Designing a frictionless credit card verification experience

DyScan Protect, a secure card-verification flow for Dyneti that helps apps detect and prevent fraud, built to clear in under ten seconds across both mobile and desktop.

Client
Dyneti
Sector
Fintech
Role
Product Design, User Research
Focus
Card verification, Fraud prevention, Cross-device
Year
2024

A security checkpoint that feels like part of the purchase

Dyneti partnered with us to design the DyScan Protect experience, a secure card-verification flow that helps apps detect and prevent fraud.

When you pay online, the business has to confirm that the card is real and really yours. That step is called card verification. Dyneti does it in an unusually direct way: you scan your physical card with your phone camera, and the company's deep-learning models, software trained to recognize the genuine markings of a card, check it in real time and decide whether the transaction should go ahead.

The goal was to create a fast, intuitive scanning process that works across both mobile and desktop. We designed multiple verification paths, including single-sided and two-sided scans as well as QR-based handoffs from desktop to mobile. From error handling to successful verification, the experience guides users step by step while Dyneti's models analyze the card behind the scenes.

The underlying tension is what made this interesting. A verification step is, by definition, friction deliberately inserted into a purchase the user just wants to finish. Make it too slow or too confusing and they abandon the cart; make it too lax and fraud slips through. The whole craft is making a security checkpoint feel like part of the purchase, not an interrogation.

Fig 01 The core moment: the phone camera frames the card, on-screen brackets guide alignment, and the state flips to verified once Dyneti's model confirms it. The whole interaction is designed to clear in seconds.
1 week
From kickoff to prototype
A functional prototype, end to end
<10 sec
Verification time
Average time to complete a card scan
4
Verification flows
Designed and validated for mobile and desktop

Cross-device verification, without the dead end

Plenty of people start a checkout on their computer, but their card and a good camera are in their hand, on their phone. A scan-based verification cannot happen on a desktop without a webcam pointed at a card, and asking someone to manually pick up their phone, find the right page, and start over breaks the flow at the worst possible moment.

We designed a QR-based handoff to turn that device switch into a single action. A QR code is the square barcode you point a phone camera at to open a link. After acknowledging a short security prompt on the desktop, the user scans a QR code shown on screen. That opens Dyneti's mobile scanning interface directly on their phone, with no app to install, they complete the card scan with the phone's camera, and the result flows back to finish the transaction they started on desktop. The device switch becomes a single scan instead of a dead end.

Fig 02 The desktop checkout where the flow begins, the happy path on a sample merchant. Verification is woven into the existing payment step rather than bolted on as a separate screen.
Fig 03 The handoff itself. The desktop presents a QR code; scanning it opens the verification on the phone, where the camera can actually see the card. No account linking, no app install.

The error path is where verification lives or dies

The success path is the easy design problem. The error path is the one that decides whether people finish. Scans fail for ordinary reasons: bad lighting, a card held at an angle, a camera that will not focus. When that happens, users tend to blame themselves, get frustrated at a tense moment when money is on the line, and abandon the purchase.

We designed the error states to do the opposite of leaving people stuck. The interface names what went wrong, shows how to fix it, and lets the user retry without restarting the whole verification. There is clear visual feedback, a simple one-tap way to try again, and a support phone number as a human fallback for anyone who is truly blocked. A failed scan should feel like a redo, not a rejection.

Crucially, none of this loosens the actual security. The guidance gets friendlier, but the verification requirements stay strict, because the entire point of the product is to keep fraud out. Recovering gracefully and verifying rigorously are not in conflict here; the design has to do both at once.

Fig 04 An error state that coaches rather than scolds. It names the likely cause, keeps the camera view in place, and offers a single retry so the user never feels sent back to the start.
Fraud detection succeeds or fails on the recovery path, not the happy path.

A small, disciplined system built for trust

A verification step has to read as trustworthy at a glance, so the visual language was kept calm and deliberate. A warm grey and navy base does most of the work, coral is reserved for the single primary action on any screen, and the type is TT Commons, a clean geometric sans that stays legible at the small sizes a phone demands.

The most important decision in the palette was the status colors. Success and failure each get one dedicated color, teal for verified and crimson for failed, so the outcome of a scan is never ambiguous in the one moment where ambiguity would cost the user money or trust. Everything else in the system is intentionally quiet so those two signals can speak clearly when they need to.

Fig 05 The DyScan Protect palette and type. Warm grey, coral, navy, and midnight ramps for surface and structure, two unambiguous status colors, and TT Commons for the typeface.

Read another case study

More selected work across consumer fintech, enterprise AI, and complex internal systems.