biometric automated omah
TRANSCRIPT
47
STAMFORD COLLEGE MALAYSIA AFFILIATED WITH THE UNIVERSITY OF EAST LONDON
Project Management (MSc) Technology Management
BIOMETRIC PROJECT MANAGEMENT PLAN FOR AUTOMATED TELLER MACHINE OF DAILY BANK BERHAD
1.INTRODUCTION
This project ‘‘Biometric automated teller machine’’ is developed in Visual Basic.Net. Banks
today used almost in their entire ATM machine (Automated Teller Machine). Etzel et al
(2004) stated that “thousands of years ago transaction process were likely done manually by
customers in the bank, but presently it is done very rarely because of it difficulty and long
process it takes.” Obviously, banks today use ATM as part of their transaction process to ease
and fasten the process of transactions Gido and Clements (2003). However, the process is
significant as it make transactions easier and faster for customers, even in the time of
emergencies. In apparent, this process also involve certain risks, during the 90’s majority of
banks took advantage of the technological boom in micro-computer and communication, the
use and work of ATM began to work exclusively online meaning that when an ATM losses
communication with its central system, it losses service as well Gido and Clements (2003).
Once ATMs were connected directly, the need arose to protect the information in the card
and the client’s PIN (Personal Identification Number) found in messages that had to travel
across public telecommunication lines.
The Biometric Automated Teller Machine project plan will provide and outline a definition
of this project, including the project objectives and goals. In addition, the project plan will
stand as an agreement between the following parties: that includes the project sponsor,
steering committee, project manager, project team, and other personnel associated with the
project.
1.1 MOTIVATION
As criminals tampers with the ATM and steal user’s credit card and password by illegal
means. Once user’s card is lost and password stolen, the criminal will draw all the money in
shortest time, which will bring enormous financial losses to customer. How to carry on the
valid identity to the customer becomes the focus in current financial circle.
47
1.2 THE PROJECT PLAN DEFINES THE FOLLOWING:
Project purpose Business and project goals and objectives Scope and expectations Roles and responsibilities and Human resource activities Assumptions and constraints Project management approach Ground rules for the project Project budget Project timeline Conceptual design of new technology
1.3 PROJECT APPROACH
This section provides and outlines the way the technology, including the highest level milestones of the project will be employ.
Phase 1: Secure agreement with client
Phase 2: Order Equipment (Hardware and Software)
Phase 3: Assemble, Install and test Hardware and Software
Phase 4: Install biometric software on ATM
Phase 5: Conduct Hardware/Software Testing
Phase 6: Conduct Training and provide support
1.4 BRIEF SUMMARY OF THE PROJECT
The purpose of the project is to analyze the requirements of designing, installation and
implementation of biometric software for both the central bank server and the ATM client
machines that will support Daily-Bank ATM network; according to the requirements
specified by the client.
47
1.5 PROBLEM STATEMENT
Automated Teller Machines (ATMS) are electronic banking outlets which allow customers to
complete their basic transactions without the aid of branch representatives or teller (Qadrei &
Habib, 2009). Nowadays, using the ATMS which provide customers with the convenient
banknote trading is very common. However, financial crime cases have risen repeatedly in
recent years with a lot of criminal tampering ATM terminals and stealing credit cards and
passwords. Once a user’s bank card is lost and the password stolen, criminal will draw all his
or her cash in a very short time and bring enormous financial loss to the said customer. Being
able to validate the identity of customers has now become the focus of the current circle
(Yang &Mi, 2010)?
Traditional ATM systems, in authenticating credit cards and the passwords, have some
defect. The use of credit cards and passwords cannot verify the clients’ identities accurately.
With the rapid increase in the number of break-in reports involving traditional PIN and
password, there is a high demand for greater security in accessing sensitive personal data.
These days, biometric technologies are typically used to analyze human characteristics for
security purposes (Cavoukian & Stoianov, 2007). Biometrics based authentication is a
potential candidate to replace password-based authentication (Pankanti & Jain, 2004). The
technique of fingerprint recognition is being continuously updated offering new verification
methods; the original password authentication method is being combined with the biometric
identification technology to verify the client identity and to improve effectively the safe use
of the ATM machines.
1.6 OBJECTIVES OF THE PROJECT
The objectives of this project will focus on implementing biometric technology, and making
sure the following are achieved:
To ensure the project is completed on the specified project due date (starts on 1 st July
2011 to 31st June 2012
To ensure the project is completed within the budget which is $5,000,000.00
To make sure all the requirements stated in this project are fulfilled (as in the Software
and hardware)
To purchase and install a Biometric finger print scanner into the ATM.
To enhance the protection of customers’ information through the usage of biometric
(ATM)
47
1.7 PROJECT SCOPE
The project will develop new Automated Teller Machine (Biometric) technology; including
the following.
With the use of Java, HTML and CSS, this document describes the buying and installation of
a biometric ATM device, which is applicable to the regular banking transactions processes:
deposit, withdrawal, transfer of funds and balance query. Any changes will be assessed in
terms of impact to the project schedule, costs and resource usage.
This project will be limited to the installation of the biometric finger scanner and may not
discuss the manufacture of it. With more focus on the ATM functioning, this work will also
cover risks associated with the ATM work and the roles and responsibilities of the project
team will also be discussed.
2 PROJECT BUDGET PLAN
The project is planned with the following constraints:
Time: one year: once the biometric software product is installed on the ATM machines, it
will take one month for the client to install the physical ATM machines in their various
permanent locations. Three staff from outside of the consultants firm will be required to assist
in the requirements and detail design phases of the project, so as to lend their extensive ATM
experience to the project. Maintenance, the software will have to be designed such that
maintenance expenses do not exceed $100, 000 per year (software maintenance portion of the
total $ 600,000 budget.
2.1 Schedule and Budget Summary
The project has the following high-level schedule:
Delivery of baseline project plan: May 10, 2011.
Software products ready for operation: May 31, 2012
The project has a budget of $3, 000,000. Once the biometric software product is delivered,
annual maintenance costs should be no larger than $100, 000.
