47

STAMFORD COLLEGE MALAYSIA AFFILIATED WITH THE UNIVERSITY OF EAST LONDON

Project Management (MSc) Technology Management

BIOMETRIC PROJECT MANAGEMENT PLAN FOR AUTOMATED TELLER MACHINE OF DAILY BANK BERHAD

1.INTRODUCTION

This project ‘‘Biometric automated teller machine’’ is developed in Visual Basic.Net. Banks

today used almost in their entire ATM machine (Automated Teller Machine). Etzel et al

(2004) stated that “thousands of years ago transaction process were likely done manually by

customers in the bank, but presently it is done very rarely because of it difficulty and long

process it takes.” Obviously, banks today use ATM as part of their transaction process to ease

and fasten the process of transactions Gido and Clements (2003). However, the process is

significant as it make transactions easier and faster for customers, even in the time of

emergencies. In apparent, this process also involve certain risks, during the 90’s majority of

banks took advantage of the technological boom in micro-computer and communication, the

use and work of ATM began to work exclusively online meaning that when an ATM losses

communication with its central system, it losses service as well Gido and Clements (2003).

Once ATMs were connected directly, the need arose to protect the information in the card

and the client’s PIN (Personal Identification Number) found in messages that had to travel

across public telecommunication lines.

The Biometric Automated Teller Machine project plan will provide and outline a definition

of this project, including the project objectives and goals. In addition, the project plan will

stand as an agreement between the following parties: that includes the project sponsor,

steering committee, project manager, project team, and other personnel associated with the

project.

1.1 MOTIVATION

As criminals tampers with the ATM and steal user’s credit card and password by illegal

means. Once user’s card is lost and password stolen, the criminal will draw all the money in

shortest time, which will bring enormous financial losses to customer. How to carry on the

valid identity to the customer becomes the focus in current financial circle.

47

1.2 THE PROJECT PLAN DEFINES THE FOLLOWING:

Project purpose Business and project goals and objectives Scope and expectations Roles and responsibilities and Human resource activities Assumptions and constraints Project management approach Ground rules for the project Project budget Project timeline Conceptual design of new technology

1.3 PROJECT APPROACH

This section provides and outlines the way the technology, including the highest level milestones of the project will be employ.

Phase 1: Secure agreement with client

Phase 2: Order Equipment (Hardware and Software)

Phase 3: Assemble, Install and test Hardware and Software

Phase 4: Install biometric software on ATM

Phase 5: Conduct Hardware/Software Testing

Phase 6: Conduct Training and provide support

1.4 BRIEF SUMMARY OF THE PROJECT

The purpose of the project is to analyze the requirements of designing, installation and

implementation of biometric software for both the central bank server and the ATM client

machines that will support Daily-Bank ATM network; according to the requirements

specified by the client.

47

1.5 PROBLEM STATEMENT

Automated Teller Machines (ATMS) are electronic banking outlets which allow customers to

complete their basic transactions without the aid of branch representatives or teller (Qadrei &

Habib, 2009). Nowadays, using the ATMS which provide customers with the convenient

banknote trading is very common. However, financial crime cases have risen repeatedly in

recent years with a lot of criminal tampering ATM terminals and stealing credit cards and

passwords. Once a user’s bank card is lost and the password stolen, criminal will draw all his

or her cash in a very short time and bring enormous financial loss to the said customer. Being

able to validate the identity of customers has now become the focus of the current circle

(Yang &Mi, 2010)?

Traditional ATM systems, in authenticating credit cards and the passwords, have some

defect. The use of credit cards and passwords cannot verify the clients’ identities accurately.

With the rapid increase in the number of break-in reports involving traditional PIN and

password, there is a high demand for greater security in accessing sensitive personal data.

These days, biometric technologies are typically used to analyze human characteristics for

security purposes (Cavoukian & Stoianov, 2007). Biometrics based authentication is a

potential candidate to replace password-based authentication (Pankanti & Jain, 2004). The

technique of fingerprint recognition is being continuously updated offering new verification

methods; the original password authentication method is being combined with the biometric

identification technology to verify the client identity and to improve effectively the safe use

of the ATM machines.

1.6 OBJECTIVES OF THE PROJECT

The objectives of this project will focus on implementing biometric technology, and making

sure the following are achieved:

To ensure the project is completed on the specified project due date (starts on 1 st July

2011 to 31st June 2012

To ensure the project is completed within the budget which is $5,000,000.00

To make sure all the requirements stated in this project are fulfilled (as in the Software

and hardware)

To purchase and install a Biometric finger print scanner into the ATM.

To enhance the protection of customers’ information through the usage of biometric

(ATM)

47

1.7 PROJECT SCOPE

The project will develop new Automated Teller Machine (Biometric) technology; including

the following.

With the use of Java, HTML and CSS, this document describes the buying and installation of

a biometric ATM device, which is applicable to the regular banking transactions processes:

deposit, withdrawal, transfer of funds and balance query. Any changes will be assessed in

terms of impact to the project schedule, costs and resource usage.

This project will be limited to the installation of the biometric finger scanner and may not

discuss the manufacture of it. With more focus on the ATM functioning, this work will also

cover risks associated with the ATM work and the roles and responsibilities of the project

team will also be discussed.

2 PROJECT BUDGET PLAN

The project is planned with the following constraints:

Time: one year: once the biometric software product is installed on the ATM machines, it

will take one month for the client to install the physical ATM machines in their various

permanent locations. Three staff from outside of the consultants firm will be required to assist

in the requirements and detail design phases of the project, so as to lend their extensive ATM

experience to the project. Maintenance, the software will have to be designed such that

maintenance expenses do not exceed $100, 000 per year (software maintenance portion of the

total $ 600,000 budget.

2.1 Schedule and Budget Summary

The project has the following high-level schedule:

Delivery of baseline project plan: May 10, 2011.

Software products ready for operation: May 31, 2012

The project has a budget of $3, 000,000. Once the biometric software product is delivered,

annual maintenance costs should be no larger than $100, 000.

