Michelle DaSilva
Portfolio · Case Study

This case study is password protected.
Enter the password to continue.

Don't have the password? Request access

Michelle DaSilva
Get in Touch
Back to Work
Case Study 002 · Fintech & AI

SecureAccess:
AI-Powered
Permission Management.

A product design concept — an AI assistant for small business owners to manage user permissions with confidence. Guided setup, smart suggestions, and proactive security controls, with business owners firmly in charge of every decision.

Projected Impact
42%
Projected reduction in permission-related support tickets — based on comparable AI-assisted workflow implementations.
Client
Leading US Bank
Role
UX Strategy Lead
Scope
Research · Concept · UX Design
Platform
Web · Enterprise SaaS
Status
Proposed Concept

Overview

A Concept Design from ASM Research

SecureAccess is a concept design built from ASM research insights, showing how I translated permission management research into a complete service architecture centered on AI-assisted decision-making. It was never shipped to production at JPMorgan Chase, but it's a full design hypothesis — backed by real research and strategic reasoning about how to make humans confident decision-makers when working alongside AI.

Executive Summary

The Problem and the Opportunity

Problem Statement
Complex Permissions Management
Business owners struggle to efficiently assign permissions due to overwhelming processes and a lack of clear guidance — leaving them uncertain about every choice.
Security Concerns
Current systems fail to provide timely, actionable notifications — leading to excessive access grants or increased administrative workload as owners avoid the task entirely.
Solution Overview
SecureAccess
An AI-powered assistant designed to streamline user permission management, enhance security, and empower business owners with informed decision-making.
Key Features
  • Guided setup — step-by-step, role-tailored recommendations
  • Smart suggestions — AI-driven, prevents over-permissioning
  • Security alerts — proactive risk flagging and error checks
  • User control — final decisions always stay with the owner

The Problem

Permissions Everywhere, Guidance Nowhere

As a business owner, I need a streamlined and intuitive way to assign permissions to my employees that align with my business needs while maintaining robust security. The current process is often overwhelming and lacks clear guidance, leaving me uncertain about making the right choices. Notifications are difficult to manage and fail to provide timely, actionable information. Consequently, I either grant excessive permissions or handle tasks myself — leading to inefficiencies and increased workload.

What was needed was more than a cleaner interface — clear, step-by-step guidance, AI-driven suggestions, and robust security features, all while keeping user control and transparency intact.

Pain Point 01
Complex Permissions Management
Overwhelming processes and lack of clear guidance left owners uncertain they were assigning the right access levels to the right employees.
Pain Point 02
Inadequate Security Notifications
Notifications failed to provide timely, actionable information — leading to excessive access grants or undetected security gaps.
Pain Point 03
No Intelligent Guidance
No system helped owners understand what permissions were appropriate for a given role — decisions were made by trial and error, often wrong.
Pain Point 04
Cognitive Overload
The mental load of managing access across multiple employees and accounts caused owners to either over-delegate or avoid the task altogether.
Current state — the dense, guidance-free ASM experience

Market Context

AI Is Transforming Financial Services — Permission Management Is Next

Industry Signal
AI adoption in the banking industry has accelerated, increasing by approximately 30% over the past two years — as institutions leverage AI to enhance account access, security, user experience, and overall productivity.

The data showed a clear case for AI-driven assistance in permission management. Three measurable outcomes from adjacent financial AI deployments confirmed the opportunity:

25%
Streamlining Operations
AI tools cut operational costs by up to 25% — automating tasks and optimizing processes to reduce administrative work and boost productivity.
50%
Elevating Security
AI systems have reduced fraudulent activities by up to 50% — highlighting their effectiveness in preventing unauthorized access.
30%
Enhancing User Experience
AI assistants have increased service efficiency by 30% — faster responses and higher customer satisfaction across banking workflows.

User Research

Five Insights That Shaped the Design Direction

Research with small business owners surfaced five consistent themes — each one directly informing a design decision, from the AI suggestion model to the transparency and control mechanisms built into SecureAccess.

