Online Banking Project Scenario
1. Introduction
1.1 Current Environment
Information Technology is getting more and more important because of the developments in the IT sector and the transduction of the banking sector to these decelopments. Now a significant number of companies have begun to cite e-banking capabilities as a key factor in choosing which institution will get their business. In addition, individuals are looking for ways to make their banking provesses easier by using online banking. But it is important to add that most of the cutomers do not choose to use online banking because of security issues. So the what customers mostly look in online banking are confidentiality, reliability and efficiency. The other key for a growing online banking usage is customer retention. The more services the customer uses, the greater are the bank’s expected profits because of more usage. This will also increase customer loyalty and gains importance over customer acquisition. Also, onlien research is gaining importance among customers making financial decisions. It will be plus for the banks that are giving necessary information to users on their decision making processes.
1.2 Previous Activities
The current system that is being used have some deficiencies in confidentiality and effectiveness and efficiency. Most of the processes that customers want to make online are needed to be made by telephone or going to a branch in order to complete the processes. For example, when a user wants to open a new money order account, he/she has to approved by phone to complete the process. Also, some processes that has been completed usually can be seen by customers 2-3 days after the completion of the process. In addition, there are hundreds of security complaints about the system. It is true that most of the security issues are because of security deficits of the users computers. It is an urge to take steps to ensure some of the security steps to be done for the customers to enhance more secure way of online banking.
1.3 Project Objectives
The new system has to ensure that the old features developed and that are succesful have to be maintained and the new features have to developed in order to be integrated with the old features.
With the help of the new features we have to be ensure the following:
• The old security deficiencies have to be fixed and new features for security have to be added.
• The GUI has to be redeveloped in order to increase efficiency.
• New features has to ensure the increase in usability with effectiveness.
• Automation in the system has to be maximized.
• Real-time data has to be provided to customers with all banking processes.
• Necessary financial information has to be provided to customers for their investments.
2. Project Charter
2.1 Scope
A new database with new facilities will be created and the old data will be migrated to the new database. With the new features added the main modules will be as follows:
• Accounts
• Credit Cards
• Money Transfers
• Investment Processes
• Payments
• Notes and Cheques Processes
• Credits
• Security Tools
• Applications
The new features will be:
• When a user opens a new account the approval process will be done by a one time use password sent to the cell phone of the user but not by telephone.
• The processes list will be updated real-time and checked every 5 seconds.
• The ip address and the MAC address of the computer will be saved to the users entity to the database. The system will check these addresses each time the user logs in. When there is a change in these addresses, The system should warn the system clerks to call the user and ask for approval.
• Each time a user wants to make a process, the system sends a one time use password to the the cell phone of the user saved on the database. If the user makes the same kind of process more than one time, the system will remember and will not send a password and let the user make the process directly.
• A feature will be added to the “Investment Processes” module. This page will directly give some suffestions and detailed information on demand for investment.
2.2 Risk Assessment
We want the website to be free of any defects or errors, but it is hard or at times almost
impossible to develop a system that is free of any defects. To be safe, we would like to
have a risk management plan to counter any difficulties that may impact the development
or the creation of the software. Our goal is to assist the project team in developing a
strategy to deal with any risk. For this we will take a look at the possible risks, how to
monitor them and how to manage the risk.
Every one associated with the website has responsibility of managing the risk. That is if
everyone participated and paid close attention to all the details during the early phase of
the website development many risks can be avoided.
• Development team can avoid having risk by double-checking their schedule, product size, estimates regarding costs of the development etc.
• Customers can help avoid risk by providing all necessary information when logged in and do all necessary security precautions determined by the bank.
• Development team can avoid risk by getting all the details of the equipment that are provided or are accessible to them.
• The bank staff can help avoid risk by applying all necessary actions to be taken which are determined by the system developers and administrator.
Security Risk:
The new features are being used in different banks’ online systems and have mostly been proved to be useful and secure for use. However, the customers of our bank may find it difficult to obey new rules and this may create some security issues.
Employee Risk:
If the bank employee do not fully understand the new system with new features, the quality of service may decrease and security problems may arrive.
Technology Risk:
Since the technology changes rapidly, new technologies for security and flexibility will be arriving. The system has to be developed in such a flexible way that it should be able to conform the new technologies. Otherwise, the trying to conform to new technologies will cause very high conforming costs.
2.3 Risks Table
The following table describes the risks associated with the project.
