Beruflich Dokumente
Kultur Dokumente
CAPB
Internet Banking
Page 1 of 37
1.1 Document Control
Status
Page 2 of 37
Contents Page
1.1 Document Control............................................................................................................2
1.2 Revision History and QA Control.....................................................................................2
1.3 Document Approval and Distribution...............................................................................2
2 Management Summary.......................................................................................................4
3 Introduction.........................................................................................................................5
3.1 Purpose of Document......................................................................................................5
3.2 Project Background..........................................................................................................5
3.3 Stakeholders....................................................................................................................6
3.4 Associated Documents....................................................................................................6
4 Project Summary.................................................................................................................7
4.1 Project Objectives............................................................................................................7
4.2 Strategic Fit......................................................................................................................7
4.3 Project Scope...................................................................................................................7
4.4 Customer Environment....................................................................................................8
4.5 Implementation Constraints.............................................................................................8
4.6 Assumptions.....................................................................................................................8
4.7 Dependencies..................................................................................................................8
4.8 Target Dates.....................................................................................................................9
4.9 Future Needs...................................................................................................................9
5 Current State/Situation.....................................................................................................10
5.1 Current Functionality.....................................................................................................10
5.2 Current Limitations.........................................................................................................10
6 Business Requirements....................................................................................................11
6.1 Overall Product or Application Description....................................................................11
6.2 ‘Business Requirement Heading’ [Customer Requirement ID].....................................12
7 Non-Functional Requirements..........................................................................................26
7.1 Performance Requirements...........................................................................................26
7.2 Volumes.........................................................................................................................26
7.3 Availability......................................................................................................................26
7.4 Capacity.........................................................................................................................26
7.5 Disaster Recovery/Business Continuity........................................................................26
7.6 Security Requirements..................................................................................................26
7.7 Audit Requirements.......................................................................................................29
7.8 Support and Maintenance Requirements......................................................................30
7.9 Error Messages..............................................................................................................30
7.10 Archiving......................................................................................................................30
7.11 User Documentation....................................................................................................31
7.12 Replication ..................................................................................................................31
7.13 Service Level Agreements ..........................................................................................31
7.14 Disability Discrimination Act........................................................................................31
7.15 Screen Design.............................................................................................................32
8 User Acceptance Testing..................................................................................................33
9 Training.............................................................................................................................34
Appendix A Glossary...........................................................................................................35
CAPB Internet Banking - Customer Requirements Specification
Version 1.1, Status – draft
Page 3 of 37
2 Management Summary
The implementation of e banking is critical to maintaining Cater Allen's position in the private
banking sector. 25% of customers regularly request Internet banking and recent research has
shown that 32% of all account closures are as a direct result of not offering Internet banking. In
addition, 14% of intermediaries say clients have rejected recommendations for Cater Allen
Accounts as there is no Internet service. In order to remain competitive and survive, Cater Allen
must provide customers with Internet banking.
Significant work has been carried out in earlier cancelled projects to implement an Internet
service for CAPB and where possible and practical the solution being implemented now is to build
upon already existing Ovation code.
Detailed design work has been carried out as a part of the project approval and costing process
and it is known that this project will leverage investment in existing Abbey IT infrastructures, which
provide Internet services and authentication services.
Page 4 of 37
3 Introduction
3.1 Purpose of Document
This document details the agreed Customer requirements from an Internet service to be provided
to CAPB clients.
The Internet is helping companies to lower costs dramatically across their supply and
demand chains, take their client service into a different league, enter new markets,
create additional revenue streams and re-define their business relationships. It is
believed that if in five years time a company is not using the Internet to do some, or
all of these things, it will be superseded by competitors who are.
Recent research findings, which were conducted by George Street Research in April 2003, have
identified the absence of Internet banking facilities as a potential barrier to take up of CAPB
accounts by intermediaries’ clients. This is validated by the monthly customer survey.
Within the rapidly expanding e-commerce market, Internet Banking presents a major
opportunity for Cater Allen to deliver its vision where innovative thinking meets
traditional service values.
