The new online payment gateway system for ICB will be an improvement on the current internet banking system. The new system will have a web interface for payments which will also be able to accept payments from different third party software. User information protection is really important and while credit card details are not stored, the payments details should be kept confidential and encrypted while it's being transferred. The users should also be authorized and authenticated, and data corruption should be kept at minimum. All the transactions and user actions should be logged in order for security and reliability reasons.
The new system should be able to cater for thousands of transactions per minute at peak times. The system should also be able to optimize the amount of hardware usage depending on the load of the system, in order not to waste resources. This is important since a system failure that would make the system unavailable will cost the company thousands of Euros.
Problem Statement
One of the major problems that the current system has is the large amount of transactions that have to be handled manually by clerks. This also made it difficult to find people that are ready to work as clerks due to the large amount of paper work.
Another problem with the current system that annoyed a lot of clients is the fact that payments have to be done physically at the bank.
On rare occasions, some payments are not finalized because the transactions are never carried out.
Impact Analysis
One of the major advantages that the new system will have is the ability to make online payments. Online payments gateways do not require any employees present physically at the bank to deal with the customers and are available all the time.
Since a lot of payments will be handled by the online payment gateway, most clerical work will be obsolete and a lot of paperwork that used to stress employees and slow down payments will be reduced
Since an online payment gateway is available all the time, you will be able to offer payment services to a larger clientele base with fewer employees.
In order to maintain such a busy and high traffic service online all the time the company will need a good amount of powerful servers. Buying and maintained these servers cost a lot of money. The company will also need to employ people with a set of skills in order to keep the servers running. Since in this type of service security is vital, a good amount of money should also be spent on security.
Online transactions are vulnerable to different types of attacks which will cost the company a lot of money in order to have a secure and reliable service. Incase security is ever breached; the costs that come with either law suits or revenue loss are high.
Related Systems
eWay
eWay is an online payment gateway system with different releases for different clients. It is used to enable your business to accept payments 24/7 with automatic and secure transactions.
One of the features of eWay is Payment Card Industry (PCI) compliance, which means that it is certified as a trusted service, and that all the transactions are encrypted and secure. PCI compliance ensures that the software follows a set of guidelines that prevent credit card fraud, hacking and other security issues.
Another important feature of eWay is recurring billing. Recurring billing will enable your company to easily handle recurring payments done to your company, like subscriptions or memberships. Every time a payment needs to be processed, eWay will automatically handle it so there is no need for you to schedule and manage recurring payments that are done over a period of time.
eWay also enables you to process manual payments. This will enable you to process any manual transactions, like payments done at the physical location of your business, or over the phone. This way you can always keep a track of all your payments, and even reports generated through the eWay Business Centre will include all the transactions that your company has made.
DataPayPro
DataPayPro is an online payment gateway with PCI-DSS security.
A feature of DataPayPro is a virtual terminal that is essentially a virtual credit card machine. It will allow you to accept credit card, ACH and eCheck payments. This way you can enter any physical payments done at your store into the DataPayPro virtual terminal.
DataPayPro also offers a customer database that holds any information on the customer, credit card details and checking accounts. This database also meets PCI-DSS security standards. All the data is strictly encrypted and only your business can access this database.
DataPayPro officially supports synchronization to QuickBooks. QuickBooks will handle all of your accounting needs and will reduce the amount of time you will need to spend on bookkeeping. This feature will enable you to link any customer's transactions directly with invoices, saving you the time and data duplication needed when doing invoices manually.
Section 2: Analysis
Subsection A
Task 1
Part 1:
The observation technique is carried out by analyzing the procedures of the company in action. This kind of observation technique gives a firsthand experience of how things are being done, like processes, activities and operations. It puts the system analyst aside the company's employees to collect real time, reliable data. This method involves examining procedures as they are carried out. The analyst observes how work and procedures are carried out with the existing system, and this enables the analyst to witness firsthand how the work is actually done and what it involves. Since the analyst is participating in the process, he can gain further knowledge that cannot be gained through other investigation technuiqes. The analyist must pay attention not to disturb the employees being analyzed as this would hinder the natural routine.
