SYSTEM REQUIRMENT SPECIFICATIONS FOR ElECTRONIC BANKING

The objective of the project is to design and develop Secure online Banking Application
using Antiphishing concept
Some customers avoid online banking as they perceive it as being too vulnerable
to fraud. The security measures employed by most banks are never 100% safe, but in
practice the number of fraud victims due to online banking is very small. Indeed,
conventional banking practices may be more prone to abuse by fraudsters than online
banking. Credit card fraud, signature forgery and identity theft are far more widespread
"offline" crimes than malicious hacking. Bank transactions are generally traceable and
criminal penalties for bank fraud are high. Online banking can be more insecure if users
are careless, gullible or computer illiterate. An increasingly popular criminal practice to
gain access to a user's finances is phishing, whereby the user is in some way persuaded
to hand over their password(s) to the fraudster.

THE EXISTING SYSTEM:

The system will check the user’s existence in the database and provide the set of
services with respect to the role of the user. The application is based on three-tier
architecture. The cipher key obtained will help to find the fraud application. The
business logic helps in authenticating the application, authorizing the users and
providing services. The technologies are chosen by keeping the compatibility and
performance as the constraints for the application.

Further Drawbacks of the Existing System:

The following are the drawbacks of the existing manual System.

Time Delay: In the existing system, information related to all transactions is stored in
different registers. Since all the transactions are stored in different registers it takes lot
of time to prepare different reports.
Redundancy: As the information passes through different registers, each register is
consolidated and sent to next register. So the same information is being tabulated at
each register, which involves lot of complication and duplication in work, thus it causes
redundancy.

Accuracy: Since the same data is compiled at different sections, the possibility of
tabulating data wrongly increases. Also if the data is more, validations become difficult.
This may result in loss of accuracy of data.

Information Retrieval: As the information is stored in the particular Format, it can

only be retrieved in the same format. But if it is to be retrieve in different format, it is
not possible.

Storage Media: In the existing system, data transaction being stored on too long
registers it is very difficult to refer after some time.

Reports: At the various reports are tabulated manually. They are not such
Attractive and require more time. They do not provide adequate help in maintaining the
accounts.

Enquiry: Enquiry for different level of information is much more difficult. On

Line enquiry of data is not possible.

PROPOSED SYSTEM

System analysis will be performed to determine if it is feasible to design information

based on policies and plans of the organization and on user requirements and to
eliminate the weaknesses of the present system.

General requirements are: -

1. The new system should be cost effective.
2. To augment management, improve productivity and services.
 3. To enhance User/System interface.
4. To improve information qualify and usability.
5. To upgrade system’s reliability, availability, flexibility and growth potential.

Developers Responsibilities Overview:

The developer is responsible for:

1) Developing the system, which meets the SRS and solving all the requirements of the
system?

2) Demonstrating the system and installing the system at client's location after the
acceptance testing is successful.

3) Submitting the required user manual describing the system interfaces to work on it
and also the documents of the system.

4) Conducting any user training that might be needed for using the system.

5) Maintaining the system for a period of one year after installation

Functional Requirements:

Inputs: The major inputs for “Anti Phishing— The Fraud Detection in Online Banking”
can be categorized module -wise. Basically all the information is managed by the
software and in order to access the information one has to produce one's identity by
entering the user-id and password. Every user has their own domain of access beyond
which the access is dynamically refrained rather denied.

Output: The major outputs of the system are tables and reports. Tables are created
dynamically to meet the requirements on demand. Reports, as it is obvious, carry the
gist of the whole information that flows across the institution.
 This application must be able to produce output at different modules for different
inputs.

Performance Requirements:

Performance is measured in terms of reports generated weekly and monthly.

SOFTWARE AND HARDWARE SPECIFICATIONS

Hardware:

Processor : Intel Pentium III or Above

Ram : 256 MB or more

Cache : 512 KB

Hard disk : 16 GB hard disk recommended for primary partition.

Software:

Opera ting system : Windows XP or later

Front End Software : ASP.NET (C# .NET)

Back End Software : SQL Server 2005

MODULE DESCRIPTION:

What is AntiPhishing?

Phishing attacks use both social engineering and technical subterfuge to steal
consumers' personal identity data and financial account credentials. Social-engineering
schemes use 'spoofed' e-mails to lead consumers to counterfeit websites designed to
trick recipients into divulging financial data such as credit card numbers, account
usernames, passwords and social security numbers. Hijacking brand names of banks, e-
retailers and credit card companies, phishers often convince recipients to respond.
Technical subterfuge schemes plant crime ware onto PCs to steal credentials directly,
often using Trojan keylogger spyware.

Post-Holiday Phishing Surge Breaks Record

Phishing Attacks in January Rise to New Peak, 5% More Than Previous High
Last June

More Than Previous High Last June

 Crimeware Mutations Rise to Second Record in Two Months

Further Drawbacks of the Existing System:

The following are the drawbacks of the existing manual System.

