Progressive Identity Verification for Retail Banking
Designing a trust-first fintech onboarding flow with clearer consent, smoother fallbacks, and lower verification friction.
TIMELINE
6 weeks
ROLE
Product Designer
UX Researcher
PROJECT TYPE
Concept case study
SCOPE
Mobile onboarding
flow for retail banking
OVERVIEW
This concept explores a more progressive approach to identity verification for a Canadian retail bank mobile app. Instead of sending every applicant through the same document-first flow, the experience starts with the least intrusive lawful verification path available, then steps up only when mismatch, product risk, or fraud signals require stronger proof. The goal was to design a verification experience that better balances compliance, privacy, accessibility, and completion by treating identity proofing as a risk-based product flow rather than a single fixed gate.
THE CHALLENGE
Fintech onboarding often creates friction at the exact moment users are asked to provide their most sensitive information. A document-first verification flow can feel invasive, increase drop-off, and create accessibility issues, while a flow that is too light can increase fraud risk and downstream review costs.
This project explored how a retail bank could design a more progressive identity verification experience: starting with lower-friction lawful methods first, then stepping up to document and biometric checks only when risk, mismatch, or product context required it.
How might we reduce verification friction for legitimate users without weakening trust or compliance?
How might we explain why sensitive information is needed at the exact moment users are asked for it?
How might we design better fallback and recovery paths for users who cannot complete verification on the first try?
STATUS QUO
Most digital identity flows still treat verification as a one-size-fits-all step. Users are often asked to upload a government ID and selfie immediately, even when lower-friction methods could establish enough confidence first. This creates unnecessary friction, increases abandonment risk, and can exclude users with limited credit history, accessibility needs, or camera-related constraints. For this concept, I reframed identity verification not as a single checkpoint, but as a progressive, risk-based flow that adapts to the user’s context and only asks for stronger proof when needed.
PROCESS
- Framing the problem
I began by reframing the design challenge away from “how do we get everyone to upload ID?” and toward a more product-centered question: how might we right-size identity verification to user risk, evidence strength, and context? This helped shift the concept from a blanket document-first flow to a more adaptive system.
Key Problems
→ Over-collects biometric data from low-risk users
→ Camera failures cause hard, unrecoverable drop-off
→ Thin-file and newcomer users get false rejects
→ No explanation of why each piece of data is needed
→ Biometric images retained by default, not deleted
→ Accessibility barriers with no alternative path
Key Improvements
→ Most low-risk users verified without any document capture
→ Biometrics collected only when risk level justifies it
→ Thin-file / newcomer users routed to doc step-up, not rejected
→ Just-in-time purpose language meets PIPEDA requirements
→ Deletion notice attached directly to capture step (EQ Bank model)
→ Assisted channel / branch fallback for accessibility needs
- Researching trust, risk, and fallback patterns
I reviewed Canadian identity verification requirements, privacy expectations, and public competitor flows to understand how leading financial products balance trust, compliance, and ease of use. I focused especially on where existing solutions created friction, how they explained sensitive steps, and what fallback paths they offered when automated verification failed.
- Designing a progressive verification model
From there, I mapped a three-lane system: a low-risk path for users who could be verified through lightweight checks, a step-up path for users who required document and selfie verification, and a high-risk path for manual review or assisted verification. This created a clearer balance between conversion, privacy, and fraud prevention.
- Focusing on clarity, recovery, and accessibility
The final design work focused on making each step easier to understand and complete. I prioritized just-in-time explanations, actionable failure states, visible progress, and inclusive alternatives for users who were thin-file, camera-constrained, or using assistive technology.
FINAL RESULT
The final concept was a progressive identity verification flow designed to reduce unnecessary friction while still supporting trust, auditability, and recovery. Instead of sending every user through the same highest-friction path, the experience adapts based on evidence strength and risk context.
Lightweight verification first
For low-risk users, the flow starts with the least intrusive lawful verification path available. This reduces unnecessary document capture and makes onboarding feel faster, more proportional and more trustworthy. Rather than assuming every user should upload ID immediately, the experience begins with lighter checks where those are sufficient.