One of the advantages is that a well carried out observation technique can reveal information that would not be revealed using other, more formal ways of investigation, like a questionarre or an interview. Another advantage of the observational technique is that the collected data is reliable because it has been collected directly by the analyst himself, thus making the data unbiased and some day to day processes may differ from the documentation.
A large disadvantage of the observational technique is that it is very time consuming. The resulting data needs to be analyzed and processed since a lot of data is gathered during observation techniques. It is also very time consuming since the analyist will have to witnees the whole process, and not refer to any existing analysis or documents. Another disadvantage that may hinder with one of the main advantage is the face that if an observation is too intrusive, the collected data might not be as important and informal as an observation technique is supposed to be.
Part 2:
Given a list of employees at ICB, one can correctly identify where the observation has to be carried out, in order to understand better the system requirments. Since the observation technique is carried out by working closely with the company's employees, we will be working closely with the Network Technicians. This will enable us to observe the current IT network of the company, and any new hardware additions that will be needed in order to support the new system.
Since ICB already process a large amount of manual transactions, the new online system will have to be able to handle thousands of transactions per minute. Since online banking is a very useful and expanding commodity, it is estimated that most of the manual transactions will eventually be made online. This gives us an estimate of how much bandwidth will the new server have to handle. Assessing the current system is important so as to successfully estimate all the new hardware needed. Working closely with the Network Administrator will also help us plan on how we will merge the new hardware with the old one, so that there will be no waste of resources
Task 2
Part 1:
The question that was proposed by the co-worker has a couple of issues that need to be addressed in order for it to be viable for submission. The two main problems with this question are:
The wording of the question might be misleading to some of the employees that are filling the questionnaire. The question does not specify exactly what inadequate is referring to. Whether it is server load, inadequate software features, network configuration etc.
Answers do not offer enough option or detail. The answers do not specify or give any detail or time span and since different people might interpret the answers differently, the result will be unreliable.
In order to address the problems mentioned above, the question has to be modified to make sure the employees answering it will not be misled. The proposed question has to have a direct question and detailed answers. After review, the suggested question is this:
How often do you find problems to perform your daily tasks with the system? These problems include, but are not limited to; network unavailability, lack of software features and learning curve.
Often - I encounter problems with the system at least once a day, if not more.
Occasionally - I encounter problems with the system once or twice a week.
Rarely - I encounter problems with the once or twice a month.
Never - I have never encountered any serious problems with the system.
Part 2:
A questionnaire is a very good option for gathering data on some specific subjects. By choosing the questions yourself, you are filtering out any useless information, which will result in tangible data which can be easily used for statistics and reports. Although making a good questionnaire is not easy, the end result is structured and tangible information on any subject you wish to focus on, which is gathered relatively fast compared to other investigation techniques.
The information that we wish to gather from this questionnaire, is the current process which manual transactions have to go through. This will also enable us to assess the problems with the current system so as to tackle them when implementing the new one. Another questionnaire will be handed to the ICB customers. This questionnaire will be hopefully giving us any information about how the customers feel if we had to implement the new system. Some questions will also focus on the importance of certain services that the bank currently offers, which can be implemented in the new system.
The questionnaire will be handed to thirty of the clerks that are currently handling the transactions. Other, different questionnaires will be handed to all the eight of the Network Technicians and the Network Administrator.
This is one of the questions that will be handed out to the Network Technicians and the Network Administrator:
How much change to the current IT network at ICB do you think is needed to implement the new system?
No change at all - The current network can handle the new system infrastructure.
A few changes - Some quick modifications will make the network stable for the new system.
Quite a few changes - Extensive work has to be done to update the network for the new system.
Complete overhaul - A complete overhaul of the system has to be done since the current network can barely handle the new infrastructure.
In order for the new system to be run adequately, new hardware will have to be purchased. To reduce the cost we will merge the new hardware with the current hardware at ICB. How many days do you think the hardware merge will take?
Less than 5 days - Barely any hardware has to be updated. Merger will take only a couple of days.
Between 5 to 10 days - A few hardware updates need to take place. Merger will take around five to ten days.
About a month - A relatively large amount of hardware has to be purchased and implemented which should take about a month.
More than a month - A vast amount of new hardware has to be added to the system which will take a long time to merge.
These questions are aimed to help us plan the project by identifying how much work certain aspects of the project might take. These questions are aimed at employees who will have an important role in deploying the new system on the company's servers, as well help us assess how much additional hardware is needed to support the new services.