47

2.2 Evolution of the Plan

The plan is considered to be a dynamic document and will be updated monthly by default and

on an unscheduled basis as necessary. Scheduled updates to the plan will occur on the last

Friday of the month. Notification of scheduled and unscheduled updates to the plan were

communicated via e-mail and phone contact to all project participants according to the

Reporting Plan.

Once the initial plan is finished, a baseline of the plan will be created. Changes to the plan

will take place against this baseline. The plan will only receive further baselines if significant

change in the scope of the project occurs but this is very unlikely.

3.START-UP PLAN:

3.1 Estimation Plan

Schedule, Cost, and Resource Estimates: The estimation chart showing activities, estimated

duration, estimated cost, and estimated resource requirements will be shown.

3.2 Estimation methods

Schedule duration and work estimation for each leaf activity in the Work Breakdown

Structure (WBS) will be performed using a combination of the following methods and data

sources:

3.3 Resource input

For the resource(s) identified as being required to complete the activities here, they will

require an estimate of the amount of time required to complete the activities. A detailed

estimate will be presented here and broken down into sub-activity milestones. Sub-activity

milestones tied to the percentage of complete metric will force a consideration of everything

that is involved in the activity.

When more than one resource is assigned to the activity, their estimates will be collected

independently and, if substantially different, meetings will be held between the project

manager and all resources so that an agreement may be reached on a final estimate.

47

3.4 STAFFING PLAN

In terms of domain-specific knowledge as it relates to the development ATM software,

we have accommodated our limited experience in this area by recognizing the need for

two consultants from a company (that possess good biometric knowledge) with which

we have had a good working relationship in the purchase of the biometric finger

scanner. The two consultants whose services we will acquire from Banks etc. will fill our

knowledge gap in this area.

Human Resource Type Work

(hrs)

Key Periods

Required

Key project phase

(s)

Qt

y

Project Manager 1193 02/15/2011 to06/30/2012

All 1

System Architect 142 05/30/2011 to07/15/2011, 11/14/2011to

02/13/2012

Hardware design

and structuring

1

Programmer and web

designer

170 05/30/2011 to07/15/2011

Coding and web

designing

1

Consultants with detailed biometric ATMKnowledge

914 + 300 =1214

05/30/2011 to02/13/20012

Consultancy and

advice on the

biometric

implementation

2

Installation/Integration

Engineer

737 12/05/2011 to04/24/2012

Install and integrate

Biometric software

and other softwares

1

Quality, Verification

and Validation

Engineer

532 08/15/2011 to02/13/2012

Quality Assurance,

Software/Hardware

verification

1

Configuration

Engineer

225 05/30/2011 to07/31/2011

All (but mostwork up-frontduringdefinition)

1

47

Quality/Test Engineer 89 07/01/2011 to08/15/2011, 12/01/2011to 12/15/2011,03/01/2011 to05/31/2012

Hardware and

Software testing

1

Training/Support

Specialist

241 11/21/2011 to12/12/2011, 04/10/2012to

05/15/2012

Training and support 1

WORK PLAN

Work activities must be documented. Schedule allocation, Resource allocation and Budget

allocation must be recorded.

4.PROJECT ORGANIZATION

Process model

The project shall utilize a combination of Iterative and Waterfall development approach.

Content of each build shall be determined by the Program Manager with direct input from the

customer regarding need dates for required functionality.

4.1 PROJECT RESPONSIBILITIES

4.1.1 Organizational Management: Defines business needs, goals and objectives of the

project as well as defining the policies and procedures governing the project.

4.1.2 Program manager: The Project Manager shall be responsible for defining and

controlling project work activities and schedules. Other team members shall work in

47

conjunction with the project manager to define the elements of their task assignments,

establish a schedule baseline; collect metric data to assess performance against that baseline,

and conduct re-base lining activities as required. The Project Manager shall submit the initial

baseline and any baseline modifications to the Program Manager for verification.

4.1.3 System Architect: Hardware and software design and structuring. He is responsible

the rules, and standards employed in our project system  technical framework, plus customer

requirements and specifications, that the system's manufacturer follows in designing the

system's various components (such as hardware, software and networks).

4.1.4 Consultants with detailed biometric ATM knowledge: Consultancy and advice on

the biometric implementation, our biometric consultant providers will work closely with the

management and security personnel in your company to ensure that the identity solutions

they provide are integrated seamlessly into existing business processes. Each company is

unique and has different needs as well as each industry has different processes and

requirements.  These consultants will define and deliver customized services that will fit your

organization and business needs.

Risks can come from uncertainty in financial markets, project failures, legal liabilities, credit

risks, accidents, security breaches & employee misuse of company assets. Biometrics

Consultants will usually provide assistance in identifying, itemizing and assessing all threats

and security risks your company may have, and suggesting the best solution for your

requirements.

4.1.5 Programmer and web designer : Web Design, Software design and coding. He is

responsible for the development of the software specification. He also creates and documents

a conceptual and detailed design and writes a code based on a conceptual description of the

project logic.

4.1.6 Installation/integration Engineer: Install and integrate Biometric software and other

software into the project ATM system.

4.1.7 Quality, Test, Verification and Validation Engineer: He is responsible for verifying

and validation of problem resolutions to confirm proper and accurate resolution. He also

reapplies verification and validation to Work Products that are affected by a change that were

previously verified and validate.

47

The QA/Test Manager is responsible for verifying that the delivered product satisfies the

approved requirements; is responsible for documenting the results of the requirements

verification in a Test Analysis Report.

4.1.8 Training/Support Specialist: Training and Support

4.1.9 Configuration Engineer: He will analyse the impacts of problem resolution on other

configuration items. He will handle the maintenance of matrix of all customer approved

requirements and will oversee the requirements for change control process. The configuration

manager is also in charge of recording changes to requirements matrix and is responsible for

maintaining the modification history of requirements.

4.1.10 The Customer: The person(s) or organization(s) using the product of the project and

who determines the acceptance criteria for the product.