Risk, Probability, Impact
Security Risk, 35%, 2
Employee Risk, 40%, 1
Technology Risk, 55%, 3
Impact Values Description
1: Catastrophic
2: Critical
3: Marginal
2.4 Costs
Size Estimation effort were determined by analyzing the project requirements that are known to date. This includes the project objectives and information gathered during interviews conducted with various current customers and employees of the system. For this project, both the Function Point estimating methodology and the Lines of Code (LOC) estimating methodology were considered. Both are valid and accepted methods of estimating size of effort for software projects. The LOC method was identified as most appropriate for this project.
| Function | Estimated LOC |
| Database Development | 1500 |
| Relational DB convert/load | 1000 |
| Private Network Development | 1000 |
| Development of the website | 6500 |
| Integration | 1000 |
| Annual Maintenance | 2000 |
| Total | 13000 LOC |
According to COCOMO Cost Estimation method by using LOC approach the following information has been estimated:
Development Effort 78 person months
Schedule 6 months
Development Cost 234,000 YTL
Productivity 167 instructions per person-month
Average Staffing 15.6 full-time-equivalent software personnel
Annual Maintenance Effort 12 person months
Annual Maintenance Cost 24,000 YTL
Average Monthly Wage 3,000 YTL
Phase Distribution:
Effort (PM) Schedule (mo) Staff (avg) Cost
Plans and Requirements 6.2 1.4 4.4 27900
Product Design 14 1.6 8.8 62700
Programming 44.5 2.2 20 187800
Detailed Design 21.1 90600
Code and Unit Test 23.4 97500
Integration and test 19.5 1.2 16 97500
Activity Distribution (Schedule/months) by Phase:
Function Plans and Requirements Product Design Programming Integration and test
Database Development 0.16 0.18 0.25 0.14
Relational DB convert/load 0.16 0.18 0.25 0.14
Private Network Development 0.11 0.12 0.17 0.09
Development of the website 0.86 0.98 1.35 0.74
Integration 0.11 0.12 0.17 0.09
Total 1.40 1.60 2.20 1.20
2.5 Security
The Security Specialist will advice on new security features during development. The pre-decided security features are Mobile phone security password and IP / MAC address storage of the users and built in notification system. At the end of each stage the Security Specialist will prepare a review and this review will be discussed in end-of-stage meetings.
2.6 Communications Plan
The coordination among the teams and sharing of knowledge about the project is essential to the project’s success. Project participants will demand knowledge of what the status of the project is and how they are affected.
Communications Methodology
In order to achieve perfect support and guidance among the members, the executives not only speak directly to all levels of organization, but also they will have to listen to any thoughts directly from all levels of the organization. Everyone should be involved in the after-stage meetings and every people’s ideas should be taken into consideration.
To ensure the confidence of the personnel involved in bringing the proposed changes to reality, it will be important to communicate the way in which the solutions were created.
Full support at all levels, where the changes will have to be implemented, is important to sustainable improvement. At this level (as with all levels), there must be an effort to find and communicate the specific benefits of the changes. People need a personal stake in the success of the project management practices.
Communications Events
Monthly Status Reports:
Project Manager should provide a status report every end of the month in which the report will be prepared according to the reports provided by each development member.
• Summary of tasks completed in previous month
• Summary of tasks scheduled for completion in the next month
• Summary of issue status and resolutions
After-Stage Meetings:
In every end of the stages, there should be a meeting that all members of the project should attend and discuss about the status of the project. In this meeting, all the subjects are supposed to be resolved and then they can only get to the next stage if all the issues in the current stage are resolved.
Bug-reporting and Task Management System:
A multifunctional system that will show each tasks of personnel seperately and provide a bug-reporting feature has to be developed or used by an open-source task and bug management system. All the personnel are supposed to follow this system in order to create the support and guidance among each other in other times than the meetings. The Project Manager will provide the reports according to the information on this system.
2.7 Configuration Management
Configuration Management (CM) activities will begin in the Analysis stage and continue through system maintenance. CM activities will commence with the approval of the Final Requirements Specification document. A Configuration Management Plan (CMP), in line with the Software Configuration Management Guide (SCMG), will be developed and delivered concurrently with the Final Requirements Specifications.
The CMP will address the following CM elements/activities:
• Control (change control of the software configuration items; see following section for details of the change control process)
• Auditing (functional and physical reviews of the system)
• Status Accounting (detail and summary reports of the status of software configuration items)
2.8 Change Control Process
The requirements will be baselined when the Requirements Definition stage is completed. Any requirements added after that time will require mutual agreement on the part of all Approvers and modifications to the remaining scheduled deliverable dates, if appropriate.
The following identifies those persons that will be involved in managing changes on the project, and their respective roles.
POC: The person authorized to request modifications/additions to the baselined requirements.
Project Manager: Receives modification requests and coordinates a project-wide impact assesment, to include scope of effort and time required to implement.
If there are disagreements about the necessity or cost of the requested modifications, the Client Representative will review, assess, and facilitate a resolution.
