Hidden USSD Design Flaw Most Pakistani Users Never Notice
Why full USSD codes work while step-by-step menus quietly fail
Introduction: The Invisible Problem
Most mobile users in Pakistan consider USSD reliable. They check balances, activate packages, and perform simple transactions without difficulty. Yet, a hidden design flaw in USSD means that complex, multi-step operations often fail silently, affecting the very users who rely on the system most.
This flaw is largely invisible to casual users because they typically use full USSD codes, which bypass the problem. Meanwhile, power users navigating step-by-step menus experience repeated failures, leading to frustration and lost trust.
This article explores why this happens, who it affects, and why awareness matters for mobile operators, regulators, and fintech innovators.
Two Ways Users Access USSD
There are two primary ways people use USSD in Pakistan:
1️⃣ Full USSD Codes (One-Shot Access)
Example:
*123*1*4#
- Everything is sent in a single request
- No intermediate menus are navigated
- The session starts and ends instantly
- Minimal waiting or processing time
Because full codes send the entire transaction at once, users rarely encounter session expiry or timer issues. Casual users often rely on these codes for routine banking, mobile credit top-ups, and subscription services.
2️⃣ Step-by-Step Menu Navigation
Example:
*123# → 1 → 4 → Enter account number → Confirm
- Requires multi-step session management
- Users must read instructions at each step
- Longer input is often needed (account numbers, IBANs, CNIC)
- The system must maintain state across each step
This method exposes the hidden USSD flaw: sessions that are too short, poorly managed, or unable to handle long inputs fail unpredictably.
Why Common Users Don’t Feel the Pain
Most users in Pakistan never encounter the problem because:
- They memorize or copy full USSD codes from SMS, social media, or banks
- They use USSD only for simple tasks such as balance checks or package subscriptions
- They rarely explore menu-driven or financial services
This creates the false impression that USSD is fast, reliable, and universally functional.
Why Power Users Suffer
Power users—those who rely on USSD for banking, account management, or multi-step financial operations—face:
- Session expiry mid-transaction
- Input rejection when entering long numbers or verification codes
- Loss of progress, requiring restart of the transaction
- Random failures, which are difficult to diagnose
These users are often frustrated because the system fails despite correct input and timely responses.
The Hidden Flaw: Session Management Weakness
At the core, USSD sessions are fragile and poorly configured for modern financial tasks:
- Inactivity timers are too short
- Many networks set 5–10 seconds per input
- Users cannot read instructions or type long numbers comfortably
- Session timer resets are inconsistent
- Even after valid input, the session may not refresh
- Multi-step flows are terminated unexpectedly
- Long inputs are poorly handled
- Bank account numbers, IBANs, and CNICs often exceed simple buffer limits
- Partial input can be rejected, breaking the session
- Error recovery is minimal
- Users must restart from the beginning after session expiry
- No mechanism exists to continue from the previous step
These flaws are invisible when using full USSD codes, which is why casual users remain unaware.
Real-World Example: Asaan Account Service
Consider Pakistan’s Asaan Account, a universal banking service:
- Accessible via any network and linked to any bank
- Designed for users without internet or smartphones
- Transactions include balance checks, fund transfers, and bill payments
Power users relying on step-by-step menus frequently experience session expiry while performing these operations. Casual users dialing full codes rarely face issues.
This disparity demonstrates that the flaw is structural, not user-dependent. The service is sound; the infrastructure is not.
Why Full Codes Hide the Problem
Full codes bypass multi-step navigation:
- The entire request is sent in one packet
- No intermediate session is needed
- Users complete operations without triggering timers or multi-step checks
This makes full codes a workaround rather than a solution. Step-by-step users face the consequences of legacy USSD design.
Consequences for Users and Financial Inclusion
This hidden flaw has broad implications:
- Power users cannot complete important financial transactions
- Trust is eroded in USSD banking systems
- Vulnerable populations are excluded from digital financial services
- Casual users are unaware, giving operators a misleading sense of reliability
Ultimately, this undermines mobile financial inclusion, the very goal USSD is supposed to serve.
Why Awareness Matters
Raising awareness is critical for:
- Operators
- To modernize USSD gateways
- Implement robust session management
- Support multi-step financial workflows
- Regulators
- To mandate minimum session standards
- Ensure telcos maintain predictable, reliable USSD service
- Fintech innovators
- To understand the limitations of USSD
- To design solutions that work reliably on all networks
Awareness ensures that USSD becomes a true bridge for financial inclusion, not a barrier.
Recommendations
To fix this hidden flaw:
- Extend session durations for multi-step menus
- Ensure every valid user input resets the session timer
- Support long input fields for banking numbers and identifiers
- Implement recovery mechanisms for interrupted transactions
- Educate users about full codes vs step-by-step flows
These steps will protect power users while preserving reliability for casual users.
Conclusion: A Silent Problem with Real Consequences
Most Pakistani users never notice USSD’s hidden flaw because they rely on shortcuts or full codes.
However, power users, banking customers, and financial service participants bear the brunt of legacy session design limitations.
Unless operators and regulators address session expiry, timer resets, and long input handling, USSD will continue to fail silently, undermining trust and financial inclusion.
The solution is not to abandon USSD, but to modernize it with careful engineering, robust session management, and user-centered design, ensuring all users—casual and power—can benefit equally.