Small business owners in a research session — representing the participants whose insights shaped SecureAccess
01
Need for Simpler Guidance
Users wanted easier, step-by-step help when setting up permissions — with clearer explanations and suggestions tailored to their business type and employee roles.
02
Desire for Control
Users were open to AI assistance but wanted to retain final decision-making authority — especially concerning financial access levels. AI must advise, not decide.
03
AI for Error Checking & Alerts
Users were comfortable with AI helping to spot problems, suggest improvements, and send security alerts — but not for making final permission decisions autonomously.
04
Security as a Top Priority
Business owners prioritized data protection above all. AI-driven features needed to feel secure, transparent, and easy to understand — or they would be distrusted.
05
Frustration with Existing Bank Processes
Users found adding employees to bank accounts confusing and time-consuming — lacking feedback, confirmation, or guidance. Many resorted to calling support just to complete basic access changes.

Secondary Research

Industry Signals and Competitive Context

Secondary research surfaced industry trends and competitive signals that shaped the design direction — and revealed opportunity areas that user interviews alone wouldn't have uncovered.

1
Industry Trends in AI and User Management
  • AI in Financial Services: AI is increasingly used in banking for fraud detection and customer service, but its application in user permission management remains limited — presenting a clear opportunity to lead.
  • User-Centric Design: Financial tools are increasingly designed for simplicity and control, aligning with the need for intuitive permission management that business owners can confidently navigate.
2
Opportunities for AI-Driven Solutions
  • Personalized Recommendations: AI can tailor permission suggestions based on business type and employee role — reducing cognitive load and enhancing decision accuracy.
  • Proactive Security: AI can identify and flag security risks early, providing peace of mind and reducing unauthorized access before it occurs.
  • Integration with Tools: AI can streamline management by integrating with platforms like QuickBooks and Xero — reducing manual reconciliation work.
3
User Pain Points
  • Multi-User Management: Managing users across multiple platforms and account types is complex, leading to security risks. A unified solution could address this directly.
  • Real-Time Alerts: Users need timely alerts and actionable insights to improve security and make informed decisions — not after-the-fact summaries.
4
Building Trust
  • Transparency: Clear communication about how AI processes work builds trust and encourages adoption. Users who understand the system are more willing to rely on it.
  • Feedback and Improvement: Regular user feedback helps refine the product to meet evolving needs — and signals to users that the system is listening.

Current State

The ASM Experience, Mapped End to End

Before designing the future state, we mapped how the Access & Security Manager experience actually worked — end to end, across every touchpoint and behind-the-scenes process. This current-state blueprint surfaced where users got lost, where the system provided no guidance, and where the gaps between frontstage and backstage created the permission complexity owners struggled with daily.

Current-state service blueprint — Access & Security Manager (ASM). Mapped from direct experience with the live product and stakeholder input on backend processes.

Strategic Reframe

The Pivot: From Complexity to Confidence

Initial research showed permission management was overwhelming — but that was a symptom, not the root cause. Digging deeper revealed a more fundamental problem that changed everything.

Core Insight
The problem wasn't complexity — it was uncertainty. Business owners couldn't confidently decide what access to grant, and AI was introducing even more uncertainty if mishandled. Simplifying the UI alone would never solve this.
We stopped asking
"How do we simplify permissions?"
We started asking
"How do we make business owners confident decision-makers — even with AI suggestions?"

This reframing changed the entire design approach. We stopped optimising for fewer steps and started designing for informed confidence — ensuring every AI touchpoint made owners feel more capable, not less in control.

Design Constraints from Research

Why Not Fully Autonomous AI
Human-in-the-Loop by Design
Research made clear that business owners managing financial permissions needed to feel authorship over every decision. Full automation removed the accountability signal owners relied on. The AI's role was defined early: inform and suggest, never decide.
Accept / Edit / Decline Pattern
Testing the Three-Way Choice
The Accept / Edit / Decline pattern is the core interaction model — designed to give owners clear agency in engaging with AI suggestions without feeling forced into blind trust or full rejection. This addresses what research revealed: users fear loss of control more than they fear cognitive load.

Context

Permission Management at Scale

This concept addresses a real product gap at scale. The ASM experience serves 8.7M small business customers — and the permission management problem the research surfaced isn't an edge case, it's the default experience for most of them.