4.1.11 Steering Committee: includes management representatives from the key

organizations involved in the project oversight and control, and any other key stakeholder

groups that have special interest in the outcome of the project.

4.1.11 Project Team Management

The project manager will coordinates the project tasks assigned to team members. If there is

any changes to the project team, that require approval of the Project Manager and Project

Owner with the affected agency if relevant. Changes will be tracked in revisions to the

project plan.

4.2 RISK ASSESSMENT

The Risk Assessment in this project attempts to identify, characterize, prioritize and

document a mitigation approach relative to those risks which can be identified prior to the

start of the project.

Assessing the probability of occurrence and potential loss of each item listed

Ranking the items (from most to least dangerous)

Making a list of all of the potential dangers that will affect the project

The risk assessment will be precautionary monitored with the help of the project manager and

continuous update throughout the project life cycle. Monthly assessments will be included in

47

the status report and open to amendment by the Project Manager. The mitigation approaches

will be agreed upon by project leadership (based on the assessed impact of the risk, the

project’s ability to accept the risk, and the feasibility of mitigating the risk), it is necessary to

allocate time into each Steering Committee meeting, dedicated to identifying new risks and

discussing mitigation strategies. The Project Manager will convey amendments and

recommended contingencies to the Steering Committee monthly, or more frequently, as

conditions may warrant on the project.

PROJECT RISK ASSESSMENT TABLE

RISK RISK LEVEL

H/M/L

likelihood

of event

MINTIGATION PLAN

Project Size

Person Hours H: Over 10,000 Certainly Assigned project manager

Engaged constantly and

comprehensive management

approach proper

communication plan

Estimated project

schedule

H: 12 months Certainly Created a comprehensive

project timeline with frequent

baseline reviews

Team Size H: 12 members Certainly Comprehensive

communications plan, frequent

meetings, tight project

management oversight

Wrong coding H: System crashing Certainly Ensure the programmer is very

familiar with the coding

required for this ATM.

Use error detection software.

PROJECT

DEFINITION

Implementing a

biometric ATM

H: Incompatibility

with ATM the

system

Certainly Inform the biometric scanner

vendor for replacement of a

compatible biometric scanner

47

Available

documentation and

establishment

baseline

M: over 75%

completed

Likely Balance of information to be

gathered by the project manager

Project Scope L: Scope generally

defined, subject to

development

Unlikely The scope defined the project

plan, and it was reviewed by

two team, project manager and

steering committee to prevent

undetected scope creep

Consultant project

deliverable clear

L: well defined Unlikely Project manager and

consultants will work together

to fully establish a coherent and

relevant deliverables.

Project deliverables are subject

to amendment.

Sponsor project

deliverable

M: Estimated, not

clearly defined

Somewhat

likely

Re-evaluate the project estimate

if discovered it is not clearly

defined.

Cost estimate

unrealistic

L:Thoroughly

predicted by

industry experts

using proven

practices to 15%

margin of error

Unlikely Included in project plan, subject

to amendment as new details

regarding project scope are

revealed

Timeline realistic M: Timeline

assumes no

derailment

Somewhat likely Timeline reviewed

monthly by two team

Project manager and

steering committee to

prevent undetected

timeline departures

47

The Number of team

members

Unknowledgeable of

business

L:Team well

versed in business

operations

impacted

by technology

Unlikely Project Manager and

consultant to identify

knowledge gaps and

provide training, as

necessary

PROJECT

LEADERSHIP

Steering Committee

existence

L: Identified and

enthusiastic

Unlikely Frequently seek

feedback to ensure

continued support

Absence of the com-

mittee level/attitude

of management

L: Understands

value & supports

project

Frequently seek

feedback to ensure

continued support

Absence of commi-

tement level/attitude

L: Understands

value & supports

project

Unlikely Frequently seek feed-

back to ensure

continued support

Absence of commi-

tement by the

management

L: Most understand

value & support

project

Unlikely Frequently seek

feedback to ensure

continued support

PROJECT

STAFFING

Project Team

Availability

M: Distributed team

makes availability more

questionable

Somewhat likely Continuous review

of project

momentum by all

levels. Consultant to

identify any impacts

caused by

unavailability. If

47

necessary, increase

commitment by

participants to full

time status

Project team’s

share work

experience create

gaps during work

M: Some have worked

together before

Somewhat likely Comprehensive

Communications

Plan

Weak User

Participation on

Project Team

L: Users are part-time

team members

Unlikely User Group

Participants

coordinated by full

time employee

PROJECT

MANAGEMENT

Procurement

methodology used

for team

L:Procurement

methodology familiar to

team

Unlikely N/A

Quality

management

procedure

unclear

L: well defined and

accepted

Unlikely N/A

5 METHODS, TOOLS, AND TECHNIQUES (METHODOLOGY)

47

5.1 Development Methodology

The project shall use the waterfall software development methodology to deliver the software

products, with work activities organized according to a tailored version of those provided by

the IEEE Standard for Developing Software Life Cycle Processes (IEEE 1074-1997). The

decision to use the waterfall methodology is due to the following characteristics of the

project:

The product definition is stable

Requirements and implementation of the product are both very well-understood

Technical tools and hardware technology are familiar and well-understood

Waterfall methodology has proven successful for projects of this nature performed

The Software Project Management Plan (SPMP) shall be based on the IEEE Standard

for Software Project Management Plans (IEEE 1058-1998).

5.2 DEVELOPMENT TECHNIQUESThe requirement passed down to this project from the larger ATM project is that the software

be based on an open architecture using a Windows 7 -based platform and Windows Open

Services Architecture / eXtensions for Financial Services (WOSA/XFS). This architecture

allows us to use object-oriented methods and tools for analysis, design, and implementation.

We will use Object Modelling Technique (OMT) for this purpose.