All approved changes and their impact on the project schedule and budget (if any) will be reviewed at each Stage Exit. This will give all of the approvers and functional area representatives an opportunity to assess and plan for impact on their respective organization’s schedules and budgets.
2.9 Testing Strategy
Unit Tests - Development team
Integration testing - Development team
System testing - Independent tester
Acceptance testing - Acceptance tester
A detailed Integration Test plan will be produced after the Integration stage. The System Test plan and the Acceptance Test plan will be produced in the Programming stage. Unit testing will be included in the programmer’s individual work plans. Unit Tests will be produced for testing effectiveness and efficiency. Integration testing will be produced for integrity and availability. System testing will be produced for confidentiality, and availability. For compliance and reliability, Acceptance testing will be produced.
2.10 Quality Assurance
QA will be conducted by the Quality Assurance Consultant at the end of each stage of development. It will include an In-stage Assessment (ISA) which is a standard to assure that the established system development and project management processes and procedures are being followed effectively, and exposures and risks to the current plan are identified and addressed.
The Quality Assurance consultant will be considered part of the project team and will provide project management, development process, and quality assurance support throughout the duration of the project, and will provide a position at stage exit based on his or her ongoing involvement in the project.
2.11 Documentation
The traditional system documentation as prescribed by the SEM is planned to be produced for this project. The planned documents include:
• User’s Guide
• Programmer’s Reference Manual
• System Administration Manual
• Data Base Administration Manual
• Operations Manual
The User’s Guide is planned to be of a very visual, graphical orientation, to help the reader more quickly grasp the subject matter. The User’s Guide will also be prepared for online access for online users to be able to reach easily
2.12 Training
The training of the employee will be given a combination of formal (classroom) and independent (self-study) training modules. An additional optional self-study module will be available for those employees wishing or supposed to learn the more advanced features of the system.
The Training Chief will be preparing training material for use in-class or independant study. The training assistant will be attending classes. The Training team has to work together with the Documentation Specialist when preparing the training material.
3. Project Plan
3.1 Roles and Responsibilities
Role Responsibility
User Point of Contact Acts as the single point of contact for approving project deliverables and changes. Resolves conflicts.
Client Representative Reviews project deliverables. Represents the field’s interests and ensures that the organization’s information needs are met.
Quality Assurance Consultant Reviews and approves project deliverables from QA perspective. Reviews plans and deliverables for compliance with applicable standards. Provides guidance and assistance on process matters.
Project Manager Responsible for daily planning and control of the project. Coordinates resolution of issues. Manages and coordinates technical effort. Performs adequate and timely staffing. Provides regular and timely communications.
Project Planner Prepares and administers project plans. Tracks and reports progress.
Communications Coordinator Coordinates the teams. Ensures project staffing.
Resolves conflict across organizations. Facilitates communications.
Senior Analyst Reviews data model and assists in interviewing. Acts as primary author of design document.
Senior Programmer 1 Designs user interface for the application. Writes or delegates the writing of all programs related to the application.
Senior Programmer 2 Designs user interface for the application. Acts as primary author of Design document. Writes or delegates the writing of all programs related to the application.
Programmer Assists the Designer/Programmer in writing programs.
Configuration Manager Prepares the Configuration Management Plan. Handles configuration management activities.
Independant Tester Conducts testing of the application at all stages of development.
Acceptance Tester Evaluates the application for overall operability and ease of user interface at acceptance.
Documentation Specialist Writes the user, employee and programmer manuals. Prepares documentation.
Training Chief Trains employees on use of the system and prepares documents for training.
Training Assistant Assists the Training Manager and trains employees on use of the system.
Network Engineer Provides network programming for creating internal network and coordination among the systems.
LAN Engineer Provides internal consulting, testing, and support.
Security Specialist Provides guidance in the development of the System Security Protection Plan. Provides necessary information on developing new ways of security.
System Administrator Provides maintenance and administration to the system.
