As I started this project, my roommate Yudie, a 19 years old college student, recently has been going through a hard time in her life. Her credit card got stolen for $250. She didn’t get notified the moment it happened, and found out when she ran out of money.
“There’s nothing I could do to prevent this, or in the future.” She said.
Witnessing her experience made me wonder, is this just a random, single, unfortunate case, or is this a common problem?
It turned out to be the latter.
In 2024 alone, 1 in 10 American adults were scammed.
Context
The market is growing, but adoption is not
Identity protection is already a multi-billion-dollar market. It took only four years to double from $5B to $10B, and it continues to grow every year. However, while reading market reports, I noticed a strange pattern - There are many products meant to keep people's money safe, yet their adoption is surprisingly low. In 2024, 1 in 10 American adults experienced fraud, yet only 14% subscribe to fraud protection services, even though over 80% report concern about being scammed.
Social Media Survey
Low adoption is a pattern
I conducted a social media survey to further test adoption rates, and it got 107 participants on Reddit and RedNote. The results validated our sources even more. Most people rely on banks and digital wallets. Almost no one mentioned third-party fraud protection services, which really confirmed what we were seeing in our earlier research.
Fraud is increasing—so why aren’t consumers using protection tools?
My assumption: Existing solutions are failing to meet real user needs.
Most existing B2C tools are not user-friendly
Most existing B2C fraud protection tools focus on detecting identity leaks, taking over payment processes, or monitoring credit scores. But they often require learning curves and constant attention, which creates friction for everyday users.
Why aren't banks improving their safety?
Surveys cited by U.S. PIRG show that many consumers don't take even the simplest protective actions, because they assume their bank will handle everything. So even though people worry about fraud, they still rely almost entirely on their banks. However, this is where the problem lies. Even though users expect that banks will take care of their money, this is not how banks work.
Understanding the Breakdown
Now I understood the current market had failed at protecting consumers. To get a better sense of how they failed, and what the users actually need, I interviewed 7 people who had experience struggling with being scammed. I asked about the before, during, and after of their experience to see what specifically went wrong and where our design could improve.
Affinity Diagram
Interview Insights
Most people found out about the scam themselves. The bank didn't alert them on time. And That caused a longer and more painful recovery
Even after experiencing a scam, they still felt left in the dark and didn't know what to do next time.
Validated the previous research: People rely on their banks instead of third-party apps.
3 Major Gaps explain the low adoption rate
Concept Testing
Validating the System Before Building It
Before refining the final product, we tested both the browser extension and mobile app using a rapid prototype built with Lovable. We conducted concept testing with 9 participants to evaluate our solution. Participants shared feedback on usefulness, trust, clarity, and privacy comfort.
The goal was simple:Would users actually adopt this system if it respected their time and privacy?
What Succeeded?
Trustworthiness: 4.67 / 5
Usefulness: 4.33 / 5
Real-time protection was seen as essential
Privacy and safety measures were recognized.
Users valued the two-sided system
Our core concept effectively addressed the gaps
What Needed Refinement?
Non-Intrusiveness: 3.9 / 5
Visual Clarity:3.9 / 5
The UI needed to look more trustworthy and clear, and the two products needed to appear more connected.Alerts felt intrusive and needed softer behavior.
The high-risk page UI felt too alarming and could cause stress and friction.
Iterations
Deliver
Two-Sided Protection System
A browser extension built for pre-transaction.
Shows if a site is risky before checkout. Users get a clear risk score. No sign-up needed. Data stays private.
A mobile app built for post-transaction.
Monitors transactions 24/7, and alerts users immediately after suspicious activity.
Takeaways
Being obsessed with the problem
During the whole research and discovery process, we weren't thinking about any solutions, instead, we only focused on the problems. This really helped me avoid confirmation bias and remember I'm not just designing for myself. After rounds and rounds of market research and user research, every time I had a different understanding of the market and the users, and eventually was able to find the core patterns and actual pain points. When I started thinking about solutions, I was very confident about my understanding of the context and felt prepared to design with intention.
Communication, always assume the best intention
To be honest, everyone in my team came from different backgrounds and had different workflows. At the beginning of the project, we had some difficulties adjusting to each other's expectations of the work. So I suggested we write down what we appreciate about the team and things we wanted to improve.
And after that, our communication and work quality got significantly improved. Being transparent really helped, and I want to acknowledge everyone in my group put a lot of effort into understanding and helping each other out. I really learned that it's okay to have conflicts or differences—as long as we communicate with good intention, we'll figure it out. And honestly, it makes the team tighter.