47
2.2 Evolution of the Plan
The plan is considered to be a dynamic document and will be updated monthly by default and
on an unscheduled basis as necessary. Scheduled updates to the plan will occur on the last
Friday of the month. Notification of scheduled and unscheduled updates to the plan were
communicated via e-mail and phone contact to all project participants according to the
Reporting Plan.
Once the initial plan is finished, a baseline of the plan will be created. Changes to the plan
will take place against this baseline. The plan will only receive further baselines if significant
change in the scope of the project occurs but this is very unlikely.
3.START-UP PLAN:
3.1 Estimation Plan
Schedule, Cost, and Resource Estimates: The estimation chart showing activities, estimated
duration, estimated cost, and estimated resource requirements will be shown.
3.2 Estimation methods
Schedule duration and work estimation for each leaf activity in the Work Breakdown
Structure (WBS) will be performed using a combination of the following methods and data
sources:
3.3 Resource input
For the resource(s) identified as being required to complete the activities here, they will
require an estimate of the amount of time required to complete the activities. A detailed
estimate will be presented here and broken down into sub-activity milestones. Sub-activity
milestones tied to the percentage of complete metric will force a consideration of everything
that is involved in the activity.
When more than one resource is assigned to the activity, their estimates will be collected
independently and, if substantially different, meetings will be held between the project
manager and all resources so that an agreement may be reached on a final estimate.
47
3.4 STAFFING PLAN
In terms of domain-specific knowledge as it relates to the development ATM software,
we have accommodated our limited experience in this area by recognizing the need for
two consultants from a company (that possess good biometric knowledge) with which
we have had a good working relationship in the purchase of the biometric finger
scanner. The two consultants whose services we will acquire from Banks etc. will fill our
knowledge gap in this area.
Human Resource Type Work
(hrs)
Key Periods
Required
Key project phase
(s)
Qt
y
Project Manager 1193 02/15/2011 to06/30/2012
All 1
System Architect 142 05/30/2011 to07/15/2011, 11/14/2011to
02/13/2012
Hardware design
and structuring
1
Programmer and web
designer
170 05/30/2011 to07/15/2011
Coding and web
designing
1
Consultants with detailed biometric ATMKnowledge
914 + 300 =1214
05/30/2011 to02/13/20012
Consultancy and
advice on the
biometric
implementation
2
Installation/Integration
Engineer
737 12/05/2011 to04/24/2012
Install and integrate
Biometric software
and other softwares
1
Quality, Verification
and Validation
Engineer
532 08/15/2011 to02/13/2012
Quality Assurance,
Software/Hardware
verification
1
Configuration
Engineer
225 05/30/2011 to07/31/2011
All (but mostwork up-frontduringdefinition)
1
47
Quality/Test Engineer 89 07/01/2011 to08/15/2011, 12/01/2011to 12/15/2011,03/01/2011 to05/31/2012
Hardware and
Software testing
1
Training/Support
Specialist
241 11/21/2011 to12/12/2011, 04/10/2012to
05/15/2012
Training and support 1
WORK PLAN
Work activities must be documented. Schedule allocation, Resource allocation and Budget
allocation must be recorded.
4.PROJECT ORGANIZATION
Process model
The project shall utilize a combination of Iterative and Waterfall development approach.
Content of each build shall be determined by the Program Manager with direct input from the
customer regarding need dates for required functionality.
4.1 PROJECT RESPONSIBILITIES
4.1.1 Organizational Management: Defines business needs, goals and objectives of the
project as well as defining the policies and procedures governing the project.
4.1.2 Program manager: The Project Manager shall be responsible for defining and
controlling project work activities and schedules. Other team members shall work in
47
conjunction with the project manager to define the elements of their task assignments,
establish a schedule baseline; collect metric data to assess performance against that baseline,
and conduct re-base lining activities as required. The Project Manager shall submit the initial
baseline and any baseline modifications to the Program Manager for verification.
4.1.3 System Architect: Hardware and software design and structuring. He is responsible
the rules, and standards employed in our project system technical framework, plus customer
requirements and specifications, that the system's manufacturer follows in designing the
system's various components (such as hardware, software and networks).
4.1.4 Consultants with detailed biometric ATM knowledge: Consultancy and advice on
the biometric implementation, our biometric consultant providers will work closely with the
management and security personnel in your company to ensure that the identity solutions
they provide are integrated seamlessly into existing business processes. Each company is
unique and has different needs as well as each industry has different processes and
requirements. These consultants will define and deliver customized services that will fit your
organization and business needs.
Risks can come from uncertainty in financial markets, project failures, legal liabilities, credit
risks, accidents, security breaches & employee misuse of company assets. Biometrics
Consultants will usually provide assistance in identifying, itemizing and assessing all threats
and security risks your company may have, and suggesting the best solution for your
requirements.
4.1.5 Programmer and web designer : Web Design, Software design and coding. He is
responsible for the development of the software specification. He also creates and documents
a conceptual and detailed design and writes a code based on a conceptual description of the
project logic.
4.1.6 Installation/integration Engineer: Install and integrate Biometric software and other
software into the project ATM system.
4.1.7 Quality, Test, Verification and Validation Engineer: He is responsible for verifying
and validation of problem resolutions to confirm proper and accurate resolution. He also
reapplies verification and validation to Work Products that are affected by a change that were
previously verified and validate.
47
The QA/Test Manager is responsible for verifying that the delivered product satisfies the
approved requirements; is responsible for documenting the results of the requirements
verification in a Test Analysis Report.
4.1.8 Training/Support Specialist: Training and Support
4.1.9 Configuration Engineer: He will analyse the impacts of problem resolution on other
configuration items. He will handle the maintenance of matrix of all customer approved
requirements and will oversee the requirements for change control process. The configuration
manager is also in charge of recording changes to requirements matrix and is responsible for
maintaining the modification history of requirements.
