HOME

HOME

CHEGG SERVICE ABUSE

RESPONSIBILITIES

UX / UI / Interaction Design

Qual & Quant Research

Early Signal Testing

Project Management

CHEGG SERVICE ABUSE

RESPONSIBILITIES

UX / UI / Interaction Design

Qual & Quant Research

Early Signal Testing

Project Management

Hero
Hero
Hero

Chegg faced a growing issue of service abuse, where users shared accounts, resold access, or exploited security vulnerabilities, leading to revenue loss and customer dissatisfaction. This not only undermined the platform’s business model but also eroded trust, as legitimate users faced account takeovers, interruptions, and security concerns. The challenge was to implement effective deterrents without creating excessive friction for paying customers.

Chegg faced a growing issue of service abuse, where users shared accounts, resold access, or exploited security vulnerabilities, leading to revenue loss and customer dissatisfaction. This not only undermined the platform’s business model but also eroded trust, as legitimate users faced account takeovers, interruptions, and security concerns. The challenge was to implement effective deterrents without creating excessive friction for paying customers.

WHAT IS THE PROBLEM?

WHAT IS THE PROBLEM?

WHAT IS THE PROBLEM?

Chegg’s platform was losing revenue and user trust due to unchecked service abuse, primarily through account sharing, credential theft, and content reselling. Over 60% of users engaged in some form of unauthorized access, and a single account was found linked to 48 devices.

Chegg’s platform was losing revenue and user trust due to unchecked service abuse, primarily through account sharing, credential theft, and content reselling. Over 60% of users engaged in some form of unauthorized access, and a single account was found linked to 48 devices.

WHAT IS THE CHALLENGE?

WHAT IS THE CHALLENGE?

WHAT IS THE CHALLENGE?

The challenge was to curb service abuse, rampant account sharing, credential theft, and content reselling without damaging the user experience or driving away legitimate customers. Many users saw sharing as normal or justified, making strict enforcement risky for retention. Security measures needed to be effective yet seamless, balancing fraud prevention with accessibility. Additionally, any solution had to be scalable, adaptable to evolving abuse tactics, and aligned with Chegg’s business goals of increasing subscriptions and improving customer satisfaction.

The challenge was to curb service abuse, rampant account sharing, credential theft, and content reselling without damaging the user experience or driving away legitimate customers. Many users saw sharing as normal or justified, making strict enforcement risky for retention. Security measures needed to be effective yet seamless, balancing fraud prevention with accessibility. Additionally, any solution had to be scalable, adaptable to evolving abuse tactics, and aligned with Chegg’s business goals of increasing subscriptions and improving customer satisfaction.

WHAT IS THE GOAL?

WHAT IS THE GOAL?

WHAT IS THE GOAL?

  • Reduce service abuse by curbing unauthorized account sharing, credential theft, and content reselling.

  • Protect legitimate users from account takeovers and security vulnerabilities.

  • Improve platform security without adding excessive friction to the user experience.

  • Increase subscriber growth by converting unauthorized users into paying customers.

  • Enhance customer trust and satisfaction through better security and account control.

  • Reduce service abuse by curbing unauthorized account sharing, credential theft, and content reselling.

  • Protect legitimate users from account takeovers and security vulnerabilities.

  • Improve platform security without adding excessive friction to the user experience.

  • Increase subscriber growth by converting unauthorized users into paying customers.

  • Enhance customer trust and satisfaction through better security and account control.

WHAT ARE THE METRICS FOR SUCCESS?

WHAT ARE THE METRICS FOR SUCCESS?

WHAT ARE THE METRICS FOR SUCCESS?

  • Reduction in account takeovers – Decrease the percentage of customer support calls related to stolen or compromised accounts.

  • Decrease in unauthorized account sharing – Track a decline in flagged multi-user accounts and excessive device logins.

  • Increase in new subscriber sign-ups – Measure conversion rates from flagged sharers to paying users.

  • Revenue impact – Drive a measurable lift in subscription revenue.

  • Customer satisfaction (CSAT) improvement – Boost CSAT scores related to account security and user trust

  • Adoption of security measures – Measure user engagement with MFA, device management, and other security enhancements.

  • Reduction in account takeovers – Decrease the percentage of customer support calls related to stolen or compromised accounts.

  • Decrease in unauthorized account sharing – Track a decline in flagged multi-user accounts and excessive device logins.

  • Increase in new subscriber sign-ups – Measure conversion rates from flagged sharers to paying users.

  • Revenue impact – Drive a measurable lift in subscription revenue.

  • Customer satisfaction (CSAT) improvement – Boost CSAT scores related to account security and user trust

  • Adoption of security measures – Measure user engagement with MFA, device management, and other security enhancements.

WHAT IS THE PROCESS?

WHAT IS THE PROCESS?

WHAT IS THE PROCESS?

