Securing HMRC services without locking users out

Overview

HMRC needed to increase security around accessing its services. Fraudsters could infiltrate the tax return system. In one year, there were around 17,000 attempts to make fraudulent or incorrect tax repayment claims worth nearly £100m.

It was crucial to increase security for HMRC and to protect users’ data. The challenge was to do this without creating barriers to using services. More than 9m taxpayers would need to file online tax returns before the deadline.

UX design lead, responsible for:

• Ideation and concept creation
• User journey and task flows
• Screen and interaction design
• Prototyping
• Stakeholder engagement
• UX planning and prioritisation

Design challenge

Design solutions had to consider the legacy Government Gateway account service and provide increased security for HMRC and its users. Users needed to feel they could trust HMRC with their data, without facing unnecessary barriers to accessing services.

Two layers of security were to be employed:

• Two-factor authentication: a text message is sent to the user’s registered phone number
• Identity verification: knowledge-based questions are asked to achieve a level of confidence the users are who they claim to be

Screen flow

The new layers of security had to work seamlessly with multiple HMRC services. This was crucial for service owners and their users.

This was a very technical project, and clear communication with stakeholders and the development team was crucial. The Securing our Services screen flow gave stakeholders and developers a clear understanding of the integration. This was created as a poster and used as a reference point across teams and services.

Two-factor authentication

A user arriving at HMRC Government Gateway to access a secure service requires initialisation of two-factor authentication.

Key design principles applied were:

• Clear language, no technical jargon. ‘Access code’ rather than ‘Two-factor authentication code’
• Explain the benefit to the user
• Set expectations about what will happen next
• Provide alternative routes, e.g. if user doesn’t have a mobile phone

Identity verification

The questions asked needed to use data available from HMRC and other government department sources.

Questions had to balance ease to answer with security. Some questions could be answered from memory, which was more convenient for users. They didn’t have to locate documents or sign into other online accounts to retrieve the information.

Users are given options for the types of questions, e.g. their UK passport and bank account. This helped reduce the time to answer and increase success rates without compromising security.

HTML prototypes were tested to refine the flow and questions asked. This gave a level of confidence to release designs into live. From there, a daily review of analytics and design refinements helped incrementally improve the success rates of the service.

Voice biometrics

The success of the online identification process led to it being proposed for an automated telephony service.

Discovery research was conducted to investigate users’ attitudes to automated voice recognition and their ability to answer identification questions over the phone.

To facilitate this, a telephone identification flow and script were designed. A prototype was then created for testing in usability labs.

Key findings:

• Users zoned out if the automated voice spoke for too long
• Users were accepting of the automated voice if it was clear and the tone was friendly e.g. ‘thanks’ and ‘let’s get started’
• More secure questions tended to be those users couldn’t recall answers from memory. This required more time to answer a question so users could retrieve the information
• The majority of users were successful and completed registration in around 4 minutes

The discovery findings led to design iteration and gave the wider team confidence to pursue this into development.