The project commenced within the former Fleming Premier Bank in 1999 and scoped
to deliver a solution on Ovation – the banking system for that business. Following the
purchase of Flemings by Cater Allen in 2001, the project was approved as a C2
objective for 2002. The project was subsequently “de-prioritised” following the rise in
priority of the HICA migration to Ovation. There was also additional concern around
installing internet for Ovation clients, leaving the HICA clients unsupported given it
was the HICA product range that was continued to be promoted. Hence the delivery
date was deferred for review until post migration.
Page 5 of 37
The deferment was agreed by Mac Millington and his team and Internet Banking for
Cater Allen clients still remains an objective to be delivered. What has changed is the
functional alignment and the question as to the right way forward.
3.3 Stakeholders
Page 6 of 37
4 Project Summary
4.1 Project Objectives
• . To design, develop and deliver content as specified within the requirements
documentation and storyboards
• To ensure that the most effective security measures are implemented so that
risk for all parties is minimised.
• To carry out systems testing and user acceptance testing prior to public
launch.
• To ensure that third party contracts are in place so that agreed service levels
can be met.
• To ensure that the service can be managed within the Abbey organisational
structure.
• A fully tested Internet banking service for Cater Allen account holders and account
operators. CAPB Internet Banking - Customer Requirements Specification
Version 1.1, Status – draft
Page 7 of 37
• Marketing and communications for direct customers, intermediaries and staff.
• Training for all staff that are affected by Internet banking.
• Operational processes and procedures to support internet banking
• A pilot prior to going live
Customers are to be supported when using current and current – 1 releases of both Internet
explorer and Netscape. These customers geographical location is not to be restrained.
The system will need to interface with the Tuxedo system for the issuing of passwords to clients.
Support for both Internet explorer and Netscape should be provided, both current and –1
releases of each.
Implementation costs must be within the budget approved for the project,
4.6 Assumptions
• The Internet facing Infrastructure to support Cater Allen Internet Banking will be in place.
• Disaster Recovery planning for Cater Allen will have been completed.
• Group dependencies on other projects: e.g. Sirocco, AN End of Year change freeze,
CAPB Change freeze, HICA-Ovation migration, Current Customer Review, AWD email and
fax.
• Resources will be available to ensure Cater Allen’s Internet Banking is delivered on time,
on budget.
4.7 Dependencies
The security enhancements to the Ovation implementation identified in 2003 and scoped by
APAK will need to be implemented. CAPB Internet Banking - Customer Requirements Specification
Version 1.1, Status – draft
Page 8 of 37
4.8 Target Dates
The target is to have an initial pilot phase live seven months after project start up.
Page 9 of 37
5 Current State/Situation
Ovation currently provides core banking application services to CAPB and these should not be
adversely impacted by the addition of Internet services for clients. Clients will be directly
interfacing with the same Ovation database as used by the existing Ovation Managers.
Page 10 of 37
6 Business Requirements
Page 11 of 37
6.2 ‘Business Requirement Heading’ [Customer Requirement ID]
Page 12 of 37
Customer CAPBIB01
Requirement ID
Description Register as an existing customer for Internet Banking
Originator/Source Original BRS
Inputs The requirement is that the registration process for Cater Allen Internet
Banking will be by completion of either an online populated internet
application form or a request generated via AWD when a customer calls to
register for the first time, which will need to be signed and posted back to
Cater Allen.
Outputs Once clients register for this service, relevant documentation will be sent in
the mail, including CIRN and internet password.
Benefits If clients are able to download application forms it will reduce the number of
calls to the contact centre requesting documents to be posted.
Acceptance Criteria All pages of the application form must print out on a locally attached printer
at the client end. Formatting of the document must match the design
approved by Marketing
Customer CAPBIB02
Requirement ID
Description Browser Compatibility The web site design should be able to handle the
current and previous two versions of Netscape and IE browsers.
Originator/Source Original BRS
Error Handling If a user attempts to connect with a non supported browser or operating
system then a message should be displayed advising them that their
browser is unsupported and Cater Allen are not responsible for any display
or format issues.