5.3 TOOLSThe following work categories will have their work products satisfied by the identified tools:

Team member desktop foundation

Microsoft Windows 7 desktop operating system

Virtual Machine Ware Workstation 4.5 [virtual machine support – one VM per

active project]

Microsoft Office 2010 productivity application suite

MindJet MindManager X5 Pro [information organization, brainstorming]

Adobe Acrobat 6.0 [creating/viewing PDF files]

Project management

Microsoft Project 2007 [WBS, schedule/cost estimates, resource planning,

project control]

Terametric [internally-developed metrics collection database]

Microsoft Word 2010 [document preparation and revision]

Configuration Management & Change Management

47

5.4 Implementation

Microsoft Visual C++ [programming language, development tools and object code

generation]

Windows Software Development Kit (SDK) [programming support]

5.5 Testing

IBM Rational Robot [automated functional and regression testing]

4.6 Training

Microsoft PowerPoint 2010 [training presentations]

Online Performance Reporting

Microsoft Windows 7 Server Standard [server operating system]

Microsoft Internet Information Services 4.0 [web server software]

6 THE PROJECT TEAM

The following people and organizations are stakeholders in this project and are included in

the project planning.

Executive Sponsor/Owner:

Advocate for project: Daily Bank Berhad

Project Manager: The project manager will lead the planning and execution of the project.

He will also chair the workgroup and team members

Mark Francis from Boston limited

Project Workgroup: Plan and design and gives advice to the Implementation Workgroup

Mark Ikechukwu

Jessica Lee

Steering Committee:

Abinami A. Merlin

Waremate Kamaye

Chimezu Teo Lee

47

Project Team Management

Mark Francis

Programmer and web designer

Mark Flo

Installation /Integration Engineer

Knong Sekibo

Quality, verification and validation engineer

Mark Dickson

Configuration Engineer

Joe Francis

Quality/Test Engineer

McCatty Hector Cupa

Training and Support Specialist

Regal Thompson

7 PROJECT SCHEDULE

Below are the key project tasks and the responsible teams, estimate hours and the detailed

project schedule.

7.1 Schedule Management

The project Schedule will be emailed to team members and updated as tasks are completed.

Any changes to the schedule must be documented in a revised project schedule. Sign-off

from Project Manager is required. The project activities define and will identify the specific

project plan which must be performed to complete each deliverables. Activity sequencing

will be used to determine the order of project plan and assign responsibilities between project

activities. Project duration estimates will be used to calculate the number of work periods

47

required to complete the project. Resource estimating will be used to assign resources to

work packages in order to complete schedule development on time.

7.2 COMMUNICATION PLAN

NeoTech team members will continuously monitor and maintain the schedule of monthly

meetings, project manager and the sponsor. Unimportant meeting will be avoided; the team

members will always communicate through email and mobile phone. The team members and

project manager will report progress to the following groups at their request:

Daily Bank Coordinating Committee

Daily Bank Policy Board

Spreading knowledge and ideas about the project is very important for the success of the

project. The project team members likely desire the knowledge of the project plan and how

they can be of positive achievement. In addition, they should be ready to participate in the

project life cycle that will lead to the progress of the project. The framework for this project

plan will provide the team members the necessary requirement, by informing, involving, and

obtaining buy-in from the entire team members throughout the duration of this project

7.3 PROJECT ASSUMPTIONS

The assumptions are identifying during the project plan:

Daily Bank management is willing to adopt the changes of the business operation to take

advantage of the functionality offered by the new Biometric Automated Teller Machine

technology. NeoTech will ensure that project team members are available as needed to

complete project tasks and objectives. The Steering Committee participated in the timely

execution of the Project Plan (i.e., timely approval cycles and meeting as required). Any

mistake or failure to identify changes to draft deliverables within the time specified in the

project timeline will result in project delays. Project team members will adhere to the

Communications Plan. Also mid and upper management will foster support and “buy-in” of

project goals and objectives, and the Central Bank will ensure the existence of a

technological infrastructure that can support the Biometric Automated Teller Machine

technology. However, all project team members and others involve will abide by the

47

guidelines identified within this plan. The Project Plan may be adjust as new information and

issues are revealed within the project life cycle.

7.4 POTENTIAL BENEFITS

Several benefits can be obtained from ATMs equipped with biometric scanners or software:

Daily Bank Berhad could reduce costs and provide a more efficient and timely service to its

customers. As a financial institution, it can increase their unit costs while reducing their ATM

unit transaction costs and increasing their revenues by expanding their potential customer

base.

Pensioners and other welfare recipients could receive their benefits faster and in a move

convenient form. Security is also highly assured as only with their presence can any

transaction(s) be made with their ATM cards.

The public could benefit through a reduction in taxes as a result of a more efficient

government. Transaction processing services companies would increase their revenues with a

higher volume of transactions and from the provisioning of biometrics database and

verification services.

7.5 PROJECT CONSTRAINTS

The following represent known project constraints:

The resources and materials for funding the Project are limited. The project may be

delayed as a result of this.

Hardware and software availability may hinder the early finish of the overall project

as these are very important to the success of this project.

Due to the nature of law enforcement, resource availability is inconsistent.

7.6 CRITICAL PROJECT BARRIERS

47

Different from risks, the critical barriers of projects are insurmountable events which might

be destructive to a project readiness. The following can be critical possible barriers in this

project.

Withdrawal of project funding.

Natural disasters or acts of communal crisis.

Daily Banks Berhad could reduce their ATM project unit transaction costs. If this

should happen, the Project Plan would become handicapped.

There also are a number of barriers to the deployment of the system with a biometric scanner. Some people are not so familiar with computer or machine interface, and they have natural resistance to change inherent to most humans.

7.7 ISSUES ARISING IN MANAGEMENT

In a project plan, there are normally changes that will be required which may affect project as

it progresses. For any change is required, it is very essential to understand changes within the

project plan may impact at least some critical success factors like available time, available

resources like finance and personnel and the project quality. The decision by which to make

modifications to the Project Plan which includes project scope and resources) will be

coordinated by the following processes:

As soon as a change which impacts project scope, schedule, staffing or funding is noticed, the

Project Manager will document the issue as explained by any member of the project team e.g.

the system architect. The Project Manager will review the change and determine the

associated impact to the project and will forward the issue, along with a recommendation, to

the Steering Committee for review and decision.

