customers transitioning to digital banking.

The Core Problem

Existing KBZ customers already have verified bank accounts and KYC records. However, activating digital banking required users to:

Key issues included:

  • Re-enter personal details
  • Repeat identity verification steps
  • Navigate unclear system differences between KBZPay and digital banking
  • Visit branches for failed attempts

This created:

  • Redundant KYC submission
  • Drop-offs during OTP verification
  • Increased branch dependency
  • User confusion between login systems
  • Trust concerns around phishing and fake portals

The core design challenge:

How might we build a secure authentication system that reduces friction without compromising banking-level security?

Design Principles

To guide decisions, I established four core principles:

1. Reuse Verified Data

Avoid unnecessary re-entry of KYC information already stored in the banking system.

2. Visible but Calm Security

Make security steps clear and reassuring without overwhelming users.

3. Progressive Verification

Only request additional verification when risk level increases.

4. Transparent Failure Handling

Explain rejection reasons clearly and provide recovery paths.

Authentication Architecture

The system was designed around three core components:

1. Identity Recognition Layer

  • Account number / NRC / Phone matching
  • Existing customer database validation
  • Auto-prefill of stored information

2. Multi-Factor Verification

  • OTP confirmation
  • Secure password setup
  • Device binding

3. Access Control & Session Security

  • Role-based access
  • Session timeout management
  • Secure login retry limits

This ensured compliance with security standards while optimizing user flow.

Key Flow 1: Existing Customer Registration

Objective: Allow verified bank customers to activate digital access without repeating full KYC.

Improvements:
• Auto-filled customer data
• Clear progress indicator
• Reduced activation screens
• Inline error validation

Impact:
• Reduced redundant data entry
• Shortened activation journey
• Lowered cognitive load

____________________

Key Flow 2: Handling Fragmented Customer Records

Some users had inconsistent phone or KYC records across systems.

Solution:
• Real-time validation feedback
• Clear system mismatch explanations
• Guided next-step resolution
• Escalation to branch only when necessary

This prevented silent failures and increased transparency.

Key Flow 3: Mobile Banking Linking

To avoid confusion between KBZPay and digital banking:
• Clarified system differences
• Unified account visibility
• Clear login hierarchy
• Cross-platform consistency

This reduced misdirected login attempts.

____________________

Key Flow 4: Secure Login & Recovery

Designed:
• Clear password rules
• Visible OTP status feedback
• Secure reset flow
• Account lock prevention guidance

Security was enforced without creating intimidation.

____________________

Risk & Edge Case Considerations


• Multiple failed OTP attempts
• Expired session handling
• Phishing awareness messaging
• Partial onboarding abandonment
• Device switching scenarios

By mapping these cases early, system resilience improved significantly.

My Role

I designed the end-to-end identity verification and flow routing experience across both mobile and web platforms.

My responsibilities included:

• End-to-end authentication flow design
• User journey mapping
• Error state and edge case definition
• Security-usability tradeoff analysis
• Cross-team collaboration with engineering

I worked closely with technical stakeholders to ensure alignment between UX intent and system constraints.

____________________

Outcome

The Self-Service Banking Portal successfully handled customer identity across multiple fintech products and legacy systems. By introducing NRC-based verification at the start of the journey and routing existing customers through mobile banking authentication, the platform prevented duplicate customer records and protected KYC integrity.

The solution reduced operational risk, aligned with compliance requirements, and created a scalable foundation for future digital onboarding and self-service features. The platform is live and actively used across both mobile and web.

Live project: Self-service Banking Portal