4.1.10 The Customer: The person(s) or organization(s) using the product of the project and
who determines the acceptance criteria for the product.
4.1.11 Steering Committee: includes management representatives from the key
organizations involved in the project oversight and control, and any other key stakeholder
groups that have special interest in the outcome of the project.
4.1.11 Project Team Management
The project manager will coordinates the project tasks assigned to team members. If there is
any changes to the project team, that require approval of the Project Manager and Project
Owner with the affected agency if relevant. Changes will be tracked in revisions to the
project plan.
4.2 RISK ASSESSMENT
The Risk Assessment in this project attempts to identify, characterize, prioritize and
document a mitigation approach relative to those risks which can be identified prior to the
start of the project.
Assessing the probability of occurrence and potential loss of each item listed
Ranking the items (from most to least dangerous)
Making a list of all of the potential dangers that will affect the project
The risk assessment will be precautionary monitored with the help of the project manager and
continuous update throughout the project life cycle. Monthly assessments will be included in
47
the status report and open to amendment by the Project Manager. The mitigation approaches
will be agreed upon by project leadership (based on the assessed impact of the risk, the
project’s ability to accept the risk, and the feasibility of mitigating the risk), it is necessary to
allocate time into each Steering Committee meeting, dedicated to identifying new risks and
discussing mitigation strategies. The Project Manager will convey amendments and
recommended contingencies to the Steering Committee monthly, or more frequently, as
conditions may warrant on the project.
PROJECT RISK ASSESSMENT TABLE
RISK RISK LEVEL
H/M/L
likelihood
of event
MINTIGATION PLAN
Project Size
Person Hours H: Over 10,000 Certainly Assigned project manager
Engaged constantly and
comprehensive management
approach proper
communication plan
Estimated project
schedule
H: 12 months Certainly Created a comprehensive
project timeline with frequent
baseline reviews
Team Size H: 12 members Certainly Comprehensive
communications plan, frequent
meetings, tight project
management oversight
Wrong coding H: System crashing Certainly Ensure the programmer is very
familiar with the coding
required for this ATM.
Use error detection software.
PROJECT
DEFINITION
Implementing a
biometric ATM
H: Incompatibility
with ATM the
system
Certainly Inform the biometric scanner
vendor for replacement of a
compatible biometric scanner
47
Available
documentation and
establishment
baseline
M: over 75%
completed
Likely Balance of information to be
gathered by the project manager
Project Scope L: Scope generally
defined, subject to
development
Unlikely The scope defined the project
plan, and it was reviewed by
two team, project manager and
steering committee to prevent
undetected scope creep
Consultant project
deliverable clear
L: well defined Unlikely Project manager and
consultants will work together
to fully establish a coherent and
relevant deliverables.
Project deliverables are subject
to amendment.
Sponsor project
deliverable
M: Estimated, not
clearly defined
Somewhat
likely
Re-evaluate the project estimate
if discovered it is not clearly
defined.
Cost estimate
unrealistic
L:Thoroughly
predicted by
industry experts
using proven
practices to 15%
margin of error
Unlikely Included in project plan, subject
to amendment as new details
regarding project scope are
revealed
Timeline realistic M: Timeline
assumes no
derailment
Somewhat likely Timeline reviewed
monthly by two team
Project manager and
steering committee to
prevent undetected
timeline departures
47
The Number of team
members
Unknowledgeable of
business
L:Team well
versed in business
operations
impacted
by technology
Unlikely Project Manager and
consultant to identify
knowledge gaps and
provide training, as
necessary
PROJECT
LEADERSHIP
Steering Committee
existence
L: Identified and
enthusiastic
Unlikely Frequently seek
feedback to ensure
continued support
Absence of the com-
mittee level/attitude
of management
L: Understands
value & supports
project
Frequently seek
feedback to ensure
continued support
Absence of commi-
tement level/attitude
L: Understands
value & supports
project
Unlikely Frequently seek feed-
back to ensure
continued support
Absence of commi-
tement by the
management
L: Most understand
value & support
project
Unlikely Frequently seek
feedback to ensure
continued support
PROJECT
STAFFING
Project Team
Availability
M: Distributed team
makes availability more
questionable
Somewhat likely Continuous review
of project
momentum by all
levels. Consultant to
identify any impacts
caused by
unavailability. If
47
necessary, increase
commitment by
participants to full
time status
Project team’s
share work
experience create
gaps during work
M: Some have worked
together before
Somewhat likely Comprehensive
Communications
Plan
Weak User
Participation on
Project Team
L: Users are part-time
team members
Unlikely User Group
Participants
coordinated by full
time employee
PROJECT
MANAGEMENT
Procurement
methodology used
for team
L:Procurement
methodology familiar to
team
Unlikely N/A
Quality
management
procedure
unclear
L: well defined and
accepted
Unlikely N/A
5 METHODS, TOOLS, AND TECHNIQUES (METHODOLOGY)
47
5.1 Development Methodology
The project shall use the waterfall software development methodology to deliver the software
products, with work activities organized according to a tailored version of those provided by
the IEEE Standard for Developing Software Life Cycle Processes (IEEE 1074-1997). The
decision to use the waterfall methodology is due to the following characteristics of the
project:
The product definition is stable
Requirements and implementation of the product are both very well-understood
Technical tools and hardware technology are familiar and well-understood
Waterfall methodology has proven successful for projects of this nature performed
The Software Project Management Plan (SPMP) shall be based on the IEEE Standard
for Software Project Management Plans (IEEE 1058-1998).
5.2 DEVELOPMENT TECHNIQUESThe requirement passed down to this project from the larger ATM project is that the software
be based on an open architecture using a Windows 7 -based platform and Windows Open
Services Architecture / eXtensions for Financial Services (WOSA/XFS). This architecture
allows us to use object-oriented methods and tools for analysis, design, and implementation.
We will use Object Modelling Technique (OMT) for this purpose.