On receiving that, the Steering Committee will try and reach an agreement on whether

to approve, reject or modify the request depending on the information contained

within the project plan, the Project Manager’s recommendation and their personal

decision.

Should the Steering Committee be unable to reach consensus on the approval or

denial of a change made by a member of the project team (tabled by the project

manager), the issue will be forwarded to the Project Sponsor (Daily Banak Berhad),

for ultimate resolution.

47

If required under the decision matrix or due to a lack of consensus or solution, the

Project Sponsor shall review the issue(s) and render a final decision on the approval

or denial of the requested/required change.

Following an approval or denial (by the Steering Committee or Project Sponsor), the

Project Manager will notify the original requestor of the action. There may be no

appeal process to this.

PROJECT MANAGEMENT APPROACH

Project Roles and Responsibilities

ROLE RESPONSIBILITIES Participant(s)

Project Sponsor Ultimate decision-maker

and tie-breaker

Provide project oversight

and guidance

Review some project

elements e.g. what should

be adopted in the project

and what should not.

Daily Bank Berhad

Steering Committee Commits / utilize department

resources

Approves major funding and

resource allocation strategies, and

significant changes to

funding/resource allocation

Resolves conflicts and issues

Provides direction to the Project

Manager

Reviews project deliverables

Waremate Kamaye

Abinami A. Merlin

Chimezu Teo Lee

Project Manager Manages project in accordance

to the project plan

Serves as liaison to the Steering

Committee

Mark Francis

47

Receive guidance from Steering

Committee

Works with the consultants

which provide consultancy and

advice on the biometric

implementation. The consultants

also assess all threats and security

related to the biometric ATM.

Provide overall project direction

Direct/lead team members

toward project objectives

Handle problem resolution

Manages the project budget

Project Team Understand the user needs and

business processes of the

area(Project manager)

Mark Francis

Responsible for identifying risks

that may compromise the success

of the project.

(Risk Manager)

Omah Dick Chizehbudu

Review and creates codes for

project deliverables

(Programmer)

David Obama Benson

Creates or helps create work

products (System Architect)

Kenneth Othman

Analyses the impacts of problem

resolution on other configuration

items.

(Configuration Engineer)

Putri Malam

Verifies that the delivered products

satisfy the approved requirements

(Quality/Test Engineer)

Frank MCPabulo

Installing and integration of Knong Sekibo

47

Biometric software and other

softwares

(Installation/Integration

Engineer)

Helps identify and remove project

barriers (Quality/Test manager)

McCatty Hector Cupa

Provides Training and Support

(Training/Support Specialist)

Regal Thompson

7.8 MONTHLY STEERING COMMITTEE MEETING

At every month meeting are held and it’s been organized by the project manager. The

steering committee are present in the meeting and as well all the team members, the project

manager ensure that all team members get the report memo earlier before the meeting time to

enable them review it.

8 BIOMETRIC ATM SECURITY

It is important to mention that in parallel to the development of the industry different modes

of fraud have made it necessary to reinforce the levels of security utilized in ATMs; this leads

to the theme of this investigation Daily Bank to adapt biometric technology to her ATM

networks.

Biometrics offers a technological solution to the authentication of individuals. Biometrics

confirms that the actual person, rather than merely his or her token or identifier, is present.

Thus, biometrics may reduce the effort of a person’s trying to identify himself and in doing

so potentially reduce the chances of authentication fraud.

8.1 BIOMETRIC TECHNOLOGY

The term biometrics comes from the word bio (life) and metric (measurement). Biometric

equipment has the capability to measure, codify, compare, store, transmit, and/or recognize a

specific characteristic of a person with a high level of precision and trustworthiness.

Biometric technology is based on the scientific fact that there are certain characteristics of

47

living forms that are unique and not repetitive for each individual; these characteristics

represent the only technically viable alternative to positively identify a person. Without the

use of other forms of identification more susceptible to fraudulent behaviour

8.2 CARDS WITH MAGNETIC BANDS

The plastic cards with magnetic bands date back to more than 30 years. The financial sector

has used them as a means to making payments and to offer access to the financial services for

clients. The magnetic band contains unique information for every card allowing for user

identification and providing access to its products through the various electronic channels. In

order to provide access to these products, cards with magnetic bands are normally associated

to a personal identification number (PIN) which is initially assigned by the entity issuing the

card and, in some cases, the client can then change it at his/her convenience. The card and the

PIN are directly related to the user identification and allow for the utilization of electronic

channels just like as is the case with the ATMs.

8.3 BIOMETRIC TYPES

Two specific types of biometrics applications:

Biometrics for identification: Those that require identifying an individual from

the set of all possible users (by matching an acquired biometrics image to all

possible templates)

Biometrics for verification: Those that require verifying a particular identity

(by matching an acquired biometrics image against a specific template)

8.4 TRANSACTION FUNCTIONALITY

We have described the various elements that intervene in an ATM transaction, the card and

the ATM components. Figure 1 shows the sequence of events involved in the authorization

process together with the functionality of the central authorization system to which the ATM

is connected.

47

Source: http://www.biometric atmmarketplace.com/article.php?id=10808

8.5 TRANSACTION SECURITY

Biometrics is being used to secure many different transactions, including those taking place at

a single server or over a network, the Internet, or telephones, mostly in ATMs Etzel et al

(2004). However, remote biometrics authentication is neither trivial nor full lproof. The

assumption that anyone who can provide my fingerprint can also complete any transaction in

my name is risky. That is why customers require a trusted biometrics sensor, one that is

sufficiently tamper resistant and provides trustworthy levelness detection.