Clearer step-up when needed
When additional proof is required, the experience clearly explains why the user is being asked for more. Step-up verification introduces document capture, selfie/liveness, and guided review only when earlier checks are insufficient, helping users understand that the flow is adapting rather than arbitrarily becoming more demanding.
Recovery and fallback by design
Failure states were treated as part of the product, not edge cases. Instead of a generic rejection, the flow gives users clear next actions: retry with guidance, switch devices, continue later, or move to assisted verification. This makes the overall experience more resilient and less likely to collapse at the first mismatch.
Inclusive and privacy-aware by default
The concept also emphasized accessibility and data minimization. The flow avoids unnecessary collection where lighter checks are sufficient, provides alternative paths for constrained users, and uses clearer purpose, retention, and next-step messaging to build trust during sensitive moments.
IMPACT
This concept demonstrates how a progressive identity verification model could improve onboarding quality without relying on blanket document capture for every user. By starting with lower-friction methods first and escalating only when necessary, the flow is designed to improve completion for legitimate applicants while preserving stronger controls for higher-risk cases.
Because this is a concept case study, impact is framed through the KPIs I would use to evaluate the flow in a pilot banking environment.
01
Verified account completion
Measures the percentage of legitimate applicants who start onboarding and successfully reach a verified account.
02
Low-friction verification rate
Measures how many eligible applicants can be verified through lower-friction methods before being asked for photo ID or selfie capture.
03
Time to verification decision
Measures how long it takes a user to receive an approval, review status, or clear next step.
04
Verification recovery success
Measures how often users recover from failed verification, mismatched information, upload issues, or camera problems without restarting the application.
05
Risk and inclusion guardrail
Measures whether the flow improves completion without increasing confirmed fraud, false approvals, manual review burden, or accessibility-related drop-off.
LEARNINGS
This project reinforced that trust-sensitive onboarding is not just about compliance or reducing fraud. It is also about pacing, explanation, and proportionality. The strongest concept was not the one that collected the most information upfront, but the one that asked for the right proof at the right moment. It also highlighted how important fallback and accessibility are in verification design. A flow like this only works if failure states, alternative paths, and recovery options are treated as core parts of the experience rather than edge cases.
Wanna see more?
I know you wanna see more of the edge cases, trust-building moments, and tiny UX decisions that make identity verification feel less intimidating. I’m happy to chat more about how I approached security, clarity, and user confidence in this banking flow. Reach out to me at bravomasnadia@gmail.com!
DESIGNED AND CODED BY
Nadia Bravo Mas
All rights reserved © 2026
Progressive Identity Verification for Retail Banking
Designing a trust-first fintech onboarding flow with clearer consent, smoother fallbacks, and lower verification friction.
TIMELINE
6 weeks
ROLE
Product Designer
UX Researcher
PROJECT TYPE
Concept case study
SCOPE
Mobile onboarding
flow for retail banking
OVERVIEW
This concept explores a more progressive approach to identity verification for a Canadian retail bank mobile app. Instead of sending every applicant through the same document-first flow, the experience starts with the least intrusive lawful verification path available, then steps up only when mismatch, product risk, or fraud signals require stronger proof. The goal was to design a verification experience that better balances compliance, privacy, accessibility, and completion by treating identity proofing as a risk-based product flow rather than a single fixed gate.
THE CHALLENGE
Fintech onboarding often creates friction at the exact moment users are asked to provide their most sensitive information. A document-first verification flow can feel invasive, increase drop-off, and create accessibility issues, while a flow that is too light can increase fraud risk and downstream review costs.
This project explored how a retail bank could design a more progressive identity verification experience: starting with lower-friction lawful methods first, then stepping up to document and biometric checks only when risk, mismatch, or product context required it.
How might we reduce verification friction for legitimate users without weakening trust or compliance?
How might we explain why sensitive information is needed at the exact moment users are asked for it?
How might we design better fallback and recovery paths for users who cannot complete verification on the first try?
