When developing a banking application, teams must comply with countless regulations, directives, and technical requirements.
Amid product managers, architects, developers, testers, and legal advisors, two roles are especially critical: the IT security professional and the UX designer.
But what does real collaboration between UX and IT security actually mean?
Design: the first line of defense
“If the secure solution is not also the easy, convenient, or practical one, users will find a way to bypass controls for their own comfort or efficiency.” — Miklós Zakar, Senior IT Security Expert, BinX Zrt.
Good UX design creates intuitive, seamless interactions that reduce user errors and lower security risks.
However, UX alone cannot prevent fraud if the underlying system is not secure by design.
Security and usability must reinforce each other.
Mitigate risks
Secure usability ensures that security measures are both effective and user-friendly. Overly complex mechanisms, such as unclear password rules or confusing 2FA flows, encourage users to bypass safeguards.
UX designers play a key role in making security features intuitive and accessible. A well-designed interface communicates risks, such as phishing warnings, without causing security fatigue. Clear guidance prevents accidental actions like exposing sensitive data or misconfiguring privacy settings.
Poorly designed interfaces overwhelm users with security options, leading to mistakes or indifference. A strong UX mitigates these risks through clear visual cues, structured workflows, and non-intrusive prompts. Consistency is crucial — familiar patterns help users spot anomalies and suspicious behaviour.
Joint effort is necessary
Security measures must be easy to follow to be effective. If controls are cumbersome, users will find ways around them. At the same time, security elements that do not require user interaction must be fully embedded and unavoidable — beyond UX influence.
User involvement is necessary in specific cases:
1. Passwords — strong setup requirements and secure reset flows.
2. Multi-Factor Authentication (2FA) — combining knowledge, possession, and inherence factors.
3. 3D Secure (3DS) — additional authentication for card payments under PSD2 and SCA requirements.
4. Biometric authentication [/strong] — fingerprints or facial recognition for secure and effortless access.
“PSD2 introduced Strong Customer Authentication (SCA), making multi-factor authentication mandatory for certain transactions. Over time, 3DS evolved to support richer, more frictionless authentication flows.” — Kristóf Belucz, Head of Payment Cards Department, BinX Zrt.
Good UX embeds security into workflows without disrupting efficiency. Clear guidance, intuitive alerts, and secure defaults help users comply naturally. For this to work, IT security and UX must collaborate from the very beginning as core contributors.
IT security: invisible, but effective
Banks manage vast amounts of sensitive data, making them prime targets for fraud and cyberattacks. Strong authentication, encryption, and layered defenses protect data in transit and at rest.
Secure design principles
Security relies on layered protection — defense in depth. UX plays a role where user interaction is required, while other safeguards remain invisible. Key principles include:
- Fail safe defaults — deny access when errors occur.
- Least privilege — users and employees access only what they need.
- Separation of duties — critical actions require multiple approvals.
- Economy of mechanism — simple, understandable security settings.
- Complete mediation — verify every action, not just initial login.
- Open design — security relies on credentials, not obscurity.
- Least common mechanism — minimise shared access paths.
- Psychological acceptability — security must not frustrate users.
- Weakest link awareness — audits and testing remain essential.
- Leverage existing components — use proven security frameworks.
Strong security isn’t about rigid controls alone. It’s about resilience, usability, and real-world effectiveness.
Teamwork for the win
Without IT security involvement, UX designers may overlook critical threats. Collaboration from the start helps designers understand risks and implement effective safeguards.
For example, a quick-transfer feature designed for speed may introduce fraud risk. By collaborating, teams can require biometrics for high-value transfers while keeping small transfers frictionless. This balance protects users without sacrificing usability.
Good UX also reduces support costs. Intuitive security flows lower the need for password resets and account recovery calls. Secure, well-designed aftercare benefits both users and the business.
Enhance collaboration
Effective collaboration between UX and IT security can be fostered through:
- Workshops — sharing knowledge about threats and usability.
- Testing — combining penetration testing with usability testing.
- Design thinking — creating secure solutions that respect human behaviour.
Conclusion
UX design and IT security must work together to create safe digital experiences. Poor UX can encourage risky behaviour, while thoughtful design supports security adherence. However, UX addresses only a subset of security risks — architecture and OS vulnerabilities remain critical.
In banking applications, UX plays a supporting role. Designers advocate for clarity and usability but do not make security-critical decisions. By integrating UX into secure development and fostering strong collaboration, organisations can achieve both robust protection and excellent user experiences. In the end, security is only as strong as its usability.