User Need Clients need to be able to access the application using standard software
tools.
Benefits By supporting the main browsers CAPB will be able to offer the service to the
majority of their clients.
Acceptance Criteria All screens developed must be displayed as designed.
Test Approach All test scripts aimed at validating page display and error handling must be
tested in all supported browsers
Customer CAPBIB03
Requirement ID
Description An online demo should be provided accessible via the Brochureware site
that anyone can view. Marketing will define the actual data and flow of the
demonstration.
Originator/Source Original BRS
Scope for Use This will be accessible to both registered and non-registered users and
should reflect the live system.
Acceptance Criteria The demo should have the look and feel of the live site and match the flow
defined by Marketing
Customer CAPBIB04
Requirement ID
Description The design of the web site should take into account brand principles and
guidelines issued by the RNIB in respect of visually impaired users
CAPB Internet Banking - Customer Requirements Specification
Version 1.1, Status – draft
Page 13 of 37
Originator/Source Original BRS
User Need All web sites must comply with the DDA guidelines.
Benefits Regulatory compliance
Acceptance Criteria The Abbey standards must be complied with
Customer CAPBIB05
Requirement ID
Description Throughout the client facing screens, the terminology used should be
consistent with language used by phone operators.
Page 14 of 37
Error Handling Where a session has timed out an error message should be displayed
advising the user and a link provided to the logon pages
Acceptance Criteria Each page should link back to the client’s home page.
Customer CAPBIB10
Requirement ID
Description A Notice Board will be available on the web site where messages to clients
can be displayed. I.e. Scheduled unavailability of the service. It should be
possible to force this to be presented at logon.
Originator/Source Original BRS
Scope for Use This is required to inform registered users of relevant issues and should not
be capable of being bypassed.
Acceptance Criteria Notice Board displayed when appropriate
Customer CAPBIB11
Requirement ID
Description A timed-out response should be system definable and be tailorable
downwards by the individual users.
Originator/Source Original BRS
Error Handling If a user attempts to increase the time out time an appropriate message
should be displayed with an option to reselect the time out required
Acceptance Criteria When a user selected timeout is selected then inactivity should auto logoff
the user when that time is reached.
Customer CAPBIB12
Requirement ID
Description There will be a Contact Us menu for all queries.
Originator/Source Original BRS
Inputs A drop down list of topic areas should be presented to the client who can
select only one. A free format text box should also be presented for the
message to be entered. Attached documents are not permitted. Users
should have a submit button to click to send the message
Outputs Each drop down menu option will channel the message to an appropriate
AWD work queue. The text box contents will be the message sent to the
queue
Error Handling If the message contents box is empty the message should not be sent but
the client should receive an onscreen message advising them that message
is empty.
Acceptance Criteria Messages keyed in to the front end are delivered to the appropriate AWD
work queue.
Customer CAPBIB13
Requirement ID
Description The Client Internet Registration number (CIRN) will be randomly system
generated and be eight digits (numeric only) in length.
Originator/Source Original BRS
Scope for Use The CIRN number is the same number that is currently used on the IVR and
Telephone Banking
Inputs The user will be required to enter this number on the logon screen
Error Handling CAPB
An incorrect CIRN will Internet
result Banking
in an - Customer Requirements
authentication failure Specification
Version 1.1, Status – draft
Page 15 of 37
Acceptance Criteria Clients with valid CIRNs will be able to access Internet Banking
Customer CAPBIB14
Requirement ID
Description Issue of Initial password
Originator/Source Original BRS
Inputs From the Ovation Admin Manager CAPB staff will activate the account for
Internet Banking Access by changing the setting of a field.
Outputs An initial Internet password will be randomly generated and be 8 characters
in length. This will be sent by secure mailer to the client’s registered
correspondence address.
Acceptance Criteria Passwords are generated and securely issued via mailers
Additional As covered in CAPBIB16 the client will be prompted to change this on first
Information logon to the Cater Allen Internet Banking service to a unique password that
should be alphanumeric, case sensitive and not allow special characters
(where special characters hold a particular meaning on Cater Allen’s internal
product systems). The minimum password length should be 8 characters and
the maximum should be system configurable within Designer to mirror the
setting held within the Tuxedo system. Currently the maximum password
length in Tuxedo for use with partial passwords is 8 characters but this may
change.