Biometric identification is utilized to verify a person’s identity by measuring digitally certain

human characteristics and comparing those measurements with those that have been stored in

a template for that same person. Templates can be stored at the biometric device, the

institution’s database, a user’s smart card, or a Trusted Third Party (TTP) Service Provider’s

database. Where database storage is more economic than plastic cards, the method tends to

lack public acceptance; however, Polemi (1997) found that TTPs can provide the confidence

that this method is missing by managing the templates in a trustful way.

47

8.6 Components of a Biometric System

The processes associated with a biometric methodology: enrolment,

identification/verification, and learning.

Source: http://www.biometric atmmarketplace.com/article.php?id=10808

47

Source: http://www.biometric atmmarketplace.com/article.php?id=10808

8.7 Enrolment: Prior to an individual being identified or verified by a biometric device, we

must complete the enrolment process with the objective of creating a profile of the user.

Enrolment is a relatively short process, taking only take a few minutes and consisting of the

following steps:

1. Sample Capture: the user allows for a minimum of two or three biometric readings, for

example: placing a finger in a fingerprint reader. The quality of the samples, together with the

number of samples taken, will influence the level of accuracy at the time of validation. Not

all samples are stored; the technology analyzes and measures various data points unique to

each individual. The number of measured data points varies in accordance to the type of

device.

2. Conversion and Encryption: the individual’s measurements and data points are converted

to a mathematical algorithm and encrypted. These algorithms are extremely complex and

cannot be reversed engineered to obtain the original image. The algorithm may then be stored

as a user’s template in a number of places including servers, PCs, or portable devices such as

PDAs or smart cards.

3. Identification and Verification. Once the individual has been enrolled in a system, he/she

can start to use biometric technology to have access to networks, computer centres, buildings,

personal accounts, and to authorize transactions. Biometric technology determines when a

47

person could have access in one of the two forms be it identification or verification. Some

devices have the ability to do both.

4. Identification: a one-to-many match. The user provides a biometric sample and the system

looks at all user templates in the database. If there is a match, the user is granted access,

otherwise, it is declined.

5. Verification: a one-to-one match requiring the user provides identification such as a PIN

or a smart card in addition to the biometric sample. In other words, the user is establishing

who he/she is and the system simply verifies if this is correct. The biometric sample with the

provided identification is compared to the previously stored information in the data base. If

there is a match, access is provided, otherwise, it is declined.

Learning. Each time the user utilizes the system the template is updated through learning

processes taking into account gradual changes due to age and physical growth. These are later

utilized by the system to determine whether to grant or deny access.

Source: http://www.atmmarketplace.com/article.php?id=10883

47

8.8 Technical Model Development

The integration of the two technologies requires the incorporation of the fingerprint sensor to

the ATM, and the interaction of the biometric system with the ATMs and the authorizing

system. The following steps outline in more detail the necessary modifications:

1. We start by connecting the biometric system to the same network utilized by the ATMs

and authorization system. The biometric system needs to be compatible with the

communications protocol (most likely TCP/IP) utilized by the other devices.

2. The biometric system will need software to allow it to “listen” to the network

communications for messages directed to it, and to create messages for the other devices.

3. The fingerprint sensor is installed on the ATM; it will have the capability to connect (via

the network) to the biometric system. It also needs to be protected from vandalism and be

weather -resistant.

4. Through software changes, the ability to identify a customer requiring fingerprinting will

be incorporated to the ATM. User screens will be created to guide the client through the

process of entering the fingerprint and receiving notification of fingerprint acceptance or

denial.

5. The authorizing system software needs to identify when a transaction requires

fingerprinting so that it can prompt the ATM to present the screen(s) requesting the user to

place his finger on the reader, at the same time in which it instructs the biometric system to

read and validate the fingerprint for transaction authorization. The authorizing system will

also be modified to accept the validation results from the biometric system and enter it into its

log. Once the ATM, authorizing system and biometric system have been interconnected, the

validation database needs to be built through the “enrolment” process. User information

(name, address, telephone number, etc.) needs to be entered together with a key identifier

such as card number, social sec unity number, voter’s registration number, etc. After all the

information is entered, the application activates the sensor and fingerprint(s) are read; the

program can make multiple readings, until it ascertains the quality of the sample meets the

pre-established standards for validation. Application software can register prints for up to 10

fingers per individual. Figure: shows the sequence of events involved in a transaction

validation utilizing the biometrics-equipped ATM system model.

47

8.9 Integrated model transaction validation sequence of events

Business Model Development Today, banks , other financial institutions and, increasingly,

retailers are offering Automatic Teller Machines (ATMs) as a service , through the utilization

of “transaction processing” service companies who offer the daily management of the

network infrastructure, the authorization systems, and the inter -connection of ATMs to

multiple credit/bank card providers. Banks, other financial institutions and retailers pay these

banking services a fee based on a fixed subscription cost as well as a variable cost associated

with the volume and types of customers and transactions. The banks then charge their

customers, typically, on a per transaction basis. ATM service is no longer seeing as a

competitive advantage, but as a necessity to maintain the customer base.

9 UML Diagram of the sysyem

USECASE DIAGRAM FOR NORMAL ATM TRANSACTION

Source: http://www.atmmarketplace.com/article.php?id=10883

47

9.1 Flows of Events for Individual Use Cases

System Startup Use case

The system is started up when the operator turns the operator switch to the "on" position. The

operator will be asked to enter the amount of money currently in the cash dispenser, and a

connection to the bank will be established. Then the servicing of customers can begin.

Source: http://www.atmmarketplace.com/article.php?id=10883

9.2 Transaction Use Case

Note: Transaction is an abstract generalization. Each specific concrete type of transaction

implements certain operations in the appropriate way. The flow of events given here

describes the behavior common to all types of transaction. The flows of events for the

individual types of transaction (withdrawal, deposit, transfer, inquiry) give the features that

are specific to that type of transaction.

A transaction use case is started within a session when the customer chooses a transaction

type from a menu of options. The customer will be asked to furnish appropriate details (e.g.

47

account(s) involved, amount). The transaction will then be sent to the bank, along with

information from the customer's card and the PIN the customer entered.