STATUS QUO
Most digital identity flows still treat verification as a one-size-fits-all step. Users are often asked to upload a government ID and selfie immediately, even when lower-friction methods could establish enough confidence first. This creates unnecessary friction, increases abandonment risk, and can exclude users with limited credit history, accessibility needs, or camera-related constraints. For this concept, I reframed identity verification not as a single checkpoint, but as a progressive, risk-based flow that adapts to the user’s context and only asks for stronger proof when needed.
PROCESS
- Framing the problem
I began by reframing the design challenge away from “how do we get everyone to upload ID?” and toward a more product-centered question: how might we right-size identity verification to user risk, evidence strength, and context? This helped shift the concept from a blanket document-first flow to a more adaptive system.
Key Problems
→ Over-collects biometric data from low-risk users
→ Camera failures cause hard, unrecoverable drop-off
→ Thin-file and newcomer users get false rejects
→ No explanation of why each piece of data is needed
→ Biometric images retained by default, not deleted
→ Accessibility barriers with no alternative path
Key Improvements
→ Most low-risk users verified without any document capture
→ Biometrics collected only when risk level justifies it
→ Thin-file / newcomer users routed to doc step-up, not rejected
→ Just-in-time purpose language meets PIPEDA requirements
→ Deletion notice attached directly to capture step (EQ Bank model)
→ Assisted channel / branch fallback for accessibility needs
- Researching trust, risk, and fallback patterns
I reviewed Canadian identity verification requirements, privacy expectations, and public competitor flows to understand how leading financial products balance trust, compliance, and ease of use. I focused especially on where existing solutions created friction, how they explained sensitive steps, and what fallback paths they offered when automated verification failed.
- Designing a progressive verification model
From there, I mapped a three-lane system: a low-risk path for users who could be verified through lightweight checks, a step-up path for users who required document and selfie verification, and a high-risk path for manual review or assisted verification. This created a clearer balance between conversion, privacy, and fraud prevention.
- Focusing on clarity, recovery, and accessibility
The final design work focused on making each step easier to understand and complete. I prioritized just-in-time explanations, actionable failure states, visible progress, and inclusive alternatives for users who were thin-file, camera-constrained, or using assistive technology.
FINAL RESULT
The final concept was a progressive identity verification flow designed to reduce unnecessary friction while still supporting trust, auditability, and recovery. Instead of sending every user through the same highest-friction path, the experience adapts based on evidence strength and risk context.
Lightweight verification first
For low-risk users, the flow starts with the least intrusive lawful verification path available. This reduces unnecessary document capture and makes onboarding feel faster, more proportional and more trustworthy. Rather than assuming every user should upload ID immediately, the experience begins with lighter checks where those are sufficient.
Clearer step-up when needed
When additional proof is required, the experience clearly explains why the user is being asked for more. Step-up verification introduces document capture, selfie/liveness, and guided review only when earlier checks are insufficient, helping users understand that the flow is adapting rather than arbitrarily becoming more demanding.
Recovery and fallback by design
Failure states were treated as part of the product, not edge cases. Instead of a generic rejection, the flow gives users clear next actions: retry with guidance, switch devices, continue later, or move to assisted verification. This makes the overall experience more resilient and less likely to collapse at the first mismatch.
Inclusive and privacy-aware by default
The concept also emphasized accessibility and data minimization. The flow avoids unnecessary collection where lighter checks are sufficient, provides alternative paths for constrained users, and uses clearer purpose, retention, and next-step messaging to build trust during sensitive moments.
IMPACT
This concept demonstrates how a progressive identity verification model could improve onboarding quality without relying on blanket document capture for every user. By starting with lower-friction methods first and escalating only when necessary, the flow is designed to improve completion for legitimate applicants while preserving stronger controls for higher-risk cases.
Because this is a concept case study, impact is framed through the KPIs I would use to evaluate the flow in a pilot banking environment.
01
Verified account completion
Measures the percentage of legitimate applicants who start onboarding and successfully reach a verified account.