Customer CAPBIB15
Requirement ID
Description The Personal Access Code (PAC) will be randomly generated for clients and
will be a total of 6 digits. To meet APAC standards, a partial password
scheme consisting of 2 randomly selected PAC digits should be input by the
client, in line with company protocol.
Originator/Source Original BRS
Scope for Use This should be the existing PAC required for the clients to authenticate
themselves when they dial into the Call Centre. When clients register for the
service the application form will ask if a new PAC is required.
Inputs If a new PAC is required then the Client Manager will be used to generate
the PAC from within Ovation
Outputs A secure mailer will be produced containing the PAC
Acceptance Criteria When setting up clients for Internet Banking a PAC can be produced and
issued if required.
Customer CAPBIB16
Requirement ID
Description On first time logon to Internet Banking the user should be forced to change
their password from the one supplied. The same process will apply when a
password has been reissued by CAPB
Originator/Source Original BRS
Inputs The system should prompt for 2 random characers from the initial or newly
issued password and on successful authentication a screen should be
presented requesting them to select a new user definable password.
Outputs New password will be stored
Error Handling Entering a wrong partial password three times will suspend the account and
a message will be displayed to the user advising them to contact CAPB
CAPB Internet Banking - Customer Requirements Specification
Version 1.1, Status – draft
Page 16 of 37
Acceptance Criteria New passwords automatically expire on first use
Customer CAPBIB17
Requirement ID
Description The users must have the ability to choose to change their password, this
should be a menu option
Originator/Source Original BRS
Inputs User should select the change password option from a menu and then enter
their existing password, new password and then rekey new password for
verification purposes
Outputs Update password on database
Error Handling If new password and verify new passwords fields are not identical password
change should fail and the user be prompted to re enter.
Acceptance Criteria Passwords should be successfully changed when option selected
Customer CAPBIB18
Requirement ID
Description The users must have the ability to choose to change their PAC, this should
be a menu option
Inputs User should select the change PAC option from a menu and then enter their
existing PAC, new PAC and then rekey new PAC for verification purposes
Outputs Update PAC on Ovation database
Error Handling If new PAC and verify new PAC fields are not identical PAC change should
fail and the user be prompted to re enter.
Acceptance Criteria PAC should be successfully changed when option selected
Customer CAPBIB19
Requirement ID
Description View of last successful login attempt. Users at logon should be presented
with a screen which advises them of the last successful logon to the system
• Log off from Internet Banking
• Ability to have separate access to personal and business accounts, if
required by the customer. (The solution must not duplicate client
ids.)
Default to have access to all accounts
Originator/Source Original BRS
Acceptance Criteria Last successful logon message displayed at each logon subsequent to initial
access to the system
Customer CAPBIB20
Requirement ID CAPB Internet Banking - Customer Requirements Specification
Version 1.1, Status – draft
Page 17 of 37
Description Log off from Internet Banking. From any screen in the system a user should
be able to select a logoff option that will immediately disconnect them from
the system. Any uncompleted transactions will not be written to the
database.
Originator/Source Original BRS
Acceptance Criteria Logoff completed when user selects option from any screen in the system
Customer CAPBIB21
Requirement ID
Description Ability to have separate access to personal and business accounts, if
required by the customer. (The solution must not duplicate client ids.)
Default to have access to all accounts
Originator/Source Original BRS
Acceptance Criteria If a user has selected to only display either business or personal accounts
then only those account types should be displayed
Customer CAPBIB22
Requirement ID
Description View online statement transaction listing for variable user defined date
ranges or number of transactions
Page 18 of 37
Customer CAPBIB24
Requirement ID
Description Search for account-by-account number (Client Accounts only)
Page 19 of 37
Description View Statement Balance – clients must be able to view the balance on their
account(s)
Page 20 of 37
Acceptance Criteria Correct listing of held funds displayed in browser
Customer CAPBIB32
Requirement ID
Description View Pending visa transactions
Page 21 of 37
Acceptance Criteria Bill payments successfully created in Ovation
Customer CAPBIB36
Requirement ID
Description When selecting money transfers from the menu a sub menu should be
presented allowing the facility to View/create/amend/cancel transfers. The
viewing option should display details of the existing instruction, the create
option will require the user to input recipients name, account number, sort
code and free format text description box
Page 22 of 37
User Need To allow staff to support customers.
