Viveka Health App
Redesigning identity verification for trust, speed, and scale
Overview
Role
Product Designer
Duration
1 month
Team
CEO, 2 Software Devs, 1 QA
Tools
Figma, Jira, Confluence
Viveka Health App is a healthcare benefits app designed for members of labor union health and pension plans.
The mobile app allows users to access sensitive information such as medical claims, eligibility status, digital ID cards, and union-linked benefits.
Because of the sensitive nature of this data, verifying user identity while maintaining a smooth onboarding experience was critical.
Impact
40%
drop in abandonment
60%
fewer OTP abuses
3x
faster onboarding
Challenge
The original 8-step user registration process asked for phone, email, SSN, DOB, and other identifiers upfront — with identity verification only at the very end.
If the user failed to match, they had already invested 5–6 screens worth of effort. Drop-offs were high. Support tickets were piling up.
We were also vulnerable to spam and SMS fraud, which was generating unnecessary Twilio costs due to repeated OTP requests from bots.
My job was to transform the experience into one that our users won't abandon.
Research
As I dove into the original registration process, it became clear that the issues weren’t just technical — they were emotional. The design unintentionally asked users to hand over sensitive data without context or value, and the system didn’t do much to guide or reassure them along the way.
What I set out to understand:
Why were users abandoning registration halfway?
Where exactly did most drop-offs happen?
Were there any invisible pain points?
Here’s what I uncovered:
🔎 Customer support calls to union office
Users often dropped off long before identity matching even began.
A repeated frustration surfaced: “Why is this app asking for my SSN so early?”
📉 Error Logs
Backend logs showed a large spike in failures at Step 8. Many users who completed all prior steps were getting flagged as "No Match Found."
For these users, there was no recovery path — just a dead end.
📊 Behavioral Insights
Most users hesitated and exited just before reaching the SSN field.
Users who failed at Step 8 (last step) had to restart the entire registration process once their records were added to the system by the union.
A large number of OTP resend requests came from flagged IPs or reused devices, indicating possible abuse patterns.
From the research, Frank was born, to represent the frustrations shared by union workers navigating digital tools.
His story wasn’t unique; it reflected many of the same concerns we saw echoed in customer support chats and error logs.
He became a grounding voice in our redesign strategy — reminding us that trust, clarity, and simplicity are non-negotiable when dealing with sensitive data.
How might we?
help users build confidence before verifying identity?
prevent OTP abuse while keeping it user-friendly?
create a fallback flow that maintains trust when verification fails?
We broke the process into Two Phases
The original registration flow tried to do everything in one sitting — from collecting contact info to verifying a user’s identity using SSN or member ID which created severe systemic gaps.
⚠️ Key Issues in the Unified Flow:
🚪 High Drop-Off Rate
🕵️ Vulnerable to Fraud
💸 Costly OTP Abuse
🧱 Rigid Verification
💡 The Two-Phase Solution:
Phase 1 focuses on low-barrier entry with:
Email + Phone verification via OTP
Rate-limits, CAPTCHA, fallback to phone calls
Password creation
Successful creation of Guest Account
Phase 2 triggers only when user decides to Verify Identity:
AI-based scan of Driver’s License
Live Selfie capture
GPS, device, and IP metadata validation
Data deletion immediately after verification
Full access to benefits unlocked!
💡 Why We Moved from Manual Entry to Document Scanning
✅ Reduced Hesitation
→ Users felt safer scanning documents than entering SSNs.
🔍 Improved Trust & Transparency
→ Clear data-use messaging built user confidence.
🛡️ Enabled Metadata Validation
→ Scanning enabled GPS, IP, and device checks for fraud detection.
🎯 Higher Match Accuracy
→ Fewer typos with OCR-led identity verification.
📜 Stronger Compliance Alignment
→ Flows aligned with HIPAA standards via secure data handling.
Design Solutions
#1. Guest Registration (Part 1)
Before: Registration began with phone/email but quickly escalated to SSN, legal name, and DOB—leading to early exits.
Design Thinking: Introduced a lightweight “Guest” mode. Verified email and phone with built-in abuse controls (rate limits, CAPTCHA, fallback to phone call). Only after successful OTPs did we ask for password setup.
After: Guest accounts are created within 3 simple steps, allowing users to explore the app before any identity check.
Impact: 40% drop in abandonment. Significantly smoother entry into the app experience.
#2. Upgrade from Guest to Full Registration (Part 2)
Before: Identity was verified at the very end of the flow with no warning or fallback. Users who failed had to restart.
Thinking: Built a progressive identity upgrade triggered only when needed—like accessing benefits or ID cards. Users uploaded a driver’s license/passport, took a selfie, and verified metadata (GPS, device, IP). Sensitive data was deleted immediately after verification.
After: Identity verification happens only when required, with clear purpose and real-time feedback. Manual fallback flows were added to support mismatches.
Impact: 30% more successful identity matches and 60% reduction in fraud-related OTP activity.
Handoff
All flows were mapped in Figma with success/failure states, edge cases, OTP retry logic, and security triggers. Developer handoff included connection to BRD specs for traceability.
Reflections
⚖️ Simplifying identity UX is a balancing act between user trust and system protection.
🏆 Splitting the flow into Guest and Verified accounts built early value with minimal commitment.
What I'd do differently
📝 Run remote usability testing on document scan interactions earlier
📲 Automate fallback onboarding for blocked users instead of admin email trigger
📄 Add onboarding coaching or animations to reduce friction in first-time doc scans