Context
With the admin and cardholder portals modernized (see CS-01), the next step was reach: cardholders expected a mobile experience, but maintaining two native codebases would have doubled the cost of every feature. The decision was a progressive web app: one codebase, installable on both Android and iOS, with near-native experience.
The challenge
- Deliver a mobile experience users trust with their money, on web technology.
- Design authentication that is both secure and effortless: passwords alone were unacceptable for a financial product in daily use.
- Cover the full journey: registration, login, card management, payment confirmation, and session handling, each with airtight edge-case behavior.
My role
I specified and owned the application's core flows, most notably the biometric authentication framework. I authored the FSD covering biometric registration, login, payment confirmation, and session timeout, iterating through multiple rounds of client feedback until every scenario, from device changes to failed biometric reads to fallback paths, had an explicit, testable acceptance criterion.
In payments, the unhappy paths are the product. A biometric login that works 95% of the time and fails silently the other 5% destroys trust. My specifications treated every fallback, timeout, and error state as a first-class requirement, so the developed product behaved predictably under real-world conditions.
Approach
- Biometric framework FSD. Defined registration and re-registration flows, login, step-up authentication for payment confirmation, and session timeout behavior, with Given/When/Then criteria for each state.
- Iterative client validation. Incorporated structured client feedback across review cycles, keeping a clear record of what changed and why, which kept scope disputes off the table.
- Cross-platform consistency. Ensured flows behaved identically across Android and iOS PWA contexts, documenting platform-specific constraints where they existed.
- Test suites. Produced comprehensive test cases mapped one-to-one to acceptance criteria, giving QA full traceability from requirement to verification.