5.3 TOOLSThe following work categories will have their work products satisfied by the identified tools:
Team member desktop foundation
Microsoft Windows 7 desktop operating system
Virtual Machine Ware Workstation 4.5 [virtual machine support – one VM per
active project]
Microsoft Office 2010 productivity application suite
MindJet MindManager X5 Pro [information organization, brainstorming]
Adobe Acrobat 6.0 [creating/viewing PDF files]
Project management
Microsoft Project 2007 [WBS, schedule/cost estimates, resource planning,
project control]
Terametric [internally-developed metrics collection database]
Microsoft Word 2010 [document preparation and revision]
Configuration Management & Change Management
47
5.4 Implementation
Microsoft Visual C++ [programming language, development tools and object code
generation]
Windows Software Development Kit (SDK) [programming support]
5.5 Testing
IBM Rational Robot [automated functional and regression testing]
4.6 Training
Microsoft PowerPoint 2010 [training presentations]
Online Performance Reporting
Microsoft Windows 7 Server Standard [server operating system]
Microsoft Internet Information Services 4.0 [web server software]
6 THE PROJECT TEAM
The following people and organizations are stakeholders in this project and are included in
the project planning.
Executive Sponsor/Owner:
Advocate for project: Daily Bank Berhad
Project Manager: The project manager will lead the planning and execution of the project.
He will also chair the workgroup and team members
Mark Francis from Boston limited
Project Workgroup: Plan and design and gives advice to the Implementation Workgroup
Mark Ikechukwu
Jessica Lee
Steering Committee:
Abinami A. Merlin
Waremate Kamaye
Chimezu Teo Lee
47
Project Team Management
Mark Francis
Programmer and web designer
Mark Flo
Installation /Integration Engineer
Knong Sekibo
Quality, verification and validation engineer
Mark Dickson
Configuration Engineer
Joe Francis
Quality/Test Engineer
McCatty Hector Cupa
Training and Support Specialist
Regal Thompson
7 PROJECT SCHEDULE
Below are the key project tasks and the responsible teams, estimate hours and the detailed
project schedule.
7.1 Schedule Management
The project Schedule will be emailed to team members and updated as tasks are completed.
Any changes to the schedule must be documented in a revised project schedule. Sign-off
from Project Manager is required. The project activities define and will identify the specific
project plan which must be performed to complete each deliverables. Activity sequencing
will be used to determine the order of project plan and assign responsibilities between project
activities. Project duration estimates will be used to calculate the number of work periods
47
required to complete the project. Resource estimating will be used to assign resources to
work packages in order to complete schedule development on time.
7.2 COMMUNICATION PLAN
NeoTech team members will continuously monitor and maintain the schedule of monthly
meetings, project manager and the sponsor. Unimportant meeting will be avoided; the team
members will always communicate through email and mobile phone. The team members and
project manager will report progress to the following groups at their request:
Daily Bank Coordinating Committee
Daily Bank Policy Board
Spreading knowledge and ideas about the project is very important for the success of the
project. The project team members likely desire the knowledge of the project plan and how
they can be of positive achievement. In addition, they should be ready to participate in the
project life cycle that will lead to the progress of the project. The framework for this project
plan will provide the team members the necessary requirement, by informing, involving, and
obtaining buy-in from the entire team members throughout the duration of this project
7.3 PROJECT ASSUMPTIONS
The assumptions are identifying during the project plan:
Daily Bank management is willing to adopt the changes of the business operation to take
advantage of the functionality offered by the new Biometric Automated Teller Machine
technology. NeoTech will ensure that project team members are available as needed to
complete project tasks and objectives. The Steering Committee participated in the timely
execution of the Project Plan (i.e., timely approval cycles and meeting as required). Any
mistake or failure to identify changes to draft deliverables within the time specified in the
project timeline will result in project delays. Project team members will adhere to the
Communications Plan. Also mid and upper management will foster support and “buy-in” of
project goals and objectives, and the Central Bank will ensure the existence of a
technological infrastructure that can support the Biometric Automated Teller Machine
technology. However, all project team members and others involve will abide by the
47
guidelines identified within this plan. The Project Plan may be adjust as new information and
issues are revealed within the project life cycle.
7.4 POTENTIAL BENEFITS
Several benefits can be obtained from ATMs equipped with biometric scanners or software:
Daily Bank Berhad could reduce costs and provide a more efficient and timely service to its
customers. As a financial institution, it can increase their unit costs while reducing their ATM
unit transaction costs and increasing their revenues by expanding their potential customer
base.
Pensioners and other welfare recipients could receive their benefits faster and in a move
convenient form. Security is also highly assured as only with their presence can any
transaction(s) be made with their ATM cards.
The public could benefit through a reduction in taxes as a result of a more efficient
government. Transaction processing services companies would increase their revenues with a
higher volume of transactions and from the provisioning of biometrics database and
verification services.
7.5 PROJECT CONSTRAINTS
The following represent known project constraints:
The resources and materials for funding the Project are limited. The project may be
delayed as a result of this.
Hardware and software availability may hinder the early finish of the overall project
as these are very important to the success of this project.
Due to the nature of law enforcement, resource availability is inconsistent.
7.6 CRITICAL PROJECT BARRIERS
47
Different from risks, the critical barriers of projects are insurmountable events which might
be destructive to a project readiness. The following can be critical possible barriers in this
project.
Withdrawal of project funding.
Natural disasters or acts of communal crisis.
Daily Banks Berhad could reduce their ATM project unit transaction costs. If this
should happen, the Project Plan would become handicapped.
There also are a number of barriers to the deployment of the system with a biometric scanner. Some people are not so familiar with computer or machine interface, and they have natural resistance to change inherent to most humans.
7.7 ISSUES ARISING IN MANAGEMENT
In a project plan, there are normally changes that will be required which may affect project as
it progresses. For any change is required, it is very essential to understand changes within the
project plan may impact at least some critical success factors like available time, available
resources like finance and personnel and the project quality. The decision by which to make
modifications to the Project Plan which includes project scope and resources) will be
coordinated by the following processes:
As soon as a change which impacts project scope, schedule, staffing or funding is noticed, the
Project Manager will document the issue as explained by any member of the project team e.g.
the system architect. The Project Manager will review the change and determine the
associated impact to the project and will forward the issue, along with a recommendation, to
the Steering Committee for review and decision.