The project was very fast moving and high priority as soon as the red flags were identified and the quant data was synthesized. Leadership decided to make the top priority for the Identity & Access Management team, Trust & Safety team and Security team. Service Abuse was then broken into 4 phases with separate execution timelines,

The project was very fast moving and high priority as soon as the red flags were identified and the quant data was synthesized. Leadership decided to make the top priority for the Identity & Access Management team, Trust & Safety team and Security team. Service Abuse was then broken into 4 phases with separate execution timelines,

Phase 1 - Detention

Phase 2 - Device Management

Phase 3 - MFA via Email

Phase 4 - MFA via App

Phase 1 - Detention

Phase 2 - Device Management

Phase 3 - MFA via Email

Phase 4 - MFA via App

The design process for each section was broken down into variants following the design thinking phases:

The design process for each section was broken down into variants following the design thinking phases:

  • Discovery Phase (Understanding and gathering phase of Quant Data, Customer Service Interviews, Qualitative research and Competitive Analysis)

  • Ideation Phase (Low fidelity & high fidelity variants based on product team feedback, leadership visibility meetings and UX/design system feedback reviews, and real user early signal testing feedback)

  • Refine Phase (Revisions based on user feedback, stakeholder feedback and A/B testing data feedback)

  • Rollout Phase (Once all 4 phases released, post rollout data, deployment strategy, instrumentation tracking)

  • Discovery Phase (Understanding and gathering phase of Quant Data, Customer Service Interviews, Qualitative research and Competitive Analysis)

  • Ideation Phase (Low fidelity & high fidelity variants based on product team feedback, leadership visibility meetings and UX/design system feedback reviews, and real user early signal testing feedback)

  • Refine Phase (Revisions based on user feedback, stakeholder feedback and A/B testing data feedback)

  • Rollout Phase (Once all 4 phases released, post rollout data, deployment strategy, instrumentation tracking)

DISCOVERY (empathize and define phase)

The process began with a deep dive into quantitative and qualitative research to uncover the extent and impact of service abuse. I analyzed platform analytics, customer support logs, and security data to quantify unauthorized access and identify common abuse patterns. Interviews with affected users, including both victims of account takeovers and those engaged in sharing, provided insights into motivations and pain points. This research revealed key challenges: widespread sharing behavior, trust erosion due to security vulnerabilities, and a perception that sharing was harmless. These findings shaped the problem definition and set the foundation for potential solutions.

The process began with a deep dive into quantitative and qualitative research to uncover the extent and impact of service abuse. I analyzed platform analytics, customer support logs, and security data to quantify unauthorized access and identify common abuse patterns. Interviews with affected users, including both victims of account takeovers and those engaged in sharing, provided insights into motivations and pain points. This research revealed key challenges: widespread sharing behavior, trust erosion due to security vulnerabilities, and a perception that sharing was harmless. These findings shaped the problem definition and set the foundation for potential solutions.

Quantitative Data (deep dive into the quant data to try and validate the anomalies hypothesized)

Quantitative Data (deep dive into the quant data to try and validate the anomalies hypothesized)

Customer Service Team Insights/User Feedback (collected all the verbal feedback from student advocate interviews, scrubbed through dozens of pages of call/chat logs, interviews, etc.

Customer Service Team Insights/User Feedback (collected all the verbal feedback from student advocate interviews, scrubbed through dozens of pages of call/chat logs, interviews, etc.

Research Plan & Outcome (wrote the exploratory research plan and worked with Researcher on execution plan — then shared research outcome with team & stakeholders)

Research Plan & Outcome (wrote the exploratory research plan and worked with Researcher on execution plan — then shared research outcome with team & stakeholders)

Competitive Analysis (Did a robust design/architecture/product competitive analysis of how other products handle account sharing, Device Management and MFA)

Competitive Analysis (Did a robust design/architecture/product competitive analysis of how other products handle account sharing, Device Management and MFA)

IDEATION (ideate, prototype & test phase)

With a clear understanding of the problem, I explored intervention strategies that balanced security with usability. Multiple solutions were considered, including user education, deterrents, and stricter authentication methods. The team mapped out a phased approach, starting with low-friction deterrents like warnings and detentions before escalating to stronger measures like device registration and multi-factor authentication (MFA). Design explorations focused on minimizing disruption to legitimate users while discouraging abuse. Early concept validation through internal critiques and stakeholder alignment helped refine which interventions had the highest impact with the least risk.

With a clear understanding of the problem, I explored intervention strategies that balanced security with usability. Multiple solutions were considered, including user education, deterrents, and stricter authentication methods. The team mapped out a phased approach, starting with low-friction deterrents like warnings and detentions before escalating to stronger measures like device registration and multi-factor authentication (MFA). Design explorations focused on minimizing disruption to legitimate users while discouraging abuse. Early concept validation through internal critiques and stakeholder alignment helped refine which interventions had the highest impact with the least risk.

There was an ideation phase for each of the phases of Service Abuse. It consisted of numerous items such as whiteboarding, user flows, wireframes, competitive analysis, high fidelity and prototypes.

There was an ideation phase for each of the phases of Service Abuse. It consisted of numerous items such as whiteboarding, user flows, wireframes, competitive analysis, high fidelity and prototypes.

