WIBMO | FRAUD & RISK PLATFORM | CASE INVESTIGATION | 2025
From Noise to Signal: Transforming a fragmented case investigation page into a focused, explainable workspace that cut time‑to‑verdict by 39% & improving analyst productivity.
*This case study involves the redesign with new design system & brand guidelines so you might see a drastic difference in branding from the current design
All hands
Meet the artists
My role
Product Design Lead — UX Research, Visual Design Prototyping, User Flows, Product Strategy.
Team
PM: Ayush Aggarwal, George Mathew, Saurabh Kumar
Design: Vishesh Raj
Eng: Shashi Gupta
Duration
JUL’ 25 - AUG’25
(2-3 weeks)
Impacts
What did we achieve
53%
Increment in Rule creation completion rate
38%
Increment in DIY rule creation adoption rate
48%
Decrement in Error Rate per Step
62%
Decrement in Average rule creation time
Background & problem
Wibmo’s Trident is one of flagship Fraud & risk management solution has set gold standard for next-generation delivering 40% improvement in precision.
It simply shows that something isn’t going well with our case investigation module & needs an urgent fix. So how do we find out?
Let’s start from what we had
ie. how does the analyst investigate a case currently,
- Analysts sees a long list of information
- Identifies What went wrong?
- Looks for previous histories, & performs actions like blocking tagging entity
- Scrolls till the end to provide verdict
Zoom into the flow & you will see the obvious problems
like...
- Too much scrollable interface
The analysts had to go through all the information till the end to find the case action segment
- Poor Information Architecture
The analysts struggles to find the relevant information due to poor category & priority of data
- No behaviour information
Absence of behavioural data like what different patterns create an anomaly while decision making
but it doesn’t give you the complete picture 👀, hence it was important to speak to some users 🗣️
User interviews
What did we learned from from users
While this exercise was jam-packed with a lot of work, exploration, framing out right set of questionnaires, discussion with stakeholders. It feels impossible to boil down all the things, but if I had to, it would be the key insights that we received.
Noise overwhelms signal
Long lists of scattered information bury the few signals that matter most.
No “What Changed” vs Baseline
The page shows current facts but not how they differ from the user’s normal behaviour or peer cohort.
Broken Search
I am unable to search for any specific information it takes too much to understand what falls where
Scattered evidence across pages
Key details live in different places, forcing constant context‑switching and slowing decisions.
Absence of Entity Linkage Visibility
”Relationships across accounts, devices, IPs, and merchants were absent
Context Switching
During a case investigation all the parameters are dumped on page no flagging what parameter caused the alert
No Unified Case Timeline
Events are listed, not sequenced, making it hard to see causality.
No SLA or Priority Signals
Cases lack urgency cues or timers, so analysts miss deadlines.
Persona
One analyst summed it up perfectly
- “I spend more time finding the evidence than judging it.”
- “I need to know what changed since last time this customer transacted.”
- “These rules are listed, but I can’t tell which actually tipped the scale.”
“Meet Rajeshwari, a risk analyst at **** bank, At 10:20 A.M opens Case #204592: a high‑value, cross-border wire transfer flagged by 8 rules due to a card txn. happened from a different IP. She has 120 open cases, a backlog rising by 18%, and just 10 minutes per case.
Design appoarch
So how did we solved it?
We analysed 60-70 cases to understand different use-cases and kind of information an analyst looks for while investigating cases
Opted the SLICE approach - i.e piece by piece solving the problem
Solution
First it was important to finalise a layout
Since the investigation pages requires a lot amount of data to be displayed, with proper exercises like card sorting we came to see that it will require a number of cards with different entity information, hence I finalised the
THE BENTO LAYOUT
Bento reduces cognitive load and hunting.
The analysts gets to know“what changed,” and SLA in under 10 seconds from the specific cards.
Bento improves perceived performance and flow—no full-page blockers.
Micro-metrics on each card: time-to-first-view, click-through, expansion rate is easy to track thus the layout is measurable and modular
Now let’s take a step back and solve our pieces 🧩
- Solving for the risk suggestion
The risk analysts were unable to understand rules behaviour on a transaction, I created a section listing all the rules occuring on a transaction their risk score distribution in descending, this actually helped risk analysts what actually tipped the scale
- Displays the overall risk score created by all the applied rules
- Linear risk scorings helps the analyst to understand with what actually alerted the transaction
- Analysts gets a clear idea of what are the test rules triggered so that they can tweak it
- Distribution of overall rules, helps analyst to understand what rules caused the alert
- Clicking on each rule shows you what entity it has alerted so analysts get that clarified on the parameters that actually tipped the alert
- Solving the IP & Geolocation threats
Analysts were not clear with IP & geolocation info. with clear observations from research I found they need better understandings about the threat level.
- Enhanced visualisation of security & threat level helped analysts to analyse IP & geo level of tips
- With map level of visualisation analyst get Clear understanding of how far the transaction was done from its issuing location
- Adding the behavioural information
From our initial research we observed that analysts look how the behavioural metrics for the transaction for example whether the OTP was autofill, is there any bot activity detected these information helps analysts to understand the case better.
- Quick risk threat summary level helps analysts understand about behavioural pattern detection
- Categorised parameter risk threat gives user understanding about the risk threats in deep
- Combination of score & status creates a efficient risk suggestion collectively to help analysts in decision making
- Structuring Information architecture complexes
Analysts need relative call to actions and weren’t able to understand which of overall entities caused the alert on primary basis
- Adding a primary tag to highlight helps analyst to understand which entity caused the alert
- Adding similar past alerts helps analysts to decide better that how is the entity’s behaviour
- Quick actions like “TAG Entity” provide user the flexibility to blacklist, whitelist etc simultaneously which saves time & context
- Stitching all together to create the investigation page
Additional to all individual problems there were a few challenges to solve on overall investigation page to solve this,
I created IA and stitched the page together with all info.
- Making the CTA intact at on header to increase its visibility.
- Split the relatable informations in other tabs depending on the frequency of information visits
- Highlighted te entities tipped by the rules. Basic the rules selected entity information will be displayed
- Added linked cases as analyst frequently visits the similar cases caused by the entities within 24 hours
"Between endless tabs and infinite scroll, you paused here. Thanks for choosing my pixels!"🙏
