Overview
Mengantar is a logistics platform designed to provide online sellers, businesses, and individual senders with a seamless and data-driven shipping experience. We faced a rising number of account takeovers (ATOs), putting users at risk.
Role
Product Designer
Industry
B2B Logistic
Background
Understanding the Problem from Multiple Angles
Instead of jumping straight into solutions, I first immersed myself in the problem using multiple research methods.
Analyzing User Complaints & Support Tickets
I worked with the CS team to categorize user complaints. A clear pattern emerged:
Users weren’t aware of logins from unknown devices.
Users lost control of their accounts before they could act.
Phishing & weak passwords were common attack methods.

Reviewing The Data
I collaborated with the PM team to analyze suspicious login activities. Here’s what stood out:
Many takeovers happened from new devices & locations
Attackers often changed email & phone numbers immediately
Some logins came from suspiciously high-risk IP addresses
This data validated what users were experiencing: accounts were being accessed from new devices without their knowledge.
Defining the Problem Clearly
With all this data, I reframed the problem in a way that led to actionable solutions:
"Users feel unsafe because they don’t know when someone else logs into their account. They need a way to see, verify, and control their logins in real-time."
This helped me focus on both emotional and functional needs:
Emotional: Users feel insecure → We need to reassure them.
Functional: Users lack visibility → We need to give them awareness & control.
Provide a balance between security and user experience.
With a clear problem statement, I started brainstorming solutions using HMW (How Might We) questions. To create impactful HMW questions, I broke down the problem into three key themes:
For each HMW question, I conducted ideation workshops with other stakeholders, especially developers, as they have more knowledge about what kind of solution would effectively address this security issue. From that brainstorming session, we came up with these solutions.
Why These Solutions?
✔ Low friction → No extra steps unless an unknown device logs in.
✔ Fast & effective → WhatsApp alerts are more visible than emails.
✔ Gives users control → "Change password" action prevents full takeovers.
Implementing the solutions

WhatsApp Login Alerts and "Change password" action
Encourage users to utilize our security features with a real-time security check for their account
The Real-Time Security Check is a feature that helps users quickly review their account security status and take action if needed. To help users stay protected, we encourage them to take advantage of our Real-Time Security Check, a feature designed to provide instant insights into their account security status and guide them in securing their accounts from potential threats.
This feature helps users personalized recommendations to strengthen their account’s defenses. By integrating this security check, users can enjoy a safer and more reliable experience on our platform.
Design Validation
Scenario 1
Do users notice and understand how to access the security check?
Scenario 2
Do users understand what the security check does and why it matters?
Scenario 2
How do users feel about using Whatsapp alert feature? Does it make user feel safer?
Testing Insight
💡 The "AHA" moment


Refining the Design After Usability Testing

Add location information to the WhatsApp alert
Added a persistent shortcut on the homepage

Try the prototype
Impact