It’s not hard to find examples of financial services companies that struggle with updating the decades-old ways they do business for the modern world. Regulations hamper them to some degree, forcing them to, for example, make onboarding more tedious than signing up for a social network.

However, there are fintech companies out there that have figured out how to make their apps and websites pleasurable to use while adhering to the law. Here are four aspects of a fintech app or website that you should pay attention to during the development phase, along with examples of companies that do those things well.

Onboarding: Setting users up for success

Many financial services companies struggle to bolt modern sensibilities onto user interfaces that were first built during the early days of the web. As a result, their sign-up and onboarding flows can be difficult to navigate, with legacy UI elements competing with newer technologies.

Acorns, however, has figured out how to make onboarding enjoyable, or at least as enjoyable as an app that encourages people to save money can be. The company took an old idea – tossing spare change in a jar – and modernized it by rounding up users’ credit and debit card purchases to the nearest dollar and investing the spare change for them.

Acorns users also benefit when they make purchases from companies like Nike and Airbnb, and they can simply transfer money into their accounts on a one-time basis or according to a schedule. The service offers a “set it and forget it” way of saving money.

When users install and launch the Acorns app, they’re greeted with a clean onboarding process that employs just five screens to explain what the service does. Engaging animations and brief, straight-to-the-point text make a subject that could feel like drudgery into something light and enjoyable.

However, the rubber meets the road in any app when the time comes to sign up for the service. In the financial space, companies must figure out how to abide by regulations while keeping new users from getting bogged down in lots of legalese and clicking or tapping.

On the other hand, a breezy sign-up process cannot only possibly expose a company to legal liability but can also worry new users that the service isn’t as secure as it should be. If someone just has to enter an email address and a password to get started, does that mean the company will be on the ball when it comes to protecting their account?

Acorns does a good job of walking that line by making it as easy as possible to create an account while abiding by legal requirements with the link to the program agreement. Indicators show that the user has entered a valid email address and created a sufficient password, so there’s no “Oops, you need to go back and fix something” message when tapping Create Account.

Before the user links their bank account, Acorns takes a moment to insert a visual reminder of the benefit they offer, which helps reassure people who may have glossed over the earlier explanatory screens. And when the time comes to enter personal information, including a Social Security number, Acorns gets straight to the point and notes that this is a requirement for opening an investment account. Note that they’ve built in a handy auto-complete function for the Contact Information screen.

The final part of the onboarding process involves choosing an investment portfolio based on answers to a few questions about income and assets. (Acorns asks for income and asset ranges, rather than specific amounts.) Then it produces a handy screen that breaks down the user’s portfolio in a pie chart and leaves them with some words of wisdom from Warren Buffet.

Using the app: Ensuring users come back for more

Of course, getting a new user signed up is just half the battle (or less). They need a reason to stay engaged with an app or website, constantly finding new things to do or, at a minimum, needing to regularly check on their accounts.

The investing app Robinhood has racked up over 5 million users, many of them members of the millennial generation, by offering commission-free stock trading as well as commission-free cryptocurrency transactions in some states. Robinhood also makes buying and selling stocks as simple as a few taps and a swipe up to confirm – that last action helps keep users from accidentally making trades.

Confetti even showers the screen after the user buys stock. We’ll go out on a limb and assume that investing apps from decades-old companies don’t do that.

Robinhood brings the same slick UI to the rest of the app. The home screen displays the user’s total money in stocks, cryptocurrencies, and cash, with the percentage increase or decrease that day and a graph that can be viewed on various timelines. The user can press and hold on the graph to see their portfolio’s value on that date. More detailed portfolio information is found in the user’s Account screen.

Each stock and cryptocurrency offered in Robinhood has a scrollable screen with plenty of handy information, including news articles culled from the Internet and historical earnings data going back four quarters. The cryptocurrencies also have comment threads that add a social factor to an area of investing still in its infancy.

Account management: Eliminating the pain points

It’s crucial to keep users engaged, especially as new ones approach the time when you find them more susceptible to churning for various reasons. However, account management plays a role in minimizing churn too: difficulties with that area of your app or website could be a contributing factor in their decision to abandon it.

Wefunder, founded in 2011, describes itself as “Kickstarter for investing.” It allows anyone to invest as little as $100 in a start-up that interests them, with the understanding that start-ups can be very volatile and many of them fail.

Surprisingly, they don’t have a mobile app, but perhaps that’s because investing in start-ups is something best done with a cup of coffee while reading articles and financial data on a laptop or desktop. Small screens tend to lend themselves to quick browsing and high drop-off rates, which isn’t optimal when someone is trying to decide whether to invest some of their hard-earned money in a nascent business.