On receiving that, the Steering Committee will try and reach an agreement on whether
to approve, reject or modify the request depending on the information contained
within the project plan, the Project Manager’s recommendation and their personal
decision.
Should the Steering Committee be unable to reach consensus on the approval or
denial of a change made by a member of the project team (tabled by the project
manager), the issue will be forwarded to the Project Sponsor (Daily Banak Berhad),
for ultimate resolution.
47
If required under the decision matrix or due to a lack of consensus or solution, the
Project Sponsor shall review the issue(s) and render a final decision on the approval
or denial of the requested/required change.
Following an approval or denial (by the Steering Committee or Project Sponsor), the
Project Manager will notify the original requestor of the action. There may be no
appeal process to this.
PROJECT MANAGEMENT APPROACH
Project Roles and Responsibilities
ROLE RESPONSIBILITIES Participant(s)
Project Sponsor Ultimate decision-maker
and tie-breaker
Provide project oversight
and guidance
Review some project
elements e.g. what should
be adopted in the project
and what should not.
Daily Bank Berhad
Steering Committee Commits / utilize department
resources
Approves major funding and
resource allocation strategies, and
significant changes to
funding/resource allocation
Resolves conflicts and issues
Provides direction to the Project
Manager
Reviews project deliverables
Waremate Kamaye
Abinami A. Merlin
Chimezu Teo Lee
Project Manager Manages project in accordance
to the project plan
Serves as liaison to the Steering
Committee
Mark Francis
47
Receive guidance from Steering
Committee
Works with the consultants
which provide consultancy and
advice on the biometric
implementation. The consultants
also assess all threats and security
related to the biometric ATM.
Provide overall project direction
Direct/lead team members
toward project objectives
Handle problem resolution
Manages the project budget
Project Team Understand the user needs and
business processes of the
area(Project manager)
Mark Francis
Responsible for identifying risks
that may compromise the success
of the project.
(Risk Manager)
Omah Dick Chizehbudu
Review and creates codes for
project deliverables
(Programmer)
David Obama Benson
Creates or helps create work
products (System Architect)
Kenneth Othman
Analyses the impacts of problem
resolution on other configuration
items.
(Configuration Engineer)
Putri Malam
Verifies that the delivered products
satisfy the approved requirements
(Quality/Test Engineer)
Frank MCPabulo
Installing and integration of Knong Sekibo
47
Biometric software and other
softwares
(Installation/Integration
Engineer)
Helps identify and remove project
barriers (Quality/Test manager)
McCatty Hector Cupa
Provides Training and Support
(Training/Support Specialist)
Regal Thompson
7.8 MONTHLY STEERING COMMITTEE MEETING
At every month meeting are held and it’s been organized by the project manager. The
steering committee are present in the meeting and as well all the team members, the project
manager ensure that all team members get the report memo earlier before the meeting time to
enable them review it.
8 BIOMETRIC ATM SECURITY
It is important to mention that in parallel to the development of the industry different modes
of fraud have made it necessary to reinforce the levels of security utilized in ATMs; this leads
to the theme of this investigation Daily Bank to adapt biometric technology to her ATM
networks.
Biometrics offers a technological solution to the authentication of individuals. Biometrics
confirms that the actual person, rather than merely his or her token or identifier, is present.
Thus, biometrics may reduce the effort of a person’s trying to identify himself and in doing
so potentially reduce the chances of authentication fraud.
8.1 BIOMETRIC TECHNOLOGY
The term biometrics comes from the word bio (life) and metric (measurement). Biometric
equipment has the capability to measure, codify, compare, store, transmit, and/or recognize a
specific characteristic of a person with a high level of precision and trustworthiness.
Biometric technology is based on the scientific fact that there are certain characteristics of
47
living forms that are unique and not repetitive for each individual; these characteristics
represent the only technically viable alternative to positively identify a person. Without the
use of other forms of identification more susceptible to fraudulent behaviour
8.2 CARDS WITH MAGNETIC BANDS
The plastic cards with magnetic bands date back to more than 30 years. The financial sector
has used them as a means to making payments and to offer access to the financial services for
clients. The magnetic band contains unique information for every card allowing for user
identification and providing access to its products through the various electronic channels. In
order to provide access to these products, cards with magnetic bands are normally associated
to a personal identification number (PIN) which is initially assigned by the entity issuing the
card and, in some cases, the client can then change it at his/her convenience. The card and the
PIN are directly related to the user identification and allow for the utilization of electronic
channels just like as is the case with the ATMs.
8.3 BIOMETRIC TYPES
Two specific types of biometrics applications:
Biometrics for identification: Those that require identifying an individual from
the set of all possible users (by matching an acquired biometrics image to all
possible templates)
Biometrics for verification: Those that require verifying a particular identity
(by matching an acquired biometrics image against a specific template)
8.4 TRANSACTION FUNCTIONALITY
We have described the various elements that intervene in an ATM transaction, the card and
the ATM components. Figure 1 shows the sequence of events involved in the authorization
process together with the functionality of the central authorization system to which the ATM
is connected.
47
Source: http://www.biometric atmmarketplace.com/article.php?id=10808
8.5 TRANSACTION SECURITY
Biometrics is being used to secure many different transactions, including those taking place at
a single server or over a network, the Internet, or telephones, mostly in ATMs Etzel et al
(2004). However, remote biometrics authentication is neither trivial nor full lproof. The
assumption that anyone who can provide my fingerprint can also complete any transaction in
my name is risky. That is why customers require a trusted biometrics sensor, one that is
sufficiently tamper resistant and provides trustworthy levelness detection.
