Cielo

Cielo is a technology and services company for retailers and a leader in the electronic payments segment in Latin America. In 2022, it captured 6.8 billion transactions on our platforms and R$872 billion in financial volume. 

Challenge

We needed to have an overview of the security problems we had with cielo's ecommerce credentials

Team Structure

1 Service designer, 2 Product designers, 1 Tech lead, 1 Full stack developer, 1 Agile expert, 2 stakeholders

Principles Goals

Understand and redesign all the journeys that the user had contact with in order to close all existing risk gaps

Project Time

7 months, 3 meetings per week - 1:30 hour each session

My role

Service Design, Customer Experience

Problem

The fraud prevention team identified a significant number of e-commerce transactions that were classified as fraudulent, where the total amount of the transactions represented approximately 60 million Reais (approximately 12 million dollars) in losses for Cielo operations.
I was called in as a service designer to complete the team working.

Problems founded:

• Fraudulent transactions through improperly leaked ecommerce credentials
  
  
• Open credentials in databases
  
  
• High vulnerability in authentication methods
  
  
• Credentials created during the onboarding phase in a fragile environment
  
  
• Unpleasant and irritating customer credential exchange journey
  
  
• Duplicate costs in various features

The Design requirements

As designers, in a team of 3, we had to use strategies to achieve the goal in the time estimated by the company, so I, as the service designer responsible for the project, created a plan for dividing up the mapping of customer journeys, where we had in a worksheet all the customer journeys that were in process, and we updated them in real time.

The journeys were mapped in a large miro, and for that we needed to network with various departments at Cielo in order to have the most up-to-date mapping possible. I was in charge of bringing the status of the mappings to the working group meeting once a week.

Our target

• Map the customer's current journeys, from credentialing, through onboarding to making credentials available.
  
  
• Identify the points of friction and possible information leaks found in the journeys.
  
  
• Map how the different ways in which customers register with Cielo work
  
  
• Understand the vision of the teams responsible for each journey and generate insights for improvement
  
  
  
  
  

• Understand the technical infrastructure requirements and limitations of Cielo's ecommerce services
  
  
• Create proposals for ideal journeys for each possible registration method for the client, which meet the best practices of UX, CX, Fraud Prevention and Information Security, complying with pre-established requirements and respecting existing technical limitations.
  
  
• Create management visions of the journeys in power point format for Cielo's executive board meetings.
  
  
  

180

104

30

21

mapped flows

points of vulnerability

people interviews

data without encryption

Solution

After months of structuring, we began to implement the new flows.
The project was divided into four phases, aimed at improving security and performance. In the first phase we delivered:

• New customer registration for retail customers
  
  
• Digital Identity Journey mandatory for access to ecommerce credentials
  
  
• New credential authentication protocol
  
  
• Increased security within the ecommerce API
  
  
• Improved traceability and monitoring of transactions via market partnerships.

Goal

Our team was divided into two multidisciplinary fronts, one with the aim of mitigating these vulnerabilities in minimum operating time, and the other, which I was part of, which was dedicated to restructuring the processes that included the entire customer journey, from accreditation with the company, through identity validation, credential generation and all the way to providing the information necessary for the customer to integrate the cielo API with the systems and then start the financial transaction processes with Cielo.

After 7 months of work and more than 150 Cielo employees involved, we managed to eliminate 40 risk incidents that were mapped during the process, turning Cielo into one of the companies with the safest ecommerce service in Brazil.

That is all!

I would be happy to give you more details in a controlled meeting environment.

If you would like to know more, please contact me.