After someone creates their Wefunder account and answers some questions to create a profile that lets them interact with other investors, as well as start-ups, they use the Settings area of the website to manage their account. It’s set up in a simple, easy-to-use manner, with a handy red Deactivate Your Account button in the Account menu. That may not seem like much, but given how hard some companies make it to disengage from them, it’s nice to know that Wefunder doesn’t want to use obfuscation to buoy account metrics.

The rest of the Settings sub-menus are also pretty simple, although the Notifications area is a bit lengthy, with several options for getting emails about new fundraisers, companies the user is following, and social interactions, among other activities. However, it’s not too unwieldy to use on a desktop or laptop computer.

The rest of the settings cover things that are relevant to Wefunder users, such as Investor Limits, which has sliders for net worth and annual income. As the user adjusts the sliders, information dynamically changes in the “How much am I allowed to invest?” section below. Under each allowed investment amount, it says “Why?” – the user can hover over that to see a pop-up that explains more details.

It’s a well-done way of giving the user a big picture view of their investment limits since Wefunder has to abide by quite a few regulations.

At a certain level of income, a pre-checked box appears, with text that begins “I am an accredited investor” next to it. Accredited investors can invest an unlimited amount in Regulation D and Regulation A+ start-ups, so that’s an important distinction that Wefunder has to highlight “for boring SEC regulation reasons,” as they say.

Security: Keeping away the bad guys

Even after you’ve gotten users hooked on your service and turn them into steady customers, you have to keep an eye on security. Poor security can easily ruin months and even years of painstaking work.

PayPal rose to prominence alongside eBay, which later acquired the company and then spun it off as a separate entity, so it had a large head start on newer companies in the payments space. Its 20-year history has also given it plenty of time to bake security into its website and mobile app.

While other services like Venmo, which is now part of PayPal, have arisen in the “friends and family” segment of the digital money transfer space, PayPal still makes social financial transactions easy and secure through its mobile app. It offers an option to use a fingerprint to log in, with that requirement renewing if the app is open for longer than a few minutes, and it doesn’t store anything more than the last four digits of credit card, debit card, and bank account numbers.

PayPal employs industry-standard security and requires merchants that accept it as a payment method to do the same. It also has a bounty program that offers a financial reward to anyone who discovers and submits a valid vulnerability in its system. Many companies, including those outside the financial services space, do the same thing – it’s a good way to ensure that a company’s internal teams haven’t missed anything.

In PayPal’s mobile app, the Help section of its settings menu offers a handy way for mobile users to get assistance when they run into problems while on the go, rather than having to dig through the website. Each topic contains several useful articles that cover everything from the basics to how to identify phishing emails.

Using deep linking to drive user engagement in your app

When designing your website and mobile app, you’ll want to consider ways to drive users to specific areas of your service through notifications sent by email, desktop and mobile OS alerts, text messages, and other channels. While deep linking them to a specific place on your website is fairly straightforward, the same technique is a little trickier in an app.

You’ll want to use a URI (Uniform Resource Identifier) to link a specific location within your app, but that standard differs for each mobile platform, including the two most popular ones, Apple’s iOS and Google’s Android. To ensure none of your users encounter problems if their device’s OS doesn’t know where to redirect a link, you’ll want to use one of two types of advanced deep links: deferred or contextual.

How a deferred deep link works

When you create a deferred deep link, you can direct users who don’t have your app installed to a website link or to the appropriate app store to download it. The link is called deferred because, if the user installs the app and then opens it, they’re immediately sent to the desired content, as if the app was on their device when they first tapped the link.

How a contextual deep link works

A contextual deep link works the same as a deferred deep link, but it adds tracking data to your users’ activities, which is helpful for measuring the effectiveness of your marketing efforts. That information can include:

  • Who users are, where they were referred from, and who referred them
  • Whether they used a promo code
  • Which parts of your app they visited

A contextual deep link also allows you to personalize the user experience. For example, if the user followed a friend’s recommendation into your app, you can create a message for them that acknowledges the referral.

How to set up different kinds of deep links

Your app needs to be set up so that it can deal with incoming links and seamlessly send users to the right places so that the underlying redirects are invisible to them. iOS and Android currently support deep links that use the same HTTP (Hypertext Transfer Protocol) convention used by traditional web page URLs. iOS started that support with version 9.2, calling them Universal Links, and Android began with version 6.0, where they’re known as Android App Links.

When creating a deferred deep link, it’s best to implement it as a URL starting with HTTP and specify a fallback that uses a URI, in case a user has an earlier version of iOS or Android that doesn’t support HTTP links. Such a setup is also useful in case the user is directed to your app from another app that can only handle URIs.