Section 3: Non-Functional Requirements
Subsection A
System Related Requirements
Requirement
Details
Requirement Reference
REQ01
Revision Date and Review Number
5th December 2010 - Review No 2
Title
Uptime
Requirement Type
System Related - Reliability
Description
Performance is really important for a payment gateway system. Any downtime and un-availability of the system may lead to clientele or money loss. The system will be expected to be available at least 99.999% of the time and any downtime should be catered for.
Requirement Details and Constraints
N/A
Criticality
Must
Why it is required
To have uptime of the system, 24/7.
Requirement
Details
Requirement Reference
REQ02
Revision Date and Review Number
7th December 2010 - Review No 2
Title
Peak-time reliability
Requirement Type
System Related - Performance
Description
The payment gateway is expected to have thousands of transaction per minute at peak times. Any payments that may have failed because the system could not handle the load can lead to money loss for the client. The new system will have enough performance to support up to 15,000 transactions per minute, which is more than enough to handle the clientele of ICB.
Requirement Details and Constraints
N/A
Criticality
Must
Why it is required
To make sure the system can handle the company's projected peak time usage.
Requirement
Details
Requirement Reference
REQ03
Revision Date and Review Number
2nd December 2010 - Review No 1
Title
Data corruption Proof
Requirement Type
System Related - Robustness
Description
A payment gateway must be robust and cater for any corruption that might occur due to system failure. Therefore logs and backups of transactions or any other vital information are to be kept.
Requirement Details and Constraints
N/A
Criticality
Must
Why it is required
System failure may lead to data loss.
Requirement
Details
Requirement Reference
REQ04
Revision Date and Review Number
15th December 2010 - Review No 3
Title
Client information security
Requirement Type
System Related - Security
Description
Security is really important when handling client information, even more so if that information is private and personal data. Leaked information about the bank's customers or the bank itself can lead to a great loss of revenue. When dealing with online payments, securing the information passed between the bank and its customers is critical. Credit card details are to be discarded once an online session is ended, and any transmitted data should be encrypted.
Requirement Details and Constraints
N/A
Criticality
Must
Why it is required
To preserve client information during transactions.
Requirement
Details
Requirement Reference
REQ05
Revision Date and Review Number
17th December 2010 - Review No 3
Title
Login authorization
Requirement Type
System Related - Security
Description
Access to the payment gateway must be strictly controlled. Any unauthorized users that might access the client's account may result in theft to the client which results to money and reputation loss for ICB. It is important to eliminate any opportunity of un-authorized account access.
Requirement Details and Constraints
N/A
Criticality
Must
Why it is required
To authenticate and authorize any log-ins to the system.
Requirement
Details
Requirement Reference
REQ06
Revision Date and Review Number
18th December 2010 - Review No 3
Title
Payment methods
Requirement Type
System Related - Service
Description
The payment gateway should accept payments from third party software and a web interface. Payments from third party software are an important feature to implement since it would reduce a lot of work for other companies and especially for your clients. It is also a good feature to attract new customers to ICB. The new system should also accept payments from a web interface, since internet banking is common with every bank nowadays. In order to accept third party payments the new system must be compliant with todays standards so that communication between this interface and the third party software is possible.
Requirement Details and Constraints
N/A
Criticality
Should
Why it is required
To make the new system open to different interfaces and make it as flexible as possible.
Process Related Requirements
Requirement
Details
Requirement Reference
REQ07
Revision Date and Review Number
18th December 2010 - Review No 3
Title
Deadline
Requirement Type
Process Related - Development time
Description
A provisionary system must be delivered within six months. The client is requesting a fully functional and working system by the end of the deadline.
Requirement Details and Constraints
N/A
Criticality
Must
Why it is required
To reduce the workload on the clerks
Requirement
Details
Requirement Reference
REQ08
Revision Date and Review Number
19th December 2010 - Review No 3
Title
Merging
Requirement Type
Process Related - Installation
Description
Since the company already has an extensive IT network, the current system and the current hardware have to be considered when purchasing any new hardware, if needed. This will help to identify all the required needs to install the new system.
Requirement Details and Constraints
N/A
Criticality
Must
Why it is required
To successfully merge and use the old hardware with any new hardware.
