Authentication sheet
One payment flow for all core services
2021
Introduction
Prioritized Authentication Feature
As part of the broader initiative to unify Grab’s payment experiences across core services such as Transport, Food, and Express (read the full Payment SDK project here), an urgent challenge driven by local regulatory requirements emerged: the need to implement stronger user authentication measures for digital payments.
Operating through partners OVO and Moca in these markets required tailored solutions to ensure compliance. To meet regulatory deadlines and protect business continuity, we accelerated the development and launch of the authentication feature as the first key component of the Payment SDK.
Our primary goal was to integrate mandatory authentication seamlessly into existing transaction flows, delivering a consistent user experience across different markets and partner requirements. This approach helped minimise friction while reinforcing Grab’s commitment to securing digital payments.
Alpha Bravo
One payment flow for all core services
14 min read • 2022
The Task
One payment experience with authentication for Grab Transport, Food and Express
Our goal was to harmonize the payment experiences across its key services Transport, Food, Express and ensure consistency in the future.
Our hypothesis was that providing a consistent payment experience throughout the core services would reduce the customers' cognitive load, improve customer trust, and increase the success rate of the adoption of other/ new Grab services.
Section label
Early Insights
After our analysis, we have identified some common pain points across all our services. These include:
-
Inconsistent implementation of new payment features or feature improvements in all payment flows due to the unavailability or lack of prioritisation of engineering efforts from the Transport, Food, or Express teams.
-
Customers who use linked credit-debit cards or digital payment methods are more valuable to all our services as they generate higher transaction volumes. However, persuading customers to switch from cash transactions requires significant time and or cost.
-
A high drop-off rate is observed when users lack sufficient balance to complete a task, which can lead to a negative user experience and loss of potential revenue.
We believe that addressing these pain points will result in a more streamlined and user-friendly experience for our customers, ultimately leading to increased satisfaction and growth for our platform.
Minimizing authentication friction
In Vietnam and Indonesia, we were constrained by the security methods supported by our local payment partners. Moca relied on an OTP sent via SMS in Vietnam, while OVO used a 6-digit security code in Indonesia. In other GrabPay markets, users authenticated using a personal Grab PIN.
To reduce disruption during a booking or checkout, I designed the authentication challenge as a bottom sheet overlay. This approach maintained visual continuity by keeping users within the context of the core service happy path through a semi-transparent overlay, rather than redirecting them to a full-screen, standalone authentication page which was the current implementation.
Alpha Bravo
One payment flow for all core services
14 min read • 2022
The Task
One payment experience with authentication for Grab Transport, Food and Express
Our goal was to harmonize the payment experiences across its key services Transport, Food, Express and ensure consistency in the future.
Our hypothesis was that providing a consistent payment experience throughout the core services would reduce the customers' cognitive load, improve customer trust, and increase the success rate of the adoption of other/ new Grab services.
Validating Security Through User Testing
Despite thoughtful implementation, the core service teams still had some concern about the friction of an authentication request in their transaction flow. Since no similar security challenge existed within our current checkout or booking flow, we lacked quantitative benchmarks to reassure stakeholders.
User testing helped ease these concerns. Participants successfully completed the OTP challenge, without hesitation, despite some participants needing a moment to consider the auth request during a booking flow that they were familiar with.Many users appreciated Grab’s efforts to enhance security, reinforcing confidence in the new design.
Authentication for OVO, Moca and GrabPay customers
A consistent experience across markets and authentication methods
We successfully launched our integrated user authentication feature. The feature offers a consistent authentication experience for users across all our markets and is compatible with third-party payment services. We support third-party OVO Security Code for Indonesia, Moca OTP by SMS in Vietnam, and Grab PIN for GrabPay.
Authentication for OVO, Moca and GrabPay users
A consistent experience across markets and authentication methods
We successfully launched an integrated authentication feature that delivers a consistent and streamlined experience across all our markets. The solution supports third-party services, including the OVO Security Code in Indonesia, Moca’s OTP via SMS in Vietnam, and Grab PIN for GrabPay markets. This unified approach simplifies the user journey while meeting diverse regulatory and technical requirements.
Foundation for biometric authentication
To enable more intuitive methods such as facial and fingerprint recognition, we first implemented Grab PIN authentication in all GrabPay markets. This PIN serves as the secure foundation required to activate future biometric authentication flows.
The Impact
Improving payment security while preserving conversion
We successfully launched our integrated user authentication feature. The feature offers a consistent authentication experience for users across all our markets and is compatible with third-party payment services. We support third-party OVO Security Code for Indonesia, Moca OTP by SMS in Vietnam, and Grab PIN for GrabPay.
2.7%
OTP SMS drop-off rate
The drop-off rate for customers who abandoned the authentication process due to OTP SMS authentication was 2.7% which was within our expected tolerance. Although we aim to bring this to 0%, the outcome will partly depend on factors outside our control, such as local telecom infrastructure and user connectivity for the SMS receiving part of the Moca auth flow.
=
Stable conversion rate
Despite introducing the authentication step, the overall conversion rate remained steady. Our performance remained competitive compared to our competitors in the markets who faced the same regulatory requirements, reinforcing the effectiveness of our design in balancing compliance, security, and user experience.
Our Story in Numbers
For confidentiality and to comply with my non-disclosure agreement, specific values and certain confidential information have been left out or adjusted in this case study. The perspectives and insights shared here are based on my personal involvement and interpretation of the project's outcomes and do not necessarily represent Grab's official stance