Acceptance Criteria Inputting of transaction number in Ovation Manager returns the
corresponding transaction details
Customer CAPBIB39
Requirement ID
Description View transaction confirmation number
Originator/Source Original BRS
Scope for Use To be used by clients to recall transaction information
Inputs User needs to enter a date range for transactions carried out
Outputs List of all transaction numbers with the transaction type. Selecting the
transaction redisplays the original confirmation screen
Acceptance Criteria When keying in transaction number the relevant details are returned to the
browser window. Transaction numbers for other clients should not be
accessible
Customer CAPBIB40
Requirement ID
Description In the event that there are no key depressions within a given period of time
(i.e. 10 minutes) the client will be automatically signed out of the Cater Allen
internet banking system, and would need to re-enter their Internet ID,
password and PAC number in order to re-connect to the service. The time
frame should be a configurable setting at the system level within Designer to
allow for future flexibility.
Originator/Source Original BRS
Acceptance Criteria A session should timeout at the interval specified is unused.
Customer CAPBIB41
Requirement ID
Description On timing out, or if the system is not responding, an appropriately worded
pop-up message box should be displayed to the user, 30 seconds prior to
timeout to warn clients of this so that they can be given the choice to either
remained connected or be logged out, as required.
Originator/Source Original BRS
Acceptance Criteria Pressing any key during the 30 second period the session should not be
disconnected
Customer CAPBIB42
Requirement ID
Description The ability to withdraw a particular function (e.g. create bill pay, dd, etc.) is
required in case of problems with that individual process.
Originator/Source Original BRS
Inputs An administrator should use an Ovation manager to temporarily remove a
sub-function of the system.
Acceptance Criteria Sub-functions selected for withdrawal should be unavailable to clients
Customer CAPBIB43
Requirement ID
Description Each user should only ever have one session open at any given time.
Page 23 of 37
Error Handling If a user attempts to logon for a second session an error message should be
displayed
Acceptance Criteria A second attempt to logon from either the same machine or another device
should be refused
Customer CAPBIB44
Requirement ID
Description The existing Archive system should be capable of holding transaction
information generated from Internet Banking, this should include transaction
reference numbers
Originator/Source Original BRS
Acceptance Criteria Transactions are archived successfully and can be retrieved using existing
system
Customer CAPBIB45
Requirement ID
Description All pages printed from within the system using the print button should be in
an appropriate format and include the Company logo. Mock ups of these
prints should be provided by Marketing
Originator/Source Original BRS
Outputs Locally printed pages should be in a readable format
Acceptance Criteria Prints produced correspond to mock ups provided
Customer CAPBIB46
Requirement ID
Description Management Information Requirements
Page 24 of 37
Error Handling If the Account number supplied is not a valid account then an error message
should be returned to the client and the transfer should fail.
Acceptance Criteria Transfers by clients to a third party also holding an account within CAPB will
be made directly and immdiately, invalid account details will fail with an error
message to the client.
Customer CAPBIB49
Requirement ID
Description Ovation will hold the clients e-mail address which will be displayed on all
screens where name and address are already displayed. This data field
needs to be updateable from within Ovation Managers.
Originator/Source Issues List
Inputs e-mail address as supplied by client
Error Handling If e-mail address entered is not a valid format then an appropriate error
message should be displayed
Acceptance Criteria E-mail address held in Ovation
Customer CAPBIB50
Requirement ID
Description Indicator if e-mail address can be used for Marketing. Clients need to have
the ability to opt in to receive e-mails from CAPB for Marketing purposes. A
field is required in Ovation for this
Originator/Source Issues List
Inputs Flag set from within an Ovation Admin Manager
Acceptance Criteria Flag must be capable of being changed, clients choosing not to opt in for
mailings will not be selected for such.
