In fall 2018, I worked with RCMP to prototype and research a reporting channel for their cybercrime coordination service.
Can an online service be created to enable any Canadian citizen and business to report cybercrime in a way that makes it easier for law enforcement to triage, analyze, and investigate?
Lead designer (service and interaction)
In 2018, Cybercrime cost Canada around 13 million dollars in financial loss. It is the easiest crime to carry out, and the hardest crime to investigate and prosecute globally.
The word cybercrime is very confusing and has no consistent understanding amongst the public.
We chose to use the two key-word phrases we saw the most searched in google related to cybercrime topics: Online scams and fraud.
Fraud was used most often when describing the method of crime.
Scam was used most often to describe the motive of the crime.
Online was used most often to describe the scene of the crimes.
The police found that victims do not provide enough information around evidence that helps capture the suspect of the crime.
We prioritized questions in the form that detailed the scene of the crime, questions related to the suspect, and method of contact.
911 is a confusing alert seen related to cybercrime.
During our interviews with various types of reporters and victims of these crimes, they often expressed how they wouldn't waste their time calling 911... unless they should.When we did research with participants where English isn't their first language, they said they have to wait over an hour for a translator when they call 911, so they would never call 911 with anything that is not an emergency.
The business stakeholders really wanted to put 911 on this tool just in case someone needs it. However, we found that the range of criticality and understanding of what constitutes an emergency for 911 as it regards cybercrime had a risk of funnelling a lot of non-emergency related calls to the 911 queue. We decided not to have 911, but have a direct line to the CAFC call centre as a secondary channel to report. This link is an exit path on every page.
Provide form fields with common crime patterns that we see so far.
Other forms we came across had limited ways to answer a question based on the form field used (for example, a radio button in a place where you want to multi-select or add more information)
We ensured this form could:
- Add multiple crime dates using an accessible date picker
- Add multiple email identifiers
- Add multiple aliases
- Upload evidence and context to each file
- Option to follow up
- Confirmation that the report was submitted securely
- Next steps and what to expect
Victims did not have the time or energy on long forms that ask questions that they did not have information for.
A lot of cybercrime reporting tools around the world ask a lot of personal information about the victim. The forms would be 12+ pages long and wouldn't allow people to save their progress.
After a crime occurs on the internet, it is unfair to ask the victim to provide such a vast amount of personal information to be gathered and "submitted" into cyberspace.
We added structured the questions to have:1 idea per page conditional logic.
Every optional question (which were most) would ask the victim if they have information around "x" first, then explain why we are asking the question.
This gives the victim control over their time and energy, but also provides flexibility to provide as much information as you want the deeper you go down the decision tree.
Completion rates of reporting forms were much higher than the current form. The second iteration of the form provided better quality evidence to triage and investigate.
Categorize cybercrime types based on impact data collected to understand how to better serve victims of online scams in the future.
Create an HTML and CSS version of the prototype to integrate faster.
Pull insights that associated to features at the product level, rather than the service level.