External Requirements
Requirement
Details
Requirement Reference
REQ09
Revision Date and Review Number
20th December 2010 - Review No 4
Title
System flexibility
Requirement Type
External - Interoperability
Description
Flexibility is important, and opening more opportunities for more customers will help ICB attract new customers. The system will allow current and new users to accept payment into their banking account directly from other payment software. This is possible by making the online portal compliant with standards so as to enable transactions from third party tools.
Requirement Details and Constraints
N/A
Criticality
Must
Why it is required
To authenticate and authorize any log-ins to the system.
Requirement
Details
Requirement Reference
REQ010
Revision Date and Review Number
20th December 2010 - Review No 4
Title
Sensitive client information protection
Requirement Type
External - Legal
Description
It is very important to protect the customer's information; to avoid any unauthorized access or eavesdropping. Any information leaked or money stolen from a client's account may lead to a lawsuit from the client. Certain laws state that if confidential information that is entrusted to a company is leaked to third party persons without the authorization of the client, that client can open a lawsuit against the company he entrusted the personal information with. This can be prevented by investing in good data encryption software, and make the services up to international standards so as to avoid any problems, and to show any potential customers the level of professionalism your company has.
Requirement Details and Constraints
N/A
Criticality
Must
Why it is required
To authenticate and authorize any log-ins to the system.
Personnel Related Requirements
Requirement
Details
Requirement Reference
REQ11
Revision Date and Review Number
5th January 2011 - Review No 5
Title
Personnel Skill
Requirement Type
Personnel Related - Skill Level
Description
Since ICB already has an experienced IT team, there is no need to hire any new personnel to manage the new system. A user manual and documentation for reference would be enough for the current team to manage the new system.
Requirement Details and Constraints
The IT team managing the network and software functions include:
Manage the database in case of changes, updates or corruption
Maintenance of the network
Handle minor problems with the new software
The IT team at ICB will require access to this data:
The SQL server
The network's hardware web-interface
Any advanced admin passwords to the new system
The IT team should preferably possess:
A diploma or a degree in network management
A Cisco networking certificate
Criticality
Must
Why it is required
To make sure ICB has the right people to manage the new system.
Requirement
Details
Requirement Reference
REQ12
Revision Date and Review Number
5th December 2011 - Review No 5
Title
Personnel Training
Requirement Type
Personnel Related - Training
Description
The employees which will be managing and overlooking the payment gateway system might not be fully trained to handle all the problems that might arise. A user manual of the system should be handed over to the current personnel, which would serve as a reference.
Requirement Details and Constraints
The people overlooking the payment gateway must:
Report any bugs in transactions to the administrators
Manually process corrupted transactions
Produce and analyze monthly reports of online transactions
They should have access to:
Basic administrator passwords for the new system
Report publishing tools
Network printers
They should also possess these certificates:
Ordinary level certificate in English
Basic ECDL certificate
Criticality
Must
Why it is required
To make sure the client's personnel is ready to handle the new system.
Roles
Requirement
Details
Requirement Reference
REQ13
Revision Date and Review Number
5th December 2011 - Review No 5
Title
Database Designer
Requirement Type
Personnel Related - Database designer
Description
Defining the roles of the database designer in the development of the new system.
Requirement Details and Constraints
Three of the tasks that the database designer has are:
Identify the information that needs to be stored in the database so as to plan out the infrastructure.
Plan out the database infrastructure according to the gathered data.
Design the database infrastructure according to the plan.
The database designer must possess these certificates:
A Higher national diploma in IT, software branch, or a BsC in IT.
An oracle certificate in database design.
Criticality
Must
Why it is required
To make sure the design of the database design is of excellent quality and that it properly stores the data required.
Requirement
Details
Requirement Reference
REQ14
Revision Date and Review Number
5th December 2011 - Review No 5
Title
Software Developer
Requirement Type
Personnel Related - Software developer
Description
Defining the roles of the software developer in the development of the new system.
Requirement Details and Constraints
Three of the tasks that the software developer has are:
Identify the requirements of the new system
Design the layout of the classes and GUI
Develop the software according to the design
The software developer must possess these certificates:
A Higher national diploma in IT, software branch, or a BsC in IT or an engineering degree.