Biometric identification is utilized to verify a person’s identity by measuring digitally certain
human characteristics and comparing those measurements with those that have been stored in
a template for that same person. Templates can be stored at the biometric device, the
institution’s database, a user’s smart card, or a Trusted Third Party (TTP) Service Provider’s
database. Where database storage is more economic than plastic cards, the method tends to
lack public acceptance; however, Polemi (1997) found that TTPs can provide the confidence
that this method is missing by managing the templates in a trustful way.
47
8.6 Components of a Biometric System
The processes associated with a biometric methodology: enrolment,
identification/verification, and learning.
Source: http://www.biometric atmmarketplace.com/article.php?id=10808
47
Source: http://www.biometric atmmarketplace.com/article.php?id=10808
8.7 Enrolment: Prior to an individual being identified or verified by a biometric device, we
must complete the enrolment process with the objective of creating a profile of the user.
Enrolment is a relatively short process, taking only take a few minutes and consisting of the
following steps:
1. Sample Capture: the user allows for a minimum of two or three biometric readings, for
example: placing a finger in a fingerprint reader. The quality of the samples, together with the
number of samples taken, will influence the level of accuracy at the time of validation. Not
all samples are stored; the technology analyzes and measures various data points unique to
each individual. The number of measured data points varies in accordance to the type of
device.
2. Conversion and Encryption: the individual’s measurements and data points are converted
to a mathematical algorithm and encrypted. These algorithms are extremely complex and
cannot be reversed engineered to obtain the original image. The algorithm may then be stored
as a user’s template in a number of places including servers, PCs, or portable devices such as
PDAs or smart cards.
3. Identification and Verification. Once the individual has been enrolled in a system, he/she
can start to use biometric technology to have access to networks, computer centres, buildings,
personal accounts, and to authorize transactions. Biometric technology determines when a
47
person could have access in one of the two forms be it identification or verification. Some
devices have the ability to do both.
4. Identification: a one-to-many match. The user provides a biometric sample and the system
looks at all user templates in the database. If there is a match, the user is granted access,
otherwise, it is declined.
5. Verification: a one-to-one match requiring the user provides identification such as a PIN
or a smart card in addition to the biometric sample. In other words, the user is establishing
who he/she is and the system simply verifies if this is correct. The biometric sample with the
provided identification is compared to the previously stored information in the data base. If
there is a match, access is provided, otherwise, it is declined.
Learning. Each time the user utilizes the system the template is updated through learning
processes taking into account gradual changes due to age and physical growth. These are later
utilized by the system to determine whether to grant or deny access.
Source: http://www.atmmarketplace.com/article.php?id=10883
47
8.8 Technical Model Development
The integration of the two technologies requires the incorporation of the fingerprint sensor to
the ATM, and the interaction of the biometric system with the ATMs and the authorizing
system. The following steps outline in more detail the necessary modifications:
1. We start by connecting the biometric system to the same network utilized by the ATMs
and authorization system. The biometric system needs to be compatible with the
communications protocol (most likely TCP/IP) utilized by the other devices.
2. The biometric system will need software to allow it to “listen” to the network
communications for messages directed to it, and to create messages for the other devices.
3. The fingerprint sensor is installed on the ATM; it will have the capability to connect (via
the network) to the biometric system. It also needs to be protected from vandalism and be
weather -resistant.
4. Through software changes, the ability to identify a customer requiring fingerprinting will
be incorporated to the ATM. User screens will be created to guide the client through the
process of entering the fingerprint and receiving notification of fingerprint acceptance or
denial.
5. The authorizing system software needs to identify when a transaction requires
fingerprinting so that it can prompt the ATM to present the screen(s) requesting the user to
place his finger on the reader, at the same time in which it instructs the biometric system to
read and validate the fingerprint for transaction authorization. The authorizing system will
also be modified to accept the validation results from the biometric system and enter it into its
log. Once the ATM, authorizing system and biometric system have been interconnected, the
validation database needs to be built through the “enrolment” process. User information
(name, address, telephone number, etc.) needs to be entered together with a key identifier
such as card number, social sec unity number, voter’s registration number, etc. After all the
information is entered, the application activates the sensor and fingerprint(s) are read; the
program can make multiple readings, until it ascertains the quality of the sample meets the
pre-established standards for validation. Application software can register prints for up to 10
fingers per individual. Figure: shows the sequence of events involved in a transaction
validation utilizing the biometrics-equipped ATM system model.
47
8.9 Integrated model transaction validation sequence of events
Business Model Development Today, banks , other financial institutions and, increasingly,
retailers are offering Automatic Teller Machines (ATMs) as a service , through the utilization
of “transaction processing” service companies who offer the daily management of the
network infrastructure, the authorization systems, and the inter -connection of ATMs to
multiple credit/bank card providers. Banks, other financial institutions and retailers pay these
banking services a fee based on a fixed subscription cost as well as a variable cost associated
with the volume and types of customers and transactions. The banks then charge their
customers, typically, on a per transaction basis. ATM service is no longer seeing as a
competitive advantage, but as a necessity to maintain the customer base.
9 UML Diagram of the sysyem
USECASE DIAGRAM FOR NORMAL ATM TRANSACTION
Source: http://www.atmmarketplace.com/article.php?id=10883
47
9.1 Flows of Events for Individual Use Cases
System Startup Use case
The system is started up when the operator turns the operator switch to the "on" position. The
operator will be asked to enter the amount of money currently in the cash dispenser, and a
connection to the bank will be established. Then the servicing of customers can begin.
Source: http://www.atmmarketplace.com/article.php?id=10883
9.2 Transaction Use Case
Note: Transaction is an abstract generalization. Each specific concrete type of transaction
implements certain operations in the appropriate way. The flow of events given here
describes the behavior common to all types of transaction. The flows of events for the
individual types of transaction (withdrawal, deposit, transfer, inquiry) give the features that
are specific to that type of transaction.
A transaction use case is started within a session when the customer chooses a transaction
type from a menu of options. The customer will be asked to furnish appropriate details (e.g.
47
account(s) involved, amount). The transaction will then be sent to the bank, along with
information from the customer's card and the PIN the customer entered.