Time Delay: In the existing system, information related to all transactions is stored in
different registers. Since all the transactions are stored in different registers it takes lot
of time to prepare different reports.

Redundancy: As the information passes through different registers, each register is

consolidated and sent to next register. So the same information is being tabulated at
each register, which involves lot of complication and duplication in work, thus it causes
redundancy.

Accuracy: Since the same data is compiled at different sections, the possibility of
tabulating data wrongly increases. Also if the data is more, validations become difficult.
This may result in loss of accuracy of data.
Information Retrieval: As the information is stored in the particular Format, it can
only be retrieved in the same format. But if it is to be retrieve in different format, it is
not possible.

Storage Media: In the existing system, data transaction being stored on too long
registers it is very difficult to refer after some time.

Reports: At the various reports are tabulated manually. They are not such
Attractive and require more time. They do not provide adequate help in maintaining the
accounts.

Enquiry: Enquiry for different level of information is much more difficult. On

Line enquiry of data is not possible.

SDLC METHODOLOGIES

This Document plays a vital role in the development life cycle (SDLC) as it describes the
complete requirement of the system. It is meant for use by the developers and will be
the basic during testing phase. Any changes made to the requirements in the future will
have to go through formal change approval process.

WATER FALL MODEL was being chosen because all requirements were known beforehand
and the objective of our software development is the computerization/automation of an
already existing manual working system.
The developer is responsible for:
 Developing the system, which meets the SRS and solving all the requirements of the
system?
 Demonstrating the system and installing the system at client's location after the
acceptance testing is successful.
 Submitting the required user manual describing the system interfaces to work on it
and also the documents of the system.
 Conducting any user training that might be needed for using the system.
 Maintaining the system for a period of one year after installation.
Advantages
 Testing is inherent to every phase of the waterfall model
 It is an enforced disciplined approach
 It is documentation driven, that is, documentation is produced at every
stage

INPUT DESIGN

Input design is a part of overall system design. The main objective during the input
design is as given below:
 To produce a cost-effective method of input.
 To achive the highest possible level of accuracy.
 To ensure that the input is acceptable and understood by the user.

INPUT STAGES:
The main input stages can be listed as below:
 Data recording
 Data transcription
 Data conversion
 Data verification
 Data control
 Data transmission
 Data validation
  Data correction
INPUT TYPES:
It is necessary to determine the various types of inputs. Inputs can be categorized as
follows:
 External inputs, which are prime inputs for the system.
 Internal inputs, which are user communications with the system.
 Operational, which are computer department’s communications to the system?
 Interactive, which are inputs entered during a dialogue.
INPUT MEDIA:
At this stage choice has to be made about the input media. To conclude about the
input media consideration has to be given to;
 Type of input
 Flexibility of format
 Speed
 Accuracy
 Verification methods
 Rejection rates
 Ease of correction
 Storage and handling requirements
 Security
 Easy to use
 Portabilility
Keeping in view the above description of the input types and input media, it can be said
that most of the inputs are of the form of internal and interactive. As
Input data is to be the directly keyed in by the user, the keyboard can be considered to
be the most suitable input device.
OUTPUT DESIGN

Outputs from computer systems are required primarily to communicate the results of
processing to users. They are also used to provide a permanent copy of the results for
later consultation. The various types of outputs in general are:
 External Outputs, whose destination is outside the organization.
 Internal Outputs whose destination is with in organization and they are the
  User’s main interface with the computer.
 Operational outputs whose use is purely with in the computer department.
 Interface outputs, which involve the user in communicating directly with
OUTPUT DEFINITION
The outputs should be defined in terms of the following points:
 Type of the output
 Content of the output
 Format of the output
 Location of the output
 Frequency of the output
 Volume of the output
 Sequence of the output

It is not always desirable to print or display data as it is held on a computer. It should be

decided as which form of the output is the most suitable.
For Example
 Will decimal points need to be inserted
 Should leading zeros be suppressed.
OUTPUT MEDIA:
In the next stage it is to be decided that which medium is the most appropriate for the
output. The main considerations when deciding about the output media are:
 The suitability for the device to the particular application.
 The need for a hard copy.
 The response time required.
 The location of the users
 The software and hardware available.

Keeping in view the above description the project is to have outputs mainly
coming under the category of internal outputs. The main outputs desired according to
the requirement specification are:

The outputs were needed to be generated as a hot copy and as well as queries to
be viewed on the screen. Keeping in view these outputs, the format for the output is
taken from the outputs, which are currently being obtained after manual processing.
The standard printer is to be used as output media for hard copies.
FEASIBILITY STUDY

TECHINICAL FEASIBILITY:

Evaluating the technical feasibility is the trickiest part of a feasibility study. This is because, at this
point in time, not too many-detailed design of the system, making it difficult to access issues like
performance, costs on (on account of the kind of technology to be deployed) etc.