Customer CAPBIB51
Requirement ID
Description Flag indicating e-mail communication can be used with client for non-
marketing purposes
Originator/Source Issues list
Inputs Flag set from within Ovation Admin Manager
Acceptance Criteria Flag must be capable of being changed
Customer CAPBIB52
Requirement ID
Description There should be the option of clients being automatically sent a message in
response to any message sent to CAPB using the secure message facility
(CAPBIB52). This will be dependant on which topic option clients select from
the list available to them, for example clients notifying the Bank of anew
address should be notified that they should send in documentary proof of
this new address. The message should be configurable for each topic option
and be up to 200 characters long. Any message to be given to the client
should be displayed to them in the browser window acknowledging receipt of
the message.
Originator/Source Bradford ops following presentation from Barry Smith on 2oth July
Inputs Client has selected a topic for communication on
Acceptance Criteria For topics which require an automated message back to the client an
appropriately worded message is displayed in the browser.
CAPB Internet Banking - Customer Requirements Specification
Version 1.1, Status – draft
Page 25 of 37
7 Non-Functional Requirements
2. The system should provide real time response for all Ovation transactions.
On some occasions, it may not be possible to post to the account
immediately. If a transaction cannot be posted immediately, it should be
rejected with a user-friendly error message.
7.2 Volumes
The Business case is based on 10% of transactions that currently come via the Contact centre
will be diverted to the Internet Channel.
7.3 Availability
The Internet service needs to be available 24 hours a day for enquiry access and at least
between 7am and 11pm for full transactional access. The secure messaging service needs to be
available 24 hours a day.
7.4 Capacity
1. It is assumed that the capacity of the Abbey networks will be capable of supporting the
increase in transaction volumes.
2. An understanding of the peak intervals and how long they last for will be
required, to ensure that the infrastructure is able to cope with demand. IT
will work with the project team to understand the implications of any
additional capacity requirements and any compensatory build will be put in
place before the peaks are reached. Comprehensive Performance Testing will
be carried out as part of the project and in conjunction with a controlled
phased rollout any performance issues should be identified before any
significant impact on Internet clients or the current system users.
Page 26 of 37
4. The Client Internet Registration number (CIRN) will be randomly system generated and
be eight digits (numeric only) in length. Please note that the CIRN number is the same
number that is currently used on the IVR and Telephone Banking.
6. This above process will also be followed if a client forgets their password.
7. The Personal Access Code (PAC) will be randomly generated for clients and will be a
total of 6 digits. To meet APAC standards, a partial password scheme consisting of 2
randomly selected PAC digits should be input by the client, in line with company
protocol. This will be required for the clients to authenticate themselves when they dial
into the Call Centre.
10. The second screen should ask the clients for 2 random characters from their
password which is chosen from a dropdown list box and displayed as '*' on
the screen.
11.
To ensure the integrity of the login process is maintained, the user must be
sent to the second screen and asked for a password even if the user id and
PAC data is incorrect, and the user must not get a message revealing which
data field is incorrect, only that some data was wrong and they should try
again.
12. If a valid CIRN but an incorrect password or PAC is entered 3 times, then the
system must lock the invalidated user account. Separate counters should be
kept for invalid entries on both the PAC and password and when either
counter reaches 3 the account should be locked. The contact centre must be
able to see which has been violated as this would let the Call Centre staff
know where the failure has occurred and what procedure needs to be
followed.
13. The choice of characters for the partial password must be enforced by server
side lookup and not by client side coding. The choice should become locked
at the point of mis-entry. i.e. the client cannot force the session to change
the requested characters for a minimum period of an hour. The benefit to
CAPB is the client never types in their whole PAC, and shoulder surfing and
keystroke logging risks are minimised.