Whiteboarding (first thing I did was get in a room with the PM and lead architect on the project and we white boarded all the use cases and talked through any constraints or dependencies)

Whiteboarding (first thing I did was get in a room with the PM and lead architect on the project and we white boarded all the use cases and talked through any constraints or dependencies)

User Flows (following white boarding sessions, I created user flows to break down and understand the logic further. This part is particularly important for me because platform logic tends to be extremely complicated and nuanced. Below are examples of device management and MFA via app)

User Flows (following white boarding sessions, I created user flows to break down and understand the logic further. This part is particularly important for me because platform logic tends to be extremely complicated and nuanced. Below are examples of device management and MFA via app)

Wireframes (I then went through multiple low fidelity wireframes which I shared with the team often and early to solicit feedback and get alignment)

Wireframes (I then went through multiple low fidelity wireframes which I shared with the team often and early to solicit feedback and get alignment)

High Fidelity (once we locked the UX in low fidelity mode, I moved on to high fidelity designs where the focus was more on design systems & Chegg-UI components with rapid feedback and iteration sessions)

High Fidelity (once we locked the UX in low fidelity mode, I moved on to high fidelity designs where the focus was more on design systems & Chegg-UI components with rapid feedback and iteration sessions)

Prototype & User Testing (after locking on the direction and final UI, I put together some prototypes in Framer which we put in front of users, both in moderated testing as well as unmoderated testing to get more signals)

Prototype & User Testing (after locking on the direction and final UI, I put together some prototypes in Framer which we put in front of users, both in moderated testing as well as unmoderated testing to get more signals)

REFINE (revision and finalize phase)

After refining the UX in wireframes and putting all the UIs into high fidelity designs, I then garnered feedback internally (with immediate product team, stakeholders and design critiques) and made final revisions for handoffs. This included a last round of feedback from content design and legal to prep for our UXQA and dogfooding sessions.

After refining the UX in wireframes and putting all the UIs into high fidelity designs, I then garnered feedback internally (with immediate product team, stakeholders and design critiques) and made final revisions for handoffs. This included a last round of feedback from content design and legal to prep for our UXQA and dogfooding sessions.

Internal Feedback (final stakeholder leadership shareout for feedback with Figjam — this was done for every deliverable phase of the project)

Internal Feedback (final stakeholder leadership shareout for feedback with Figjam — this was done for every deliverable phase of the project)

Final Design Revisions (some example use case final designs done in Figma)

Final Design Revisions (some example use case final designs done in Figma)

ROLLOUT (post impression data)

Goal at this juncture is to gather insights after the project had been rolled out. Looking to Identify themes and collect user feedback verbatim. Subset of data collected anywhere from 2 weeks to 6 months after product releases.

Post Impression Data (looking at effectiveness of the features and identifying areas that may need further optimization)

Goal at this juncture is to gather insights after the project had been rolled out. Looking to Identify themes and collect user feedback verbatim. Subset of data collected anywhere from 2 weeks to 6 months after product releases.

Post Impression Data (looking at effectiveness of the features and identifying areas that may need further optimization)

FINAL METRICS

  • 98% – reduced account takeovers by 98%.

  • 17% → 1% – Customer support calls dropped from 17% to 1% for all calls related to compromised accounts

  • 413K+ new subscriptions – 413K new subscriptions post-implementation of all phases (totaling $39M revenue increase)

  • 98% – reduced account takeovers by 98%.

  • 17% → 1% – Customer support calls dropped from 17% to 1% for all calls related to compromised accounts

  • 413K+ new subscriptions – 413K new subscriptions post-implementation of all phases (totaling $39M revenue increase)

LEARNINGS

What went well:

  • User research + analytics → Identified how and why users abused accounts, ensuring solutions targeted real behaviors, not just business assumptions.

  • Data-driven alignment → Reduced subjectivity and helped teams prioritize the right problems faster.

  • Multi-phase security rollout → Gradual introduction of security layers minimized user frustration and prevented churnwhile still curbing abuse.

  • User research + analytics → Identified how and why users abused accounts, ensuring solutions targeted real behaviors, not just business assumptions.

  • Data-driven alignment → Reduced subjectivity and helped teams prioritize the right problems faster.

  • Multi-phase security rollout → Gradual introduction of security layers minimized user frustration and prevented churnwhile still curbing abuse.

What I’d Improve:

What I’d Improve:

  • Better user education → Many users saw security measures as barriers rather than protections; stronger in-product education and improved email campaigns could clarify the benefits.

  • Rethinking enforcement → Some sharers unintentionally abused the system but were punished at stressful moments; alternative solutions like group discounts or multi-user planscould encourage voluntary compliance.

  • Exploring behavioral nudges → More time collaborating with product teams could have led to less punitive, trust-building solutions that drive long-term retention instead of forced compliance.

  • Better user education → Many users saw security measures as barriers rather than protections; stronger in-product education and improved email campaigns could clarify the benefits.

  • Rethinking enforcement → Some sharers unintentionally abused the system but were punished at stressful moments; alternative solutions like group discounts or multi-user planscould encourage voluntary compliance.

  • Exploring behavioral nudges → More time collaborating with product teams could have led to less punitive, trust-building solutions that drive long-term retention instead of forced compliance.

See all work