A number of issues have to be considered while doing a technical analysis.

i) Understand the different technologies involved in the proposed system:

Before commencing the project, we have to be very clear about what are the

Technologies that are to be required for the development of the new system.

ii) Find out whether the organization currently possesses the required technologies:
Is the required technology available with the organization?

If so is the capacity sufficient?

For instance –

“Will the current printer be able to handle the new reports and forms required for the new system?”

OPERATIONAL FEASIBILITY:

Proposed projects are beneficial only if they can be turned into information systems that will meet the
organizations operating requirements. Simply stated, this test of feasibility asks if the system will work
when it is developed and installed. Are there major barriers to Implementation? Here are questions that
will help test the operational feasibility of a project:

 Is there sufficient support for the project from management from users? If
the current system is well liked and used to the extent that persons will not be

able to see reasons for change, there may be resistance.

 Are the current business methods acceptable to the user? If they are not,
Users may welcome a change that will bring about a more operational and useful systems.

 Have the user been involved in the planning and development of the project?
Early involvement reduces the chances of resistance to the system and in

General and increases the likelihood of successful project.

Since the proposed system was to help reduce the hardships encountered

In the existing manual system, the new system was considered to be operational feasible.

ECONOMIC FEASIBILITY:

Economic feasibility attempts 2 weigh the costs of developing and implementing a new system,
against the benefits that would accrue from having the new system in place. This feasibility study gives
the top management the economic justification for the new system.

A simple economic analysis which gives the actual comparison of costs and benefits are much
more meaningful in this case. In addition, this proves to be a useful point of reference to compare actual
costs as the project progresses. There could be various types of intangible benefits on account of
automation. These could include increased customer satisfaction, improvement in product quality better
decision making timeliness of information, expediting activities, improved accuracy of operations, better
documentation and record keeping, faster retrieval of information, better employee morale.

SOFTWARE REQUIREMENT SPECIFICATION

REQUIREMENT SPECIFICATION:

The Project “Anti Phishing— The Fraud Detection in Online Banking” is mainly designed to
maintain the security for the user accounts by encrypting and decrypting the passwords using
antiphishing concept

 Phishing is a trick to trap a user to give his/her personal information.

  A Hacker creates a duplicate website which is a replica of the original genuine
website.

 Now, the Hacker sends an e-mail to a user (here, a bank customer) giving a link
and saying that his account needs to be updated or his account has been locked
and asking him to send his account details immediately.

 Now, the customer may fall for his trick and clicks the link, because the link would
look similar to the genuine bank’s link (under which, the hacker’s URL is hidden in
that). Now, when the link is clicked, the customer is re-directed to that fake
website (created by hacker).

 Customer thinks that he has reached a genuine website and gives his account
details and personal details thinking that the e-mail is from genuine website.

 The account details are now re-directed to the Hacker. Thus, the Hacker is
successful in cheating the customer.

How to avoid this?

 ANTI – PHISHING is the solution to get rid of this problem. This Anti-Phishing is
nothing but “preventing the phishing”.

 Creating a cipher key (an encrypted code) in the customer’s username, password
or in a/c no., which is not recognized in the hacker’s fake website, is considered as
one of the best solutions.

INTRODUCTION

Purpose: The main purpose for preparing this document is to give a general insight into
the analysis and requirements of the existing system or situation and for determining
the operating characteristics of the system.

Scope: This Document plays a vital role in the development life cycle (SDLC)
As it describes the complete requirement of the system. It is meant for use by the
developers and will be the basic during testing phase. Any changes made to the
requirements in the future will have to go through formal change approval process.

Developers Responsibilities Overview:

The developer is responsible for:

1) Developing the system, which meets the SRS and solving all the requirements of the
system?

2) Demonstrating the system and installing the system at client's location after the
acceptance testing is successful.

3) Submitting the required user manual describing the system interfaces to work on it
and also the documents of the system.

4) Conducting any user training that might be needed for using the system.

5) Maintaining the system for a period of one year after installation.

Functional Requirements:

Inputs: The major inputs for “Anti Phishing— The Fraud Detection in Online Banking”
can be categorized module -wise. Basically all the information is managed by the
software and in order to access the information one has to produce one's identity by
entering the user-id and password. Every user has their own domain of access beyond
which the access is dynamically refrained rather denied.

Output: The major outputs of the system are tables and reports. Tables are created
dynamically to meet the requirements on demand. Reports, as it is obvious, carry the
gist of the whole information that flows across the institution.
 This application must be able to produce output at different modules for different inputs.

Performance Requirements:

Performance is measured in terms of reports generated weekly and monthly.