02
Low-friction verification rate
Measures how many eligible applicants can be verified through lower-friction methods before being asked for photo ID or selfie capture.
03
Time to verification decision
Measures how long it takes a user to receive an approval, review status, or clear next step.
04
Verification recovery success
Measures how often users recover from failed verification, mismatched information, upload issues, or camera problems without restarting the application.
05
Risk and inclusion guardrail
Measures whether the flow improves completion without increasing confirmed fraud, false approvals, manual review burden, or accessibility-related drop-off.
LEARNINGS
This project reinforced that trust-sensitive onboarding is not just about compliance or reducing fraud. It is also about pacing, explanation, and proportionality. The strongest concept was not the one that collected the most information upfront, but the one that asked for the right proof at the right moment. It also highlighted how important fallback and accessibility are in verification design. A flow like this only works if failure states, alternative paths, and recovery options are treated as core parts of the experience rather than edge cases.
Wanna see more?
I know you wanna see more of the edge cases, trust-building moments, and tiny UX decisions that make identity verification feel less intimidating. I’m happy to chat more about how I approached security, clarity, and user confidence in this banking flow. Reach out to me at bravomasnadia@gmail.com!
DESIGNED AND CODED BY
CONTACT
Nadia Bravo Mas
Let’s build something together!
All rights reserved © 2026
Progressive Identity Verification for Retail Banking
Designing a trust-first fintech onboarding flow with clearer consent, smoother fallbacks, and lower verification friction.
TIMELINE
6 weeks
ROLE
Product Designer
UX Researcher
PROJECT TYPE
Concept case study
SCOPE
Mobile onboarding flow
for retail banking
OVERVIEW
This concept explores a more progressive approach to identity verification for a Canadian retail bank mobile app. Instead of sending every applicant through the same document-first flow, the experience starts with the least intrusive lawful verification path available, then steps up only when mismatch, product risk, or fraud signals require stronger proof. The goal was to design a verification experience that better balances compliance, privacy, accessibility, and completion by treating identity proofing as a risk-based product flow rather than a single fixed gate.
THE CHALLENGE
Fintech onboarding often creates friction at the exact moment users are asked to provide their most sensitive information. A document-first verification flow can feel invasive, increase drop-off, and create accessibility issues, while a flow that is too light can increase fraud risk and downstream review costs.
This project explored how a retail bank could design a more progressive identity verification experience: starting with lower-friction lawful methods first, then stepping up to document and biometric checks only when risk, mismatch, or product context required it.
How might we reduce verification friction for legitimate users without weakening trust or compliance?
How might we explain why sensitive information is needed at the exact moment users are asked for it?
How might we design better fallback and recovery paths for users who cannot complete verification on the first try?
STATUS QUO
Most digital identity flows still treat verification as a one-size-fits-all step. Users are often asked to upload a government ID and selfie immediately, even when lower-friction methods could establish enough confidence first. This creates unnecessary friction, increases abandonment risk, and can exclude users with limited credit history, accessibility needs, or camera-related constraints. For this concept, I reframed identity verification not as a single checkpoint, but as a progressive, risk-based flow that adapts to the user’s context and only asks for stronger proof when needed.
PROCESS
- Framing the problem
I began by reframing the design challenge away from “how do we get everyone to upload ID?” and toward a more product-centered question: how might we right-size identity verification to user risk, evidence strength, and context? This helped shift the concept from a blanket document-first flow to a more adaptive system.
Key Problems
→ Over-collects biometric data from low-risk users
→ Camera failures cause hard, unrecoverable drop-off
→ Thin-file and newcomer users get false rejects
→ No explanation of why each piece of data is needed
→ Biometric images retained by default, not deleted
→ Accessibility barriers with no alternative path
Key Improvements
→ Most low-risk users verified without any document capture
→ Biometrics collected only when risk level justifies it
→ Thin-file / newcomer users routed to doc step-up, not rejected
→ Just-in-time purpose language meets PIPEDA requirements
→ Deletion notice attached directly to capture step (EQ Bank model)
→ Assisted channel / branch fallback for accessibility needs
- Researching trust, risk, and fallback patterns
I reviewed Canadian identity verification requirements, privacy expectations, and public competitor flows to understand how leading financial products balance trust, compliance, and ease of use. I focused especially on where existing solutions created friction, how they explained sensitive steps, and what fallback paths they offered when automated verification failed.
