Review: Personal mobile banking third-party login

Editor's Guide: In order to improve customer experience and attract customers, Personal Mobile Banking has added a third-party login function. So what issues do you need to pay attention to when adding third-party login features? What are the specific steps? The author of this article reviewed the increase of third-party login functions, combined with specific cases to share the third-party login function of the same industry research, product design, research and development testing and on-line and other processes, let's take a look.

First, the background of functional requirements

The login function of the individual bank is getting better and better, and at the same time, it actively cooperates with third parties to provide more registration and login methods. In addition to providing account number + password, reserved mobile phone number + password and fingerprint login, etc., the personal bank login function of many banks also cooperates with applications with strong third-party payment attributes (such as WeChat and Alipay) to provide third-party login personal mobile banking services.

At the beginning of March 2021, in order to reduce the threshold for the use of individual silver, a third-party login function was added. Through third-party login, customer acquisition and diversion are carried out, allowing customers to view financial information and investment and wealth management product information. Subsequently, it provides one-click card binding services, binding bank cards to Platforms such as WeChat and Alipay, and is applicable to personal mobile banking clients (including iPhone and Android).

2. Current results

At the end of August 2021, the third-party login function of the individual silver has been launched, and the data statistics are carried out through the third-party login process operation, and the number of monthly active users and customer acquisition data of the third-party login need to be updated.

Now the requirements of banks for personal bank cards are also becoming more and more stringent, because account opening requires proof of employment, proof of residence, consumption records, etc., or customers to provide information such as ID cards for the company to handle uniformly. There is still a distance from customer acquisition to conversion into new account users, and statistics are also difficult. At present, the author is no longer in a silver project, nor has he followed up on the function.

Third, demand research

1. Third Party Login

The so-called third-party login is the function of the user to quickly log in or register through authorization, based on the user's existing account number and password of the third-party platform.

Third-party platforms are generally platforms that already have a large number of users. Products such as WeChat and Alipay, which are more used by the people and have a wide range of user coverage, can be used as third-party platforms for other products.

According to forward-looking research data, as of December 2020, the active penetration rate of WeChat and Alipay in the mainland App activity ranking is 86.9% and 56.9%, respectively. According to the 2019 Q3 data of Aiduan Statistics, China's third-party mobile payment market still maintains a relatively concentrated market share, and alipay and Tenpay in the first echelon occupy 54.5% and 39.5% of the market share respectively, ranking first and second.

2. Target users

Analyze it according to "for whom (target users), what kind of services (business processes) are provided, and what kind of target value (business indicators) are helped to achieve" to be analyzed.

The target users are personal mobile banking customers (including advanced customers and ordinary customers), and personal mobile banking potential customers (mainly first-tier city populations).

3. Peer analysis

A survey of the third-party login and registration methods of nine mainstream personal banking APPS in the market:

Source: Interbank Personal Banking APP data in March 2021

Many interbank personal mobile banking has added third-party login and registration methods to the original login and registration methods, interbank personal mobile banking chooses WeChat with strong social attributes and third-party payment licenses, followed by Alipay, which also has third-party payment licenses.

The increase in third-party logins in interbank personal mobile banking has become a trend, and the reasons for this:

Determined by the strategic planning, product attributes and business model of interbank banks, personal mobile banking with high security requirements, strong privacy and relatively personalized personality has established a user system that can be monitored by itself. In addition, third-party logins will also be provided, one is to simplify the login process, improve user experience and conversion, and the other is to use third-party platforms and users' authorization to obtain users' information and relationship chains.

WeChat, a social application with a large number of preferred users and a high number of monthly active users and a third-party payment license, is accessed as a third-party login, followed by Alipay, which also has a third-party payment license, which has more than 1 billion users.

According to the statistical results of Aurora Big Data, in March 2019, the number of monthly active users (MAUs) of WeChat was nearly 1 billion, and the average number of daily active users (DAU) was 652 million. On January 9, 2020, Alipay officially announced that the number of Alipay users worldwide has exceeded 1 billion.

Relying on Ant Financial's strong ecological resources, Alipay has more than 800 million users in China, providing comprehensive financial services including payment, financial management, credit, insurance, etc., and providing more than 1 trillion yuan of credit loans for more than 8 million small and micro enterprises and individual entrepreneurs.

Fourth, product design

1. Business process grooming

Login through third-party authorization can simplify the login process and improve user experience, third-party login authorization mainly includes third-party account binding and third-party account unbinding, binding and unbinding to form a closed loop of third-party login function business process.

2. Third-party login binding process

Through the investigation of the third-party account login function of mainstream personal mobile banking, it was found that after the authorization of the third-party account was approved, such as ICBC, China Merchants, etc., users needed to bind their mobile phone numbers, and contracted customers also needed to bind/log in after password verification, bank card number binding, and face recognition.

1) Binding process for unsent login status

The binding flowchart for the unsent status is as follows:

When a user clicks on a third-party account on the login screen, it is necessary to determine whether the user's third-party account is bound.

If you are not bound, you will be redirected to the third-party account authorization page. After the user determines the authorization, the user is allowed to bind the mobile phone number, verify the code through sms, and judge whether it is a contracted customer according to the mobile phone number.