An oracle certificate in database design
Criticality
Must
Why it is required
To make sure the design of the software is of excellent quality and that its properly designed to the identified requioremets.
Section 4: Functional Requirements
Requirement
Details
Requirement Reference
REQ011
Revision Date and Review Number
3rd January 2011 - Review No 5
Title
Online transactions
Requirement Type
Functional
Description
Customers will be able to make online transactions, which will reduce the amount of transactions that the clerks must handle manually.
Requirement Details and Constraints
N/A
Criticality
Must
Why it is required
To reduce manual transactions and offer more flexibility to the clients
Requirement
Details
Requirement Reference
REQ012
Revision Date and Review Number
3rd January 2011 - Review No 5
Title
Third party support
Requirement Type
Functional
Description
The system should accept third party software transactions. This will widen the clientele base.
Requirement Details and Constraints
N/A
Criticality
Must
Why it is required
To make the system more open to customers
Requirement
Details
Requirement Reference
REQ013
Revision Date and Review Number
5th January 2011 - Review No 5
Title
Encrypt the data
Requirement Type
Functional
Description
The payment gateway must encrypt all the sensitive information so as to eliminate any eavesdropping. The system should be up to international standards when it comes to encryption. The system should be 'Advanced Encryption Standard' compliant. AES is a 256-bit simmyetric-key encryption standard.
Requirement Details and Constraints
N/A
Criticality
Must
Why it is required
To make the system as secure as possible.
Requirement
Details
Requirement Reference
REQ014
Revision Date and Review Number
6th January 2011 - Review No 5
Title
Backup of data
Requirement Type
Functional
Description
It is important to backup all the transactions that occur at the online gateway. This will reduce any client data loss in case of corruption. A full backup has to be made everyday at low bandwidth time, late at night or early morning.
Requirement Details and Constraints
N/A
Criticality
Must
Why it is required
To avoid data loss in case of corruption.
Section 5: Life Cycle Models
Waterfall
The waterfall model is sequential, which means that you cannot skip to different phases.
Because this model is sequential it is best used in structured physical environments, such as production lines and manufacturing.
Since it is one of the earliest development models it was designed for a hardware environment.
Only moves to a new stage when the previous stage is completely done.
Advantages
Documentation oriented, so knowledge is documented in case a team member is moved.
Disciplined and simple approach. It provides a heavily structured and rigid approach to development. This model is also simple since it moves from one phase to another discreetly.
Disadvantages
Going back steps is either impossible or highly costly. This makes the model hard to use on certain dynamic environments required today.
Being one of the first models to be developed, it was heavily hardware oriented and was later implemented for software development, once software development methodologies were being implemented.
V-Model
Although it is generally used for software development, this model can also be applied to a hardware environment.
The V-Model can be considered an extension of the waterfall model. The coding is done in a phase similar to that of the waterfall, which is linear. After the coding phase is done, there is another linear phase which goes upwards, forming a 'V'.
The V-Model is rigid in process, but when it is applied it can be very flexible since it was developed outside the software development lifecycle parameters
Testing and test planning is done before coding.
Advantages
Since it is organization and project independent, the V-model is highly customizable. It can be specifically tailored to a wide variety of different projects.
The very same users of the V-Model are deeply involved in the customization and maintenance of the same model. Any change that is needed to keep the model up to date is submitted by its users to a board.
Disadvantages
Planning and preparation for operation, maintenance, repair and system disposal is carried out in the V-Model, but they are not done within the V-model.
V-model can only be implemented for sole projects within a company. It does not cater for a whole company or organization.
Extreme Programming
XP caters for constant customer requirements change. It is intended to produce good quality and fast releases in a changing environment.
XP uses pair programming, which means that two programmers will work on the same framework at the same time. While one programmer codes, the other one reviews the code.
Since XP is an agile software development method, it relies heavily on testing. All the code must have, and successfully pass unit testing. Tests are also created when a bug is encountered, before tackling the bug.
XP is heavily code oriented which leaves little time for the programmers to document on the balance between objectives and constraints.
Advantages
Since XP is code oriented rather than document oriented and there are less meetings, there is more time dedicated to coding, which enables the a lot of software releases.
Changes to the code are really in-expensive since it is heavily based on coding, it's an agile software development model and there are constant software releases.