8.7M
Business Customers Served
25%
Projected Operational Savings

The Solution

SecureAccess: Smart, Secure, and Simple

Solution · SecureAccess AI

An AI-powered assistant that helps business owners confidently and efficiently assign the right permissions to users.

SecureAccess is embedded in the bank's Access & Security Manager — guiding business owners through every step of permission management with personalized recommendations, real-time security monitoring, and full user control at every decision point.

SecureAccess AI dashboard on laptop — the guided permission management interface for small business owners.

Expected Benefits

What SecureAccess Delivers for Business Owners

Every feature maps directly to a pain point uncovered in research — reducing risk, workload, and uncertainty while keeping the business owner firmly in control.

Enhanced Security
SecureAccess proactively identifies and flags security risks — monitoring permission patterns continuously and surfacing concerns before they become incidents.
Streamlined Operations
Simplifies permission management with guided setup and smart suggestions — reducing administrative workload and the time needed to onboard, modify, or offboard users.
User Empowerment
Maintains business owner control with AI-driven insights — allowing confident, informed decisions without requiring deep knowledge of security protocols.
Transparency & Trust
Clear explanations for every AI recommendation foster trust — so business owners know why a suggestion is made and can confidently accept, edit, or decline it.

Key Features

Five Core Capabilities, Each Grounded in Research

Five core capabilities — each mapped directly to a research insight — that make the right permission decision the obvious one.

01
Guided Setup
Step-by-step recommendations tailored to business type and role-based access needs — eliminating uncertainty at every decision point.
02
Smart Suggestions
AI-driven insights based on industry patterns and business type to prevent over-permissioning — ensuring employees get only the access they need.
03
Security Alerts & Error Checks
Proactively flags risky permissions, unusual access patterns, and potential security gaps — surfacing concerns before they become incidents.
04
Clear & Timely Notifications
Real-time updates on permission changes and alerts owners to critical issues — actionable, not just informational.
05
Full Control, No Surprises
AI assists with suggestions and checks, but the final decision always stays with the business owner. Every recommendation can be overridden, and every action is fully transparent — AI serves as a supportive tool, not an authoritative one.

Interface Design

Access & Security Dashboard

A complete overview of user management and access control — real-time alerts, in-context AI guidance, and account activity designed to be actionable, not just informational.

High-fidelity SecureAccess dashboard — real-time alerts, AI-assisted user management, and at-a-glance access control for small business owners.
High-fidelity SecureAccess dashboard — real-time alerts, AI-assisted user management, and at-a-glance access control for small business owners.

Mockups generated using Motiff AI (2025, now discontinued) — AI-prompted design used to rapidly explore and communicate concepts during early product exploration.

User Flow

A Four-Step Guided Experience

The AI-assisted flow breaks the complex task of adding a new user into four clear, manageable steps — with AI suggestions available at every stage and full user override at any point. The goal: make the right choice obvious, not just possible.

01

Add a User

Collect basic user details and let AI suggest the best role based on job description and business type. The AI considers industry norms and past patterns — so the suggestion is informed, not generic.

  • User information form
  • AI role suggestion panel
  • Option to turn off AI suggestions
02

Select Accounts

Choose which accounts the user will have access to, with AI-driven recommendations based on role and industry best practices. Each recommendation comes with a "Why this?" explanation — no black box.

  • AI account recommendations
  • "Why this?" transparency feature
  • Manual override available
  • Proactive security tips
03

Set Permissions

Define role and permissions with AI highlighting potential security risks and explaining what each permission entails. Over-permissioning is flagged before it's committed — not after.

  • Predefined role templates
  • AI-suggested permissions
  • Permission risk detection
  • Scenario-based guidance
04

Review & Confirm

Full summary view with AI security insights before confirmation — and the option to edit any step before finalizing. The AI provides a final assessment so business owners can confirm with confidence, not guesswork.

  • Complete access summary
  • AI security assessment
  • Edit at any prior step
  • Confirmation email sent

Responsible Design

Ethics Review of this AI Assistant: SecureAccess

Deploying AI in financial decision-making introduces meaningful ethical obligations. Each concern was addressed through deliberate design choices — woven into the product architecture from the start, not treated as an afterthought.