3.3 Work Breakdown Structure
Stage of Development Stage Completion Date Deliverables Deliverable Completion Date
Planning 24.04.2008 Identifying Business Needs 21.04.2008
Identifying Necessary Features 22.04.2008
Feasibility Studies 24.04.2008
Procurement (development) 25.04.2008
Requirements Specification 13.05.2008 Identify Software Requirements 06.05.2008
Behavioral Requirements 01.05.2008
Context Diagrams 29.04.2008
Viewpoint Analysis 01.05.2008
Non-behavioral Requirements 06.05.2008
Converting features into processes 08.05.2008
Developing the Network Architecture 08.05.2008
Testing Stage 1 (Unit Test Requirements / Specification) 09.05.2008
Quality Assurance 1 (Requirements / Specification) 12.05.2008
Security Review 1 12.05.2008
Meeting Stage 1 (Requirements / Specification) 13.05.2008
Design 06.06.2008 Data Flow Diagrams 16.05.2008
Entity Relationship Diagrams 21.05.2008
Structure Charts 26.05.2008
Structure Diagrams 29.05.2008
State Transition Diagrams 03.06.2008
Testing Stage 2 (Integrity Testing Design) 04.06.2008
Quality Assurance 2 (Design) 05.06.2008
Security Review 2 05.06.2008
Meeting Stage 2 (Design) 06.06.2008
Coding and Implementation 26.08.2008 Procurement 2 (Server and other development) 13.06.2008
Relational DB convert/load 13.06.2008
Coding Stage 1 16.07.2008
Coding 1 11.07.2008
Unit Testing 1 11.07.2008
Testing Stage 3 (System and Acceptance Test Coding 1) 14.07.2008
Quality Assurance 3 (Coding 1) 15.07.2008
Security Review 3 15.07.2008
Meeting Stage 3 (Coding 1) 16.07.2008
Review Design 1 23.07.2008
Coding 2 26.08.2008
Coding 2 20.08.2008
Unit Testing 2 20.08.2008
Testing Stage 4 (System and Acceptance Coding 2) 21.08.2008
Quality Assurance 4 (Coding 2) 22.08.2008
Security Review 4 25.08.2008
Meeting Stage 4 (Coding 2) 26.08.2008
Integration and Testing 10.09.2008 Integration 04.09.2008
Final Integration Testing 08.09.2008
Final System Testing 10.09.2008
Acceptance Checklist 27.08.2008
Installation and Acceptance 12.09.2008 Maintenance Plan 11.09.2008
Final Acceptance Testing Report 12.09.2008
Documentation and Training 17.10.2008 Finalize Documentation 19.09.2008
Training Material Preperation 26.09.2008
Training 17.10.2008
3.4 Resource Allocation
The following chart shows the estimated hours required by month for each person on the project.
Resource May Jun Jul Aug Sep Oct
User Point of Contact 120 120 120 120 120 120
Client Representative 80 80 80 80 80 80
Quality Assurance Consultant 80 80 80 80 80 80
Project Manager 120 160 160 160 160 120
Project Planner 80 40 20 20 20 20
Communications Coordinator 80 80 80 80 80 80
Senior Analyst 120 120 40 10 10 20
Senior Programmer 1 40 80 160 160 160 0
Senior Programmer 2 40 80 160 160 160 0
Programmer 10 20 160 160 160 0
Configuration Manager 0 20 40 60 40 20
Independant Tester 10 20 20 40 40 10
Acceptance Tester 40 20 0 0 80 10
Documentation Specialist 0 0 20 80 160 120
Training Chief 0 0 20 0 20 120
Training Assistant 0 0 10 0 20 120
Network Engineer 120 160 10 4 4 0
LAN Engineer 120 160 10 4 4 0
Security Specialist 20 20 20 20 20 0
System Administrator 4 8 12 16 80 120
4. Technical Approach
4.1 Hardware / Software Requirements
Development
CPU Technology Intel Core 2 Duo
CPU Speed 1.86 GHz
CPU Bus Speed 1066 Mhz
CPU Memory 2MB
RAM Capacity 1024MB
RAM Type DDR2
RAM Bus Speed 667 Mhz
Hard Disk 160 Gb 7200 Rpm
HD I/O SATA II
VGA RAM 256 Mb o/b GMA 3000
VGA Chipset INTEL ( Shared )
Optical Driver DVD±RW
Card Reader var
Operating System Windows Vista Business Tr
Other Turkish keyboard - optical mouse
Internet Connection At least 2 Mbit Bandwidth
Server-side
CPU Technology Intel Dual Core Xeon
HD Capacity 73 GB X 3
RAM Capacity 1024MB
Disk Controller Dual Channel Ultra SAS SC
Ethernet Intel Gigabit (rx 300)
I/O Port Serial 2xVideo, 4xUSB BACK ,2 USB FRONT, 2xRJ-45
Max Memory (MB) 48 GB
Hard Disk 1.8 TB 6 x 300 GB 10000 Rpm
CPU Bus Speed 1333 Mhz
CPU Memory 4MB
HDD 6 HotSwap
RAM Type DDR2
RAM Bus Speed 667 Mhz
Operating System Windows Server 2008
Software
Adobe CS3 Series (Dreamweaver, Flash, Photoshop etc.), Microsoft Office 2007 (Word, Excel, Access, Powerpoint, Outlook, Visio, Project etc.)…
Other software needs are subject to change and can be submitted during development.
4.2 Programming Languages
The proposed programming language for the development of the main application is Java and PHP 5. Client Server applications and employee user interfaces will be developed by Java. The website user interface is supposed to be developed with PHP 5. Oracle must be used for system database development because it is the software that provides built-in security that is necessary for privacy data.