- Designing a progressive verification model
From there, I mapped a three-lane system: a low-risk path for users who could be verified through lightweight checks, a step-up path for users who required document and selfie verification, and a high-risk path for manual review or assisted verification. This created a clearer balance between conversion, privacy, and fraud prevention.
- Focusing on clarity, recovery, and accessibility
The final design work focused on making each step easier to understand and complete. I prioritized just-in-time explanations, actionable failure states, visible progress, and inclusive alternatives for users who were thin-file, camera-constrained, or using assistive technology.
FINAL RESULT
The final concept was a progressive identity verification flow designed to reduce unnecessary friction while still supporting trust, auditability, and recovery. Instead of sending every user through the same highest-friction path, the experience adapts based on evidence strength and risk context.
Lightweight verification first
For low-risk users, the flow starts with the least intrusive lawful verification path available. This reduces unnecessary document capture and makes onboarding feel faster, more proportional and more trustworthy. Rather than assuming every user should upload ID immediately, the experience begins with lighter checks where those are sufficient.
Clearer step-up when needed
When additional proof is required, the experience clearly explains why the user is being asked for more. Step-up verification introduces document capture, selfie/liveness, and guided review only when earlier checks are insufficient, helping users understand that the flow is adapting rather than arbitrarily becoming more demanding.
Recovery and fallback by design
Failure states were treated as part of the product, not edge cases. Instead of a generic rejection, the flow gives users clear next actions: retry with guidance, switch devices, continue later, or move to assisted verification. This makes the overall experience more resilient and less likely to collapse at the first mismatch.
Inclusive and privacy-aware by default
The concept also emphasized accessibility and data minimization. The flow avoids unnecessary collection where lighter checks are sufficient, provides alternative paths for constrained users, and uses clearer purpose, retention, and next-step messaging to build trust during sensitive moments.
IMPACT
This concept demonstrates how a progressive identity verification model could improve onboarding quality without relying on blanket document capture for every user. By starting with lower-friction methods first and escalating only when necessary, the flow is designed to improve completion for legitimate applicants while preserving stronger controls for higher-risk cases.
Because this is a concept case study, impact is framed through the KPIs I would use to evaluate the flow in a pilot banking environment.
01
Verified account completion
Measures the percentage of legitimate applicants who start onboarding and successfully reach a verified account.
02
Low-friction verification rate
Measures how many eligible applicants can be verified through lower-friction methods before being asked for photo ID or selfie capture.
03
Time to verification decision
Measures how long it takes a user to receive an approval, review status, or clear next step.
04
Verification recovery success
Measures how often users recover from failed verification, mismatched information, upload issues, or camera problems without restarting the application.
05
Risk and inclusion guardrail
Measures whether the flow improves completion without increasing confirmed fraud, false approvals, manual review burden, or accessibility-related drop-off.
LEARNINGS
This project reinforced that trust-sensitive onboarding is not just about compliance or reducing fraud. It is also about pacing, explanation, and proportionality. The strongest concept was not the one that collected the most information upfront, but the one that asked for the right proof at the right moment. It also highlighted how important fallback and accessibility are in verification design. A flow like this only works if failure states, alternative paths, and recovery options are treated as core parts of the experience rather than edge cases.
Wanna see more?
I know you wanna see more of the edge cases, trust-building moments, and tiny UX decisions that make identity verification feel less intimidating. I’m happy to chat more about how I approached security, clarity, and user confidence in this banking flow. Reach out to me at bravomasnadia@gmail.com!
DESIGNED AND CODED BY
CONTACT
Nadia Bravo Mas
Let’s build something together!
All rights reserved © 2026