01
User Autonomy & Control
Concern
Users may feel that AI-driven suggestions undermine their autonomy, especially in financial decision-making.
Mitigation
  • Final decisions always remain with the business owner
  • AI suggestions are clearly labeled as optional and overridable
  • Scenario-based guidance helps users make informed choices
02
Transparency & Trust
Concern
Users distrust AI systems when they don't understand how decisions are made or when the system lacks clear explanation.
Mitigation
  • "Why this?" feature explains the logic behind every suggestion
  • Visual diagrams show the full access picture
  • Regular updates communicated through the notification system
03
Security & Privacy
Concern
Users may worry about the security of their financial data and the privacy of their interactions with the AI assistant.
Mitigation
  • Robust encryption and secure authentication protocols
  • Clear communication of data protection measures
  • Proactive security tips to enhance user confidence
04
Algorithm Aversion & Over-Reliance
Concern
Users may either distrust AI suggestions entirely or become over-reliant without applying critical judgment.
Mitigation
  • AI balanced with full manual override at every step
  • Explanations encourage critical evaluation of suggestions
  • Education resources accessible throughout the flow
05
Bias & Fairness
Concern
AI systems may inadvertently introduce bias — leading to unfair or inappropriate permission recommendations for certain business types.
Mitigation
  • Regular audits of AI algorithms for bias and accuracy
  • Diverse training data across business types and industries
  • User feedback loop to continuously improve fairness

Action Plan

How Each Risk Was Addressed

Five targeted interventions translate the ethical considerations above into concrete product commitments — each addressing a specific failure mode in AI-assisted financial tooling.

01
Enhance User Education
In-app tutorials, contextual tooltips, and plain-language explanations help users build confidence with AI-assisted decisions without feeling overwhelmed.
02
User Feedback Mechanism
Persistent thumbs-up / thumbs-down on every AI suggestion feeds a continuous improvement loop — surfacing mismatches between AI recommendations and user intent.
03
Human Support Integration
One-tap escalation to client services is available at every step. AI assistance and human support co-exist — the system never forces a choice between them.
04
Regular Algorithm Audits
Quarterly bias audits across business type, industry, and demographic variables ensure recommendations remain fair and accurate as the model evolves.
05
Privacy & Security Enhancements
End-to-end encryption, minimal data retention, and proactive security alerts keep user data protected while maintaining transparency about what the AI knows and uses.

Design Reflection

What This Concept Demonstrates

  • AI should augment judgment, not replace it. Business owners need to feel authorship over every permission decision — the moment they feel bypassed, trust collapses. Every design choice here was in service of that.
  • Transparency is a prerequisite, not a feature. Users who don't understand why an AI suggestion exists will distrust the entire system. "Why this?" isn't a nice-to-have — it's what makes the AI usable at all.
  • Phased rollout is how you earn the right to expand AI responsibility. Starting with monitoring-only and graduating to predictive features isn't just risk management — it's the only honest way to introduce AI into a high-stakes workflow.
SecureAccess AI dashboard on laptop — the guided permission management interface for small business owners.

Strategic Roadmap

Define → Design → Deliver

SecureAccess is structured with a phased rollout that minimizes risk while building confidence in AI-assisted decisions — beginning with monitoring-only, gradually introducing Accept/Edit/Decline controls, then expanding to predictive features. This sequencing matters: you earn the right to expand AI responsibility, you don't assume it.

SecureAccess AI roadmap — phased delivery plan from pilot to full deployment

SecureAccess is a research-backed concept — if built, my validation approach:

01
Stakeholder Alignment
Does it serve all three actors?
Do the business owner, employees, and the bank each feel their needs are met — or does the design create trade-offs that undermine one to serve another?
02
Interaction Testing
Does Accept / Edit / Decline work?
Does the three-way pattern give owners genuine agency, or does it add cognitive friction without building real confidence in AI suggestions?
03
Service Model Stress Test
Where do constraints create friction?
What breaks when edge cases hit the system — unusual business types, conflicting permissions, or AI suggestions that miss the mark entirely?
Design Principle
Start with strategic thinking, validate with users, then iterate with constraints — in that order, every time.
Prev: Access & Security Manager Next: Novartis PSS Leap