14. CIRN, Internet Password and PAC generation should take into consideration
company architectures, standards and guidelines published by Information
Security. These provide mandatory information on designing new password
CAPB Internet Banking - Customer Requirements Specification
Version 1.1, Status – draft
Page 27 of 37
systems and passwords themselves and can be found at:
http://www.abbeynational.net/IT_TSS_InformationSecurity
18. All systems must take into account the current top vulnerabilities as listed
at:
http://www.sans.org/top20/
http://www.owasp.org/documentation/topten
19. An external company appointed by Information Security but paid for by the project will
carry out a penetration test prior to launch.
CAPB Internet Banking - Customer Requirements Specification
Version 1.1, Status – draft
Page 28 of 37
20. This needs to occur on the final version of code, and should occur at least two weeks
prior to launch to allow for any major issues raised to be resolved. If major issues are
found and can’t be resolved prior the agreed launch date, then the launch must be
suspended until these issues are corrected.
21. If minor issues are raised then an action plan to address these must be submitted to
Information Security within four weeks of the final penetration test report.
2. The following will be the minimum requirements delivered in order that we produce a
complete audit trail of client and operator activity:
2.1 The client login time into the Internet Service should be recorded i.e. on
successful input of the CIRN, Internet password and PAC number.
2.2 Unsuccessful log in attempts should be recorded. These should show the
client number, day, time, and the reason the transaction was unsuccessful.
In the case of invalidation of either the CIRN, PAC or the Internet password
this should also be recorded.
2.4 The secured message database should hold the following information in
relation to audit trails
• The status of the secured message
• Subsequent changes to status
• User ID of operator initiating change
• Date status changed
• Time status changed
2.5 Appropriate security access will be necessary i.e. access to audit trails
should be restricted to particular operator levels, with any audit trails being
viewable but not alterable.
2.6 Six weeks is the minimum on line audit trail, following which information should be
stored in an appropriate archive.
2.7 No logs are required to monitor or record the client’s navigation around the
Internet Services site.
2.8 All secured message transaction requests should be retained, in line with
Internet banking. CAPB Internet Banking - Customer Requirements Specification
Version 1.1, Status – draft
Page 29 of 37
2.9 All E-Banking transactions should be retained for the same period as other
Ovation generated transactions.
3. This solution will form part of the induction training for new members of staff
and a quick reference guide will also be developed for staff.
6. Help desks are required to deal with both Registration enquiries and Technical
enquiries including any problems with screen navigation etc. It is anticipated that the
Contact Centre will provide the Registration enquiries support.
7. Maintenance of the Internet facing web environment is critical and all web servers and
associated firewall infrastructure will need to be kept patched at the latest release level
in order to minimise security risks.
7.10Archiving
1. All Ovation data processed as part of Internet Banking should be archived in
accordance with practices for that system in general. When considering any future
changes to the archive strategy then Internet Banking should be considered. At least 6
months historic transactions should be available online to clients.
2. In line with current practices any AWD data generated should be archived within that
system and be accessible for at least 7 years.
CAPB Internet Banking - Customer Requirements Specification
Version 1.1, Status – draft
Page 30 of 37
7.11User Documentation
Documentation will be required for both staff in the Sheffield Contact centre and the Bradford
back office; the Project Team will develop this during the development and testing phases. All
changes to Ovation Manager screens will be included in this documentation. Marketing will
produce customer-facing materials.
7.12Replication
No requirement to replicate data.
Work will need to be carried to ensure that the appropriate agreements are in place for
launch.
2. The majority of people with serious sight problems have some good vision, and read
Websites in the same way as fully sighted people, with their eyes. However, the
needs of people with poor sight vary considerably, depending on how their eye
condition affects their vision. Some people prefer large text, while others can only
read smaller text. Most need a highly contrasting colour scheme, while others can
only read yellow text on a black background. To cater for everyone, websites should
be flexible in design, enabling the individual to adjust the text and colour settings to
suit their needs.
3. The RNIB have issued guidelines for the design of websites to make them accessible
to people with visual impairment. Full details of these guidelines should be adhered
to wherever possible when developing the client facing screens and apply with DDA
guidelines, which are being produced for Abbey, e.t.a end of 2004. The key points to
note are:-
• When using a coloured background, choose one which is one solid colour
rather than textured or patterned.
