It’s not an easy task in an enterprise organization to convince security and legal teams to make user centric decisions. I’d like to talk about a recent experience regarding this specific situation. We are currently moving towards a very large CCI (Critical Change Initiative) and one small part of this was to streamline and improve the current registration process experience. I was heavily involved in this project but there is one particular part of the project I’d like to elaborate on.
Let's rewind back to September of last year where the team and I were working with business and legal executives to flush out the requirements for the new registration process. I couldn’t help but notice that the requirements stated that we would be using ‘General’ and ‘Sensitive’ for email addresses. General being the primary email address that you would use for login and sensitive being the equivalent of secondary or additional email address which would be used for financial transaction updates. I remember asking who was responsible for making this decision and the reply I received was ‘Security and Legal executives’.
I immediately knew this was going to be a difficult task to accomplish but I felt strongly that 'General' and 'Sensitive' was the wrong terminology for such common field literals. Yes, it may sound like a small thing to worry about, but it could have a big impact on the experience; especially when our customers have to sign up and provide personal information.
During the workshop, I asked if the security team would entertain the idea of our team doing some research on this. I was immediately hit with some resistance but after some back and forth discussions we came to an agreement that I would have a week to provide some evidence that would corroborate my notion that 'general' and 'sensitive' was not the best approach.
I did not have a great deal of time due to other project commitments, but I knew I had to put out a survey of sorts. I began to ask around; seeing what people thought of general and sensitive emails and if they could relate to the terms used on a financial site. I was left with a number of confused people and still many unanswered questions.
I initially looked around a number of websites and applications that I had accounts for. I also opened new accounts and it seemed that there were roughly 3 types of naming conventions for your main email address. These were main, primary, and personal. This ultimately led me to the first question I would ask in the survey. I then took the same approach and looked at how companies dealt with the terminology for a secondary email addresses. These were - Back up, Alternate, Secondary, Sensitive, Other, Transactional, Security and Special. I had never heard of a special email address used as secondary but it was a request from another internal employee so I added it for good measure.
Now that I felt I had all the naming conventions, I started exploring how I was going to answer the questions in the survey but after a few attempts I felt I had the questions set up in such a way that we would get some good insight into how people felt about the naming conventions of the email address.
Q1: Which of the following words would you associate with the email address you use most often?
- Main
- General
- Primary
- Personal
Q2: Which of the following words would associate with an additional email address?
- Back up
- Alternative
- Secondary
- Sensitive
- Other
Also, at this point I wasn’t sure how I was going to get the survey out quick enough to get results by the end of the week. My worries soon diminished when I discovered Survey Monkey. This is an extremely efficient survey tool that not only provides a number of different ways to execute online surveys, but for a price, you can let SM find people for you to take the survey and even set the demographics if need be. Another nice touch is once you have results you can download a well crafted PDF with all the data and evidence you need to present to the stakeholders and security/legal teams. And like my good friend and mentor, Jose Ramirez said, “we live and die by the evidence” I couldn’t agree more.
So after a day or two waiting anxiously the results were in and my thoughts were pretty much validated.
As you can see the results from the first question clearly state that users felt more of a connection to Primary and Personal. And that general only got 5.81% of the overall 534 responses. From this, I felt I had enough evidence to take to security, legal, and the stakeholders to at least influence a decision on making the change.
However..
I presented my findings to the teams involved and though the majority agreed that question one was good information, it was apparent that I was a little too vague in question 2 and that I would need to add more context to the question to get more accurate results. At this point I wasn’t going to fight my case as I felt I already gained some traction on question one and I tried to convince myself that I could somehow persuade them to agree on question 2. Back to the drawing board.
I spent some time trying to rewrite the question and was constantly getting feedback from our researcher to make sure the question was easy to understand and that it was detailed enough to make the teams happy with whatever the results were. Here is what we came up with:
Q2: You are an existing customer within a financial company and you are fill out a registration form on a website to access your account. You have the option to add an additional email address to your account that will be used for financial confirmations and electronic delivery documents. Which of the following words would you associate with the additional email address?
Yes, it was a little long but we felt it got the idea across. I then put this in front of the teams to get approved to save more back and forth discussions and to finally get something positive out of this.
I then executed the survey to another 500 users and again, a very similar result the the previous version. I had a feeling this could be a big win for our customers and the UX team. Here is the results based on 534 participants. We had now put this in front of of 1000 people.
As you can see from this chart, secondary and alternative came out on top with sensitive receiving the lowest result. It was surprising to see that even special received more responses.
We presented the evidence once more and I was happy to say that our efforts paid off. It was agreed across the organization that we would use primary and secondary for email.
This was a good example of a small win that gave the UX team visibility. It also showed that we had somewhat of an influence over the security and legal teams in regards to making key decisions that improve the users experience by creating less confusion and having familiarity with email terms when signing up with the company.
Feel free to download the key findings from the links below. You never know, it may come in handy one day.