• Contracted customers: You can verify the identity by entering the login password and the registration card number withdrawal password, and the face recognition verification can be successfully bound/logged in after the verification is passed.
• Unsigned customers: You can register a new account, fill in the login password, SMS verification code and other information, through the SMS verification code verification, after successful registration can be bound successfully / login successfully.

Bound, there are two scenarios:

For the sake of personal bank security, for contracted customers, scenario 1: face recognition security verification is required to log in successfully, and for customers who have not signed up, scenario 2: direct login is successful.

• After binding WeChat, you can see a silver in the list of applications that have not expired in the weChat > settings > personal information and permissions > authorization management
• After you bind Alipay, you can set > privacy > authorization management > account authorization > Alipay authorized in the my > of Alipay

Interbank like ICBC provides the function and interface of binding management in my -settings-login management, and can also directly bind a third-party account if the user has logged in. The binding of the login state is not within the scope of our functional design this time, so it has not been planned and designed.

3. Third-party login and unbinding process

In the authorization management > authorization management of the Security Center >, you can unbind the third-party account that has been bound without security verification, and the binding is successfully unbinded, but the binding history will be left.

It should be noted here that it is necessary to turn off the WeChat/Alipay login function before the pass binding relationship will be lifted synchronously. Because WeChat/Alipay re-logins, the authorized application records data will be refreshed.

The third-party login unbinding flowchart is as follows:

4. Obtain third-party login authorization

To use third-party login in The Bank, you first need to obtain a third-party login authorization, and there will be detailed guidelines on the third-party open platform.

1) Third-party open platform

WeChat Open Platform: https://open.weixin.qq.com/

Alipay Open Platform: https://open.alipay.com/

2) Login application

1. Register and pass the open platform developer qualification certification, after registering the WeChat/Alipay open platform account, fill in the developer qualification certification application in the account center and wait for the certification to pass.
2. Create a mobile app by filling in information such as the name, profile, and icon of the mobile app, as well as download addresses for each platform. After creating an application and submitting an application, the WeChat/Alipay open platform will review it.
3. Access WeChat/Alipay login, consult mobile application development documents in the resource center/development guide, and develop access to WeChat/Alipay login functions, so that users can use WeChat/Alipay login.

3) Attention

• The application process may require relevant qualifications of the enterprise, such as legal identity card, business license, tax registration certificate, etc., which need to be prepared in advance.
• When you submit an application application, you need to submit application-related information (application name, description, icon, screenshot, authorization callback domain, and so on).
• It is recommended that you use the enterprise account to apply for a third-party open platform, do not use personal QQ, WeChat, Weibo and email to apply, to avoid the risk of account management and handover trouble after the applicant changes or leaves the job.
• The application for the open platform requires a review process, so at the beginning of the project, it is recommended to first apply for an open platform account and create an application, so as not to affect the development progress of the application time.

5. Business rule-making

Although the third-party account is a small function, in the design process, we have to combine the characteristics of the individual silver to determine the scheme and business process. According to the product characteristics, business processes and security policies to develop business rules, there are mainly the following aspects:

1. Security: When a customer uses a third-party login, for the sake of personal bank security considerations, the contracted customer needs to pass the security authentication (such as face recognition) to pass the verification before successfully logging in.
2. Permission setting: Because the customer binds the mobile phone number when authorizing through a third party, the use of functional permissions and mobile phone number contract mobile phone permissions are consistent, and the activation function, the use of security tool rules, and the transaction limit remain unchanged.
3. Ease of authorization operation interaction: The interface maintains the consistency of the design, reduces the operation load, reduces the operation steps as much as possible, and improves the user experience.

6. Functional design

The premise of product function design is to understand the nature of the business, abstract the product framework and business process through business requirements and business models, and visualize them into specific product functions.

When designing the third-party login function, it is necessary to consider the page layout and operation guidelines comprehensively.

In the design, there are three main points to pay attention to:

1. Security first
2. The page layout is concise and the guidelines are clear and concise
3. The operation is simple and efficient, and it meets the requirements for quick login

Fifth, the development and testing went online

During the development and testing phase of the third-party login function, due to limited development resources and very tight time. The development engineer first checks the unit function in front of the desk, completes the function development, and then the team leader walks through the code, and then arranges the tester to conduct relevant tests.

During this period, we need to strictly control the quality of the function, and if a bug is found, we need to communicate with the development engineer in time and let them modify it.

After the test is passed, we will go online and put it into trial operation according to the original plan, so that problems can be found in the real environment and modified in time.

The first batch of third-party login functions were opened in Shanghai, Guangdong, Jiangsu and other regions, after the internal test, I found that after a silver third-party authorization to unbind, WeChat / Alipay did not synchronize unbinding, think it is a bug, but the overall function does not affect the use, left to be optimized later.

6. Summary

Through the review, it was found that the functional design at that time did not pay attention to the synchronization of unbinding, and the lack of synchronous unbinding prompts "close WeChat/Alipay at the same time", resulting in a user experience that is not friendly enough. In terms of functional design, we can refer to the functions of our peers, and with the help of mature functional design, we can complete the functional design faster and better.

This article was originally published by @Sakurako and everyone is a product manager. Reproduction without the permission of the author is prohibited.

The title image is from Unsplash, based on the CC0 protocol.