Contact

Home

About me

Projects

Home

About me

Projects

Duration

Duration

1 month

My role

My role

Product designer

Collaborators

PM, engineers and CS Team

Context

Meutudo is a fintech focused on payroll-deductible loans (crédito consignado) primarily for retirees and pensioners. This user base, predominantly older adults, depends heavily on the app to access financial products that are central to their monthly income.


Password recovery was the most common reason users contacted support. In August 2023, it accounted for roughly 70% of all customer inquiries, approximately 2,795 contacts in a single month.

Discovery

The problem surfaced through a cross-functional discovery process. Customer Success agents, who fielded the incoming contacts daily, brought a critical insight to the product team: most users weren't failing because the flow was confusing. They were failing because the only available verification method was SMS, and many of them no longer had access to the phone number registered in the app.


This was especially pronounced among users in rural areas of Brazil, where SIM card swaps are common, prepaid plans frequently run out of credit, and network coverage can make SMS delivery unreliable.

Over a six-month period, users requested more than 1 million SMS tokens during password reset attempts. The volume indicated that many were retrying repeatedly, not successfully resetting. Each token represented both a failed user experience and a direct infrastructure cost to the company.

The product team formulated a hypothesis: if users had an alternative channel to receive the validation code (such as email) the number of failed resets, support contacts, and unnecessary SMS sends would decrease significantly.

Who we were designing for

The core user base of Meutudo was composed of aposentados and pensionistas, retirees and pension recipients who depend on the app to access payroll-linked credit. Many are older adults navigating a mobile-first financial product, often from regions outside major urban centers.


For this profile, a single SMS-based verification channel wasn't merely inconvenient, it was a structural barrier to account access. Phone numbers change. Prepaid credits run out. Network signals fail. A flow designed for a stable urban digital user left this majority behind.

Decisions and trade offs

Why email and not biometric authentication?

Biometrics require the user to be authenticated first — which was exactly the step that was failing. It solves convenience for logged-in users, not access recovery for locked-out ones. Biometrics were added in a later release as a second layer, which reduced contacts even further over time.

Why not WhatsApp as an additional channel?

Why email and not biometric authentication?

WhatsApp was considered but scoped out of v1. A single WhatsApp message cost three times more than SMS or email, making it a harder case to justify for a solution still being validated. Beyond that, adding a more expensive third channel would have extended the timeline. Email was the most reliable and cost-effective alternative for the target user profile within the constraints we had.

Biometrics require the user to be authenticated first — which was exactly the step that was failing. It solves convenience for logged-in users, not access recovery for locked-out ones. Biometrics were added in a later release as a second layer, which reduced contacts even further over time.

Was the 1-month scope a constraint or a choice?

Why not WhatsApp as an additional channel?

Both. Support volume at 70% of all contacts was unsustainable, so speed mattered. But the tight scope was also intentional, we isolated the smallest change that could validate the hypothesis rather than redesigning the entire authentication system. The bet paid off.

WhatsApp was considered but scoped out of v1. A single WhatsApp message cost three times more than SMS or email, making it a harder case to justify for a solution still being validated. Beyond that, adding a more expensive third channel would have extended the timeline. Email was the most reliable and cost-effective alternative for the target user profile within the constraints we had.

Was the 1-month scope a constraint or a choice?

Both. Support volume at 70% of all contacts was unsustainable, so speed mattered. But the tight scope was also intentional, we isolated the smallest change that could validate the hypothesis rather than redesigning the entire authentication system. The bet paid off.

Solutions

The redesign introduced a verification channel selection screen at the start of the recovery flow. Users now choose between SMS or email before receiving any validation code. The flow expanded from a linear 4-step sequence to a structured 3-step journey with a progress indicator. On the validation screen, an inline option to switch to email was also added for users who started with SMS and hit a dead end.


Alongside channel selection, we shipped a second feature for the most critical scenario: users who had permanently lost access to their registered phone number.

Channel selection

Users choose SMS or email to receive their validation token, accommodating those who changed numbers or have unreliable SMS delivery.

Phone number update

Users input their previously registered number for data validation, confirm via email token, and register a new number, enabling a clean reset going forward.

The core UX principle across both features was giving users agency over how they prove their identity — rather than forcing a single path that many could no longer complete.

Results

Beyond the product metric, the reduction in support volume freed the Customer Success team to focus on higher-complexity issues. While the direct cost savings were not formally tracked, the scale is estimable: over 2,000 fewer contacts per month, each requiring agent time, represents meaningful operational capacity recovered, alongside the reduction in SMS infrastructure spend from token volume that had been accumulating at over 1 million sends per six months.

Retrospective

Two things I would do differently:


  1. We didn't validate the solution with real users before shipping. The quantitative signal from support data was strong, but we had no observational research with elderly or rural users. We were right about the diagnosis, but a usability session with even 3–4 people from that demographic would have given us more confidence and likely surfaced edge cases we only resolved after launch.

  2. The phone number update feature was technically correct but missed a behavioral reality: many of the users who needed it most, older adults with limited email access, depended on external help to complete any email-based task.

Lua Almeida

Made with love, using Framer