Disadvantages
XP can be very inefficient since there is no planning, various parts of the projects may have to be re-done since another part of the project can change due to various iterations in the program.
It is impossible to estimate how much work has to be done to offer a quote at the beginning, since the scope and requirements are not clearly defined at the beginning of the project.
Scrum
Scrum is iterative and incremental, which means that it starts with planning, iterates through various cyclic phases and then finally ends with deployment.
Scrum is another agile software development. Agile software development methods aim at producing multiple working prototypes in a short period of time.
Since it is an agile software development model, various prototypes are release. This means that it will need constant feedback from the client on all releases.
Scrum is management intensive since it was primarily intended to manage software development projects.
Advantages
Large and demanding projects can be quickly developed and tested since mistakes can be easily corrected.
Since Agile enables the release of a lot of prototypes, it can easily adapt to changes because it allows constant feedback from the customer based on the prototypes.
Disadvantages
Since a project developed in Scrum is rushed, only experienced people are able to cope with this mode. If novice people are used in a team the project might fail or slow down drastically.
Only works with small teams, which may also have a big effect if a team member leaves. This limits scrum to small projects only.
DSDM
Scrum is iterative and incremental, which means that it starts with planning, iterates through various cyclic phases and then finally ends with deployment.
Since DSDM originated from the RAD methodology, like RAD, DSDM also focuses on information system projects which are rigid in budget and deadline.
Addresses some common problems with information system projects, which include budgets exceeding the original one and failure to deliver a project on the deadline date.
It has three sequential phases (pre project, project life-cycle, post project), with the project life-cycle phase being the most complex.
Advantages
Any stage done in the DSDM is reversible. So a bug detected in an earlier phase is easily tackled. This makes DSDM very flexible.
Since DSDM is a test-driven software development process, testing is carried out during all the phases. DSDM can be test-driven since it can iterate small phases of the project.
Disadvantages
In order for the project to be efficient and effective there must be constant communication and cooperation within the team, and with the client.
Since DSDM is based on the rapid application development methodology, it can lead to multiple prototypes that are not adequate for release.
I reviewed five of the life cycle models, some of which vary a lot from each other since they come from different backgrounds and some are similar since they are based on the same principles. After I reviewed them, I found out that the most fitting life cycle model is DSDM.
One of the reasons I chose DSDM for this scenario is that there is a strict deadline, and the client is aiming for a solid release within six months. Since DSDM is iterative and incremental, it makes it an agile software development methodology. Agile software development methodologies focus on fast delivery of usable software, which will enable the team to deliver a new prototype every few weeks. Each prototype will be tested and any changes to the software will be implemented. Changes to the software are easy to implement even when the project is reaching the deadline date. Since the deadline is so short, good planning is a must, which would eventually lead to a final release within the proposed deadline. This is also possible because with DSDM, development is sustainable and the project can move at a regular speed making deadline estimates easy.
Section 6: Modeling Documentation
Subsection A
Context Level DFD
Level-0 DFD
Subsection B
A Data Store
Data Store Description
ID: DS1
Name: Clientele Database
Description: The clientele database is a computer database which stores all the valuable information about the ICB clients. From personal details to transactions.
Physical Implementation Information: The clientele database will be implemented using MySQL. MySQL is a powerful and widely used SQL database environment. MySQL will run on a dedicated database server.
Contents: The contents of the clientele database will be the heart of the new system. It will contain the all the personal details about the clients, names, addresses, credit card numbers, bank balance, transactions etc. Needless to say all this information is confidential and thus the database contents will be encrypted.
Inflows:
Log-in log file
Transaction information details
Identification details
Three Data Flows
Data Flow Description
ID: DF1
Name: Log-in details
Description: This data flow shows the login details (username, password, etc) being passed to the system in order to verify the user with the clientele database. This data flow is useful for the login procedure.
Source: Client
Data Structure: The data passed in this data flow is a class with variables that represents all the login details.
Further Comments: N/A
Data Flow Description
ID: DF2
Name: Log-in Log File
Description: This data flow is a simple formatted string that is stored in the clientele database as a record of a successful/unsuccessful login.
Source: Log-in
Data Structure: The data passed in this data flow is a simple formatted string with a few login details and the date and time of the log-in attempt.