CAPB Internet Banking - Customer Requirements Specification
Version 1.1, Status – draft
Page 31 of 37
• The colour scheme must be able to be over-ridden by the browser
settings if necessary.
• Italics should not be used.
• Use standard size text.
• Avoid the use of underlining.
• Avoid capitalisation of whole words.
• Image maps should be accompanied by a text only alternative.
• Links should not appear directly next to each other.
7.15Screen Design
The storyboards will form the basis for the Cater Allen screen designs. The storyboards
document the precise content and screen designs for the Cater Allen Internet banking service.
Also, in order to minimise client queries via the phone, the web pages need to be very clear. For
example, if there is a transaction deadline, then this needs to be emphasised clearly up front as a
built in reminder so that when the client completes a transaction, they know “this will update your
account in ……”.
Page 32 of 37
8 User Acceptance Testing
1. Before the Cater Allen Internet banking service can go live, all aspects of the
service will need to be tested. Solutions Delivery will co-ordinate all testing
and will perform system level testing. The User Acceptance Testing phase
will be managed by the project with resource provided either directly by
them using ex Romford staff who have been retained specifically for this
purpose or by staff from the Contact centre and Back office areas.
2. UAT is a critical element in this project and in parallel with the development phase a
detailed testing strategy will be put in place. Producing comprehensive test cases with
a suitable script will be a fundamental part of UATing.
3. An important part of testing will by performance related and this should be carried out
on a production like environment, i.e. it will need to use the Bletchley environment
purchased in 2002 for the dual purpose of providing Disaster Recovery and
performance testing.
Page 33 of 37
9 Training
1. CAPB should have its own independent UAT/Training environment, as they
will be a need to train staff in the Ovation back end processes as well as the
front end user interfaces.
3. This solution will form part of the induction training for new members of staff
and a quick reference guide will also be developed for staff.
Page 34 of 37
Appendix A Glossary
Term Description
ATM Automated Teller Machine
Bookmarking Adding a web site address to your on-line ‘address
book’ so you can easily visit the site again.
Browser A piece of software that allows you to find, view
and manage information on World Wide Web sites.
Information is saved in all kinds of formats but a
browser will bring a consistent look to this
information and make it easier to access it.
Client Internet An 8 digit randomly generated number in length.
Registration Number used by the system to link different Cater Allen
(CIRN) accounts held by a client.
Page 35 of 37
Linked accounts Cater Allen accounts which have a common client
reference number
MFC Multi Function Card. The combined Visa Debit, ATM
and Cheque Guarantee card issued to Cater Allen
Account holders
Modem Modulator/demodulator. A device that enables
computer signals to travel over phone lines
On Line Connected to the system and usable
POP Point-of Presence. A Phone number through which
users can assess an ISP
Protocol A set of rules that all computers linked to a
network must follow
Search Engines A facility that lets you find what you are looking for
on the World Wide Web by using key words to
search out relevant sites. Popular search engines
include Alta Vista, Yahoo and Lycos
Secure Messaging Standard e-mail services are insecure. The data
can be read or altered without the sender or
recipient knowing. For confidential information, a
secure method of communication is required. In
this instance the communication is never
transmitted outside the control of Abbey National,
the clients sign in to our service and retrieve and
store messages within an internal data store.
SSL Secure Socket Layer. A protocol developed by
Netscape to secure internet transactions between
clients and servers using encryption. Typical
implementations use 128bit key strength.
Surfing Colloquial expression for the practice of visiting
Web pages and Web servers, and clicking with the
mouse on hyperlinks in order to jump to particular
resources
URL Universal Resource Locator. The address of a Web
site. Because it is universal, anyone can type it
into their computer and find your Web site.
Web page A hypermedia document as viewed through a World
Wide Web browser
Web Site A collection of web pages
World Wide Web Graphical service on the Internet which permits
access to a wide variety of resources (documents,
files, videos etc).
Page 36 of 37
End of Document
Page 37 of 37