If the bank approves the transaction, any steps needed to complete the transaction (e.g.
dispensing cash or accepting an envelope) will be performed, and then a receipt will be
printed. Then the customer will be asked whether he/she wishes to do another transaction.
If the bank reports that the customer's PIN is invalid, the Invalid PIN extension will be
performed and then an attempt will be made to continue the transaction. If the customer's
card is retained due to too many invalid PINs, the transaction will be aborted, and the
customer will not be offered the option of doing another.
If a transaction is cancelled by the customer, or fails for any reason other than repeated
entries of an invalid PIN, a screen will be displayed informing the customer of the reason for
the failure of the transaction, and then the customer will be offered the opportunity to do
another.
The customer may cancel a transaction by pressing the Cancel key as described for each
individual type of transaction below.
All messages to the bank and responses are recorded in the ATM's log.
Source: http://www.atmmarketplace.com/article.php?id=10883
47
9.3 Withdrawal Transaction Use Case
A withdrawal transaction asks the customer to choose a type of account to withdraw from
(e.g. checking) from a menu of possible accounts, and to choose a dollar amount from a menu
of possible amounts. The system verifies that it has sufficient money on hand to satisfy the
request before sending the transaction to the bank. (If not, the customer is informed and asked
to enter a different amount.) If the transaction is approved by the bank, the appropriate
amount of cash is dispensed by the machine before it issues a receipt. (The dispensing of cash
is also recorded in the ATM's log.)
A withdrawal transaction can be cancelled by the customer pressing the Cancel key any time
prior to choosing the dollar amount.
Source: http://www.atmmarketplace.com/article.php?id=10883
47
9.4 Deposit Transaction Use Case
A deposit transaction asks the customer to choose a type of account to deposit to (e.g.
checking) from a menu of possible accounts, and to type in a dollar amount on the keyboard.
The transaction is initially sent to the bank to verify that the ATM can accept a deposit from
this customer to this account.
If the transaction is approved, the machine accepts an envelope from the customer containing
cash and/or checks before it issues a receipt. Once the envelope has been received, a second
message is sent to the bank, to confirm that the bank can credit the customer's account -
contingent on manual verification of the deposit envelope contents by an operator later. (The
receipt of an envelope is also recorded in the ATM's log.)
A deposit transaction can be cancelled by the customer pressing the Cancel key any time
prior to inserting the envelope containing the deposit. The transaction is automatically
cancelled if the customer fails to insert the envelope containing the deposit within a
reasonable period of time after being asked to do so.
47
Source: http://www.atmmarketplace.com/article.php?id=10883
47
Source: http://www.atmmarketplace.com/article.php?id=10883
9.5 User Interface Design
A user interface is a friendly means by which users of a system can interact with the system
to process inputs and obtain outputs. It is also a means of communication between the human
user and the system through the use of input/output devices with supporting software. This
particular ATM application is made up of 6 interfaces, which include; Login Interface, Enroll
Fingerprint Interface, Transaction Type Selection Interface, Withdrawal Interface, Deposit
Interface, and View statement of Account Interface.
This interface is the very first interface the bank customer interacts with on the ATM
machine. This interface prompts the customer to insert ATM card and proceeds with the
entire authentication processes, that is, inputting the ID (or card number) and PIN number
(see figure 3). If the user enters an invalid card number or PIN number, a dialogue box
47
appears prompting an invalid PIN or invalid card number and the system returns enter a valid
PIN number. A typical description of this is shown in figure 4. After validating the
customer’s card and PIN number, the customer is directed to the next phase of the
authentication process via the authentication dialogue box for inputting the fingerprint.
9.6LOGIN INTERFACE
47
Login interface response to invalid interface
9.7 Fingerprint Interface
This is the final interface the customer interacts with in the authentication process. It requests
from the customer the enrolment of his/her fingerprint to be placed on a Fingerprint reader.
The fingerprint reader accepts the fingerprint and seeks to match the live sample with the
already enrolled templates in the banks database. If match is confirmed it will finally
authenticate customer else it will deny customer access to his/her bank account.
47
The fingerprint of an individual is very peculiar to that individual since no two individuals
can have the same fingerprint. The fingerprint reader captures the fingerprint features of an
individual and search for a match of fingerprint brought up for identification among the
stored fingerprints in the database.
The fingerprints stored are kept alongside the other ID’s (Pin and Card Numbers) and the
corresponding biometric templates are kept in the database. When the fingerprint is found
correct, the customer is taken to the transaction phase where he/she will choose among the
transactions (deposit or withdrawal), otherwise the customer is denied access and the system
brings up a dialogue box for which the customer can choose Ok, and as soon as this done the
system automatically log off the customer.
47
9.8 Invalid Fingerprint Interface
Withdrawal Interface
This interface enables the customer withdraw money from his/her account. It shows the
customers current balance by subtracting the amount withdrawn from the previous account
balance. After the customer has completed all his/her withdrawals, a dialogue box pops up
notifying the customer of his/her successful withdrawal transaction. The interface is shown
below.
47
10 RISK ANALYSIS AND MITIGATION PLAN
What is Risk?
Risk is defined as "The possibility of suffering harm or loss; danger." Even if we're not
familiar with the formal definition, most of us have an innate sense of risk. We are aware of
the potential dangers that permeate even in simple daily activities, from getting injured when
cut a steal. Although we prefer not to dwell on the myriad of hazards that surround us, these
risks shape many in our daily activities. Experience (our safety officer) has outline to us take
precaution on everything we do whereas safety is our one priority in this project.