If the bank approves the transaction, any steps needed to complete the transaction (e.g.

dispensing cash or accepting an envelope) will be performed, and then a receipt will be

printed. Then the customer will be asked whether he/she wishes to do another transaction.

If the bank reports that the customer's PIN is invalid, the Invalid PIN extension will be

performed and then an attempt will be made to continue the transaction. If the customer's

card is retained due to too many invalid PINs, the transaction will be aborted, and the

customer will not be offered the option of doing another.

If a transaction is cancelled by the customer, or fails for any reason other than repeated

entries of an invalid PIN, a screen will be displayed informing the customer of the reason for

the failure of the transaction, and then the customer will be offered the opportunity to do

another.

The customer may cancel a transaction by pressing the Cancel key as described for each

individual type of transaction below.

All messages to the bank and responses are recorded in the ATM's log.

Source: http://www.atmmarketplace.com/article.php?id=10883

47

9.3 Withdrawal Transaction Use Case

A withdrawal transaction asks the customer to choose a type of account to withdraw from

(e.g. checking) from a menu of possible accounts, and to choose a dollar amount from a menu

of possible amounts. The system verifies that it has sufficient money on hand to satisfy the

request before sending the transaction to the bank. (If not, the customer is informed and asked

to enter a different amount.) If the transaction is approved by the bank, the appropriate

amount of cash is dispensed by the machine before it issues a receipt. (The dispensing of cash

is also recorded in the ATM's log.)

A withdrawal transaction can be cancelled by the customer pressing the Cancel key any time

prior to choosing the dollar amount.

Source: http://www.atmmarketplace.com/article.php?id=10883

47

9.4 Deposit Transaction Use Case

A deposit transaction asks the customer to choose a type of account to deposit to (e.g.

checking) from a menu of possible accounts, and to type in a dollar amount on the keyboard.

The transaction is initially sent to the bank to verify that the ATM can accept a deposit from

this customer to this account.

If the transaction is approved, the machine accepts an envelope from the customer containing

cash and/or checks before it issues a receipt. Once the envelope has been received, a second

message is sent to the bank, to confirm that the bank can credit the customer's account -

contingent on manual verification of the deposit envelope contents by an operator later. (The

receipt of an envelope is also recorded in the ATM's log.)

A deposit transaction can be cancelled by the customer pressing the Cancel key any time

prior to inserting the envelope containing the deposit. The transaction is automatically

cancelled if the customer fails to insert the envelope containing the deposit within a

reasonable period of time after being asked to do so.

47

Source: http://www.atmmarketplace.com/article.php?id=10883

47

Source: http://www.atmmarketplace.com/article.php?id=10883

9.5 User Interface Design

A user interface is a friendly means by which users of a system can interact with the system

to process inputs and obtain outputs. It is also a means of communication between the human

user and the system through the use of input/output devices with supporting software. This

particular ATM application is made up of 6 interfaces, which include; Login Interface, Enroll

Fingerprint Interface, Transaction Type Selection Interface, Withdrawal Interface, Deposit

Interface, and View statement of Account Interface.

This interface is the very first interface the bank customer interacts with on the ATM

machine. This interface prompts the customer to insert ATM card and proceeds with the

entire authentication processes, that is, inputting the ID (or card number) and PIN number

(see figure 3). If the user enters an invalid card number or PIN number, a dialogue box

47

appears prompting an invalid PIN or invalid card number and the system returns enter a valid

PIN number. A typical description of this is shown in figure 4. After validating the

customer’s card and PIN number, the customer is directed to the next phase of the

authentication process via the authentication dialogue box for inputting the fingerprint.

9.6LOGIN INTERFACE

47

Login interface response to invalid interface

9.7 Fingerprint Interface

This is the final interface the customer interacts with in the authentication process. It requests

from the customer the enrolment of his/her fingerprint to be placed on a Fingerprint reader.

The fingerprint reader accepts the fingerprint and seeks to match the live sample with the

already enrolled templates in the banks database. If match is confirmed it will finally

authenticate customer else it will deny customer access to his/her bank account.

47

The fingerprint of an individual is very peculiar to that individual since no two individuals

can have the same fingerprint. The fingerprint reader captures the fingerprint features of an

individual and search for a match of fingerprint brought up for identification among the

stored fingerprints in the database.

The fingerprints stored are kept alongside the other ID’s (Pin and Card Numbers) and the

corresponding biometric templates are kept in the database. When the fingerprint is found

correct, the customer is taken to the transaction phase where he/she will choose among the

transactions (deposit or withdrawal), otherwise the customer is denied access and the system

brings up a dialogue box for which the customer can choose Ok, and as soon as this done the

system automatically log off the customer.

47

9.8 Invalid Fingerprint Interface

Withdrawal Interface

This interface enables the customer withdraw money from his/her account. It shows the

customers current balance by subtracting the amount withdrawn from the previous account

balance. After the customer has completed all his/her withdrawals, a dialogue box pops up

notifying the customer of his/her successful withdrawal transaction. The interface is shown

below.

47

10 RISK ANALYSIS AND MITIGATION PLAN

What is Risk?

Risk is defined as "The possibility of suffering harm or loss; danger." Even if we're not

familiar with the formal definition, most of us have an innate sense of risk. We are aware of

the potential dangers that permeate even in simple daily activities, from getting injured when

cut a steal. Although we prefer not to dwell on the myriad of hazards that surround us, these

risks shape many in our daily activities. Experience (our safety officer) has outline to us take

precaution on everything we do whereas safety is our one priority in this project.