Further Comments: The log-in details stored in this data flow do not contain personal information, just the username.
Data Flow Description
ID: DF3
Name: Identification
Description: This data flow represents the identification passed on from third party software to the payment gateway so as to confirm it is legitimate and trusted software.
Source: Third Party Software
Data Structure: The data passed in this data flow is a string containing an identification code.
Further Comments: N/A
Two Processes
Process Description
Name: Process Transaction
Description: This process will get information about a transaction either from a client from the web interface or through third party software. In order for the client or the third party software to access this process they must first be authenticated. After a transaction is ready, this process will store the relevant information into the clientele database.
Physical Implementation Information:
The connection trying to access the process is identified
The connection is identified as either a third party software or a client from the web interface
If it is an authorized client, the transaction is processed and the confirmation and details of the transaction are passed back to the user
Else if the connection is from a third party software the transaction is processed and a confirmation is sent back to the software
Inputs:
client transaction details
software transaction details
transaction database confirmation
Process Description
Name: Request authorization
Description: This process will get the information supplied by a third party software, and check with the database whether this software is trusted and authorized to perform transactions in the system for our clients.
Physical Implementation Information:
The identification information is requested from the third party software
This identification is checked with the database
If this software is authorized to perform transactions within the system it can then move on to process the transactions required
Inputs:
identification
identification confirmation
An External Entity
External Entity Description
Name: Client
Description: This entity represents a legitimate client of ICB connecting through the portal. The client, after a successful login, can process transactions to any of his bank accounts with ICB through the web portal.
Interface Constrains: There is a heavy constraint between the client entity and the clientele database. While a client can view all his information and past transactions, he may not modify and past transaction or bank details. He also has full constraint on any other details that do not belong to his account. The client has access to the log-in log file, so as to make sure there are no un-authorized log-ins.
Inputs:
log-in confirmation
client transaction confirmation
client transaction report
Subsection C
Four Data Entities
Data Entity
Name: Client
Description: This data entity has all the information about an ICB client. It also contains the login details (user_name, password and security_key).
Attributes:
Client_ID
User_name
Password
Security_Key
ID_Card_Number
First_name
Last_name
Plot
Street
Town
Country
Primary Key:
Client_ID
Foreign Keys: N/A
Data Entity
Name: Account
Description: This data entity contains information about a client's account.
Attributes:
Account_ID
Client_ID
Account_Type
Account_Balance
Primary Key:
Account_ID
Foreign Keys:
Client_ID
Data Entity
Name: Transaction
Description: This data entity contains information about all the transactions at the ICB bank. The foreign key source_ID contains the ID of the account or third party software processing the transaction. Destination name is the name of the destination account. Currency_ID links to the type of currency used in this transaction.
Attributes:
Transaction ID
Source_ID
Destination Name
Amount
Currency_ID
Primary Key:
Transaction ID
Foreign Keys:
Source_ID
Currency_ID
Data Entity
Name: Log Report
Description: This data entity will store the information for each log-in attempt. The log_date and log_time will store the date and time of the attempted log-in. Authorized will be a Boolean value indicating whether the log-in was successful.
Attributes:
Log_ID
Client_No
Log_Date
Log_Time
Authorized
Primary Key:
Log_ID
Foreign Keys:
Client_No
Subsection D
Relationships
Country - Client
Description: This relationship links the Country table to the Client table. This relationship will solve the issue of data redundancy.
Cardinality: One-To-Many relationship
Client - Log Report
Description: This relationship links the Client table to the Log Report table. This will links all the log-ins to a specific client.
Cardinality: One-To-Many relationship
Client - Account
Description: This relationship links the Client table to the Account table. This will link multiple accounts to one client.
Cardinality: One-To-Many relationship
Authorized Software - Account
Description: This relationship links the Authorized Software table to the Account table. A third party software can have multiple accounts which it manages automated transactions through.
Cardinality: One-To-Many relationship
Account - Transaction
Description: This relationship links the Account table to the Transaction table. An account can have multiple transactions.
Cardinality: One-To-Many relationship
Transaction - Currency
Description: This relationship links the Transaction table to the Currency table. A transaction will have exactly one currency it will use.
Cardinality: One-To-Many relationship
Subsection E
Subsection F
Use Case Model