10.1 RISK ASSESSMENT
Making a list of all of the potential dangers that will affect the project
Assessing the probability of occurrence and potential loss of each item listed
Ranking the items (from most to least dangerous)
47
10.2 RISK CONTROL
- Coming up with techniques and strategies to mitigate the highest ordered risks
- Implementing the strategies to resolve the high order risks factors
- Monitoring the effectiveness of the strategies and the changing levels of risk
throughout the project
10.3 WORK BREAKDOWN STRUCTURE
WORK BREAKDOWN STRUCTURE
Project Manager
Manager
Configuration Engineer
Programmer & Web Designer
System Architect
Verification &Validation Engineer
Installation/integration Engineer
Project Sponsor
Training & Support Specialist
Test Manager
47
11 COST ESTIMATES
11.1 Maintainence Cost
Maintenance plays an important role in the life cycle of a software product. It is estimated
that there are more than 100 billion lines of code in production in the world. As much as 80%
of it is unstructured, patched and not well documented. Maintenance can alleviate these
problems. As products age, it becomes more difficult to keep them updated with new user
requirements. Maintenance costs developers time, effort, and money. This requires that the
maintenance phase be as efficient as possible. In fact, a substantial proportion of the
resources expended within the Information Technology industry goes towards the
maintenance of software systems.
11.2 Training And Labour Cost
The Labour costs are the core expenditure borne by employers for the purpose of employing
staff. They include employee compensation, with wages and salaries in cash and in kind,
employers’ social security contributions and employment taxes regarded as labour costs
minus any subsidies received. The cost of labour includes both direct and indirect labour
costs. Hourly direct labour costs may be defined as direct hourly pay: basic pay plus
overtime, shift and other regularly paid premiums. In addition, there may be additional
elements of direct labour costs such as holiday pay, Christmas bonus payments and irregular
cash payments and bonuses. Indirect costs of labour include employer contributions to social
security funds, sick pay, other social payments and vocational training costs.
11.3 Utility Cost
Utility Costs includes all organization costs that can only be indirectly associated with the
finished inventory, that is, all organization costs incurred in making a product other than the
costs of direct materials and direct labor. In terms of cost behavior, some of these costs do not
change in total even if the number of products manufactured increases or decreases from
period to period; the behavior of these costs is said to be a fixed cost. For example, the
monthly rent would not fluctuate based on the number of units produced during a particular
month.
47
Personnel
Description
Total Working
Hour
Wages per
Hour ($)
No of
personnel
Total ($)
Design Engineer 80 90 5 36,000.00
System Analyst 50 50 1 2,500.00
Programmer 100 55 5 27,500.00
Total 66,000.00
The CSMS comprises of seven major deliverables with their associated work packages.The design of
the various tasks or packages can be done simultaneously by five design engineers. The system
Analyst will monitor the requirements of the system for quality conformance. The programmers
then develop the programs with the required technology concurrently and interface the various
modules.
No Description Total ($)
1 Yearly maintenance cost 90,000.00
2 Developement 70,171.00
3 Yearly training 1,000.00
4 labour cost 2,000*20 Employee= 40,000.00
5 Increase revenue 45,000.00
6 Installation 1,500.00
7 Reduce utility cost 5,000.00
Total 4,000,000.00
Other Project Cost Estimates
General Total = 4,000,000.00 + 66,000.00 = $ 4,660,000.00
47
CONCLUSION
This project is designed to meet the requirements of Daily Bank Berhad System. It has been
developed in visual basic and MicroSoft Access keeping focus on the specifications of the
system. Daily Bank Berhad System’s objectives are to provide a system that can manage her
banking transaction services in an efficient and effective manner that will increased the
security of her customers. Without biometric automation the management of Daily Bank
Berhad would face difficulties and unmanageable tasks.
The end users’ day-to-day jobs of managing Daily Bank Berhad will be simplified by a
considerable amount through the Biometric automated system. The system is provided to
handle numerous services that can take care of all customers’ transaction process in a more
secured quick manner. The system is user friendly and appropriately effective and efficient,
easy to use, provide easy recovery of errors and have an overall end user high subjective
satisfaction.
47
Gantt Chart
47
REFERENCES
NetWorld Alliance, “Timeline: The ATM's history”, 2003, available online: http://www.atm24.com/NewsSection/Industry%20News/Timeline%20%20The%20ATM%20History.aspx
R. London (2008) “Global ATM Market and Forecasts to 2013”, Retrieved November 1st, 2011, from online at www.rbrlondon.com
ATM Market Place (2009) “ATM scam nets Melbourne thieves $ 500,000,”Retrieved October, 30th, 2011 from http://www.atmmarketplace.com/article.php?id=10808
ATM Market Place. (2009). “Australian police suspect Romanian gang behind $ 1 million ATM scam‘”, Retrieved November 3rd, 2011, from http://www.atmmarketplace.com/article.php?id=10883
BBC News (2009). “Shoppers are targeted in ATM scam‘”, Retrieved October 21st, 2011 from http://news.bbc.co.uk/2/hi/uk_news/england/tees/4796002.stm
B., Mond (1999) Understanding security APIs. Ph.D. Thesis, Computer Laboratory, University of Cambridge, 2004.
Etzel, M.J., Walker, B.J., & Stanton, W.J. (2004). Marketing, 13th edition, In Etzel, M.J.,Walker, B.J., & Stanton, W.J. (Eds). Channel of distribution, Boston,Mass.: McGraw-Hill/Irwin.
Frankel, R., Goldsby, T.J., & Whipple, J.M. (2002). Grocery industry collaboration in thewake of ECR. International Journal of Logistics Management, 13(1), 57-72.
M. Bond and P. Zielinski (2003), “ Decimalisation table attacks for PIN Cracking”,, Technical report (UCAM-CL-TR-560), Computer Laboratory, University of Cambridge, 2003.
M. Bond and P. Zielinski (2003) Encrypted? Randomised? Compromised? (When cryptographically secured data is not secure).In Workshop on Cryptographic Algorithms and their Uses, Gold Coast, Australia, July 2004
O. Berkman and O. M. Ostrovsky. The unbearable lightness of PIN cracking. In Financial Cryptography and Data Security (FC), Scarborough, Trinidad and Tobago, Feb. 2007.
SpiderLabs (2009) ATM Malware Analysis Briefing, Retrieved May 15, 2010, from https://www.trustwave.com/spiderLabspapers.php
47