10.1 RISK ASSESSMENT

Making a list of all of the potential dangers that will affect the project

Assessing the probability of occurrence and potential loss of each item listed

Ranking the items (from most to least dangerous)

47

10.2 RISK CONTROL

- Coming up with techniques and strategies to mitigate the highest ordered risks

- Implementing the strategies to resolve the high order risks factors

- Monitoring the effectiveness of the strategies and the changing levels of risk

throughout the project

10.3 WORK BREAKDOWN STRUCTURE

WORK BREAKDOWN STRUCTURE

Project Manager

Manager

Configuration Engineer

Programmer & Web Designer

System Architect

Verification &Validation Engineer

Installation/integration Engineer

Project Sponsor

Training & Support Specialist

Test Manager

47

11 COST ESTIMATES

11.1 Maintainence Cost

Maintenance plays an important role in the life cycle of a software product. It is estimated

that there are more than 100 billion lines of code in production in the world. As much as 80%

of it is unstructured, patched and not well documented. Maintenance can alleviate these

problems. As products age, it becomes more difficult to keep them updated with new user

requirements. Maintenance costs developers time, effort, and money. This requires that the

maintenance phase be as efficient as possible. In fact, a substantial proportion of the

resources expended within the Information Technology industry goes towards the

maintenance of software systems.

11.2 Training And Labour Cost

The Labour costs are the core expenditure borne by employers for the purpose of employing

staff. They include employee compensation, with wages and salaries in cash and in kind,

employers’ social security contributions and employment taxes regarded as labour costs

minus any subsidies received. The cost of labour includes both direct and indirect labour

costs. Hourly direct labour costs may be defined as direct hourly pay: basic pay plus

overtime, shift and other regularly paid premiums. In addition, there may be additional

elements of direct labour costs such as holiday pay, Christmas bonus payments and irregular

cash payments and bonuses. Indirect costs of labour include employer contributions to social

security funds, sick pay, other social payments and vocational training costs.

11.3 Utility Cost

Utility Costs includes all organization costs that can only be indirectly associated with the

finished inventory, that is, all organization costs incurred in making a product other than the

costs of direct materials and direct labor. In terms of cost behavior, some of these costs do not

change in total even if the number of products manufactured increases or decreases from

period to period; the behavior of these costs is said to be a fixed cost. For example, the

monthly rent would not fluctuate based on the number of units produced during a particular

month.

47

Personnel

Description

Total Working

Hour

Wages per

Hour ($)

No of

personnel

Total ($)

Design Engineer 80 90 5 36,000.00

System Analyst 50 50 1 2,500.00

Programmer 100 55 5 27,500.00

Total 66,000.00

The CSMS comprises of seven major deliverables with their associated work packages.The design of

the various tasks or packages can be done simultaneously by five design engineers. The system

Analyst will monitor the requirements of the system for quality conformance. The programmers

then develop the programs with the required technology concurrently and interface the various

modules.

No Description Total ($)

1 Yearly maintenance cost 90,000.00

2 Developement 70,171.00

3 Yearly training 1,000.00

4 labour cost 2,000*20 Employee= 40,000.00

5 Increase revenue 45,000.00

6 Installation 1,500.00

7 Reduce utility cost 5,000.00

Total 4,000,000.00

Other Project Cost Estimates

General Total = 4,000,000.00 + 66,000.00 = $ 4,660,000.00

47

CONCLUSION

This project is designed to meet the requirements of Daily Bank Berhad System. It has been

developed in visual basic and MicroSoft Access keeping focus on the specifications of the

system. Daily Bank Berhad System’s objectives are to provide a system that can manage her

banking transaction services in an efficient and effective manner that will increased the

security of her customers. Without biometric automation the management of Daily Bank

Berhad would face difficulties and unmanageable tasks.

The end users’ day-to-day jobs of managing Daily Bank Berhad will be simplified by a

considerable amount through the Biometric automated system. The system is provided to

handle numerous services that can take care of all customers’ transaction process in a more

secured quick manner. The system is user friendly and appropriately effective and efficient,

easy to use, provide easy recovery of errors and have an overall end user high subjective

satisfaction.

47

Gantt Chart

47

REFERENCES

NetWorld Alliance, “Timeline: The ATM's history”, 2003, available online: http://www.atm24.com/NewsSection/Industry%20News/Timeline%20%20The%20ATM%20History.aspx

R. London (2008) “Global ATM Market and Forecasts to 2013”, Retrieved November 1st, 2011, from online at www.rbrlondon.com

ATM Market Place (2009) “ATM scam nets Melbourne thieves $ 500,000,”Retrieved October, 30th, 2011 from http://www.atmmarketplace.com/article.php?id=10808

ATM Market Place. (2009). “Australian police suspect Romanian gang behind $ 1 million ATM scam‘”, Retrieved November 3rd, 2011, from http://www.atmmarketplace.com/article.php?id=10883

BBC News (2009). “Shoppers are targeted in ATM scam‘”, Retrieved October 21st, 2011 from http://news.bbc.co.uk/2/hi/uk_news/england/tees/4796002.stm

B., Mond (1999) Understanding security APIs. Ph.D. Thesis, Computer Laboratory, University of Cambridge, 2004.

Etzel, M.J., Walker, B.J., & Stanton, W.J. (2004). Marketing, 13th edition, In Etzel, M.J.,Walker, B.J., & Stanton, W.J. (Eds). Channel of distribution, Boston,Mass.: McGraw-Hill/Irwin.

Frankel, R., Goldsby, T.J., & Whipple, J.M. (2002). Grocery industry collaboration in thewake of ECR. International Journal of Logistics Management, 13(1), 57-72.

M. Bond and P. Zielinski (2003), “ Decimalisation table attacks for PIN Cracking”,, Technical report (UCAM-CL-TR-560), Computer Laboratory, University of Cambridge, 2003.

M. Bond and P. Zielinski (2003) Encrypted? Randomised? Compromised? (When cryptographically secured data is not secure).In Workshop on Cryptographic Algorithms and their Uses, Gold Coast, Australia, July 2004

O. Berkman and O. M. Ostrovsky. The unbearable lightness of PIN cracking. In Financial Cryptography and Data Security (FC), Scarborough, Trinidad and Tobago, Feb. 2007.

SpiderLabs (2009) ATM Malware Analysis Briefing, Retrieved May 15, 2010, from https://www.trustwave.com/spiderLabspapers.php

47