connect2rk.com

Business Analysis Project

About the Project

 

The purpose of this project is to enhance the security features of the mobile banking app for a prominent bank. As a business analyst, my role is to analyze the current state of the mobile banking app’s security features, identify potential vulnerabilities, and propose effective solutions to strengthen the overall security posture of the application.

The primary objectives of this project are as follows:

  1. Conduct a comprehensive assessment of the existing security features in the mobile banking app.
  2. Identify potential security vulnerabilities and weaknesses in the app.
  3. Develop and recommend a set of robust security features and measures to mitigate the identified risks.
  4. Collaborate with the development and IT teams to ensure seamless implementation of the proposed security enhancements.
  5. Ensure compliance with relevant regulatory requirements and industry best practices.

 

Below are the BPMN of the current state and Future state Followed by the User flow diagram of the Happy path and High-fidelity mockups.

 

BPMN (Current State) Mobile Banking

The current state of mobile banking consists of essential features like User Registration, Password Reset, Modern Dashboard, e-transfer, and other activities like payee registration and confirmation of payment via email.

The BPMN below represents the same. It depicts the user flow which starts from checking into the app for the first time to making an e-transfer.

BPMN (Future State) Mobile Banking

The Future state BPMN represents the enhanced security feature.

  1. There was the facility to add new users to the app. The user can register themselves before using the app. Earlier the user was able to set the Login password but now, they can set MPIN. It’s a 4-digit number that users can select of their choice and input while logging in to the app. The app has now the facility that the user can either user set a login Password flowed by setting up a transaction password, which would be required on every transaction. The app will have a feature that before making any transaction the user can choose to get OTP for a transaction or make the transaction by using the transaction password from the setting.
  2. Phishing Protection: In case when the login credential does not matches and the user attempts it multiple times (>3) the app will restrict them from login and notify the user via email, blocks the user for the next 30 minutes, and send the link to the registered email id to reset the password.  
  3. The two-step verification: Earlier the user was able to log in to the app right after providing the login credentials, but the new feature will ask them to provide two-step verification. There are three options for two-step verification. They can either use fingerprint, OTP, or Face ID.
  4. Transaction protection: during the transaction now, OTP is mandatory. Earlier there was no need to provide OTP but security questions were needed if the user is paying more than $500. The feature of the security question still persists but, on every transaction, the user needs to provide the OTP.

Process Flow diagram ( Happy Path with Registered Payee)

The Process flow diagram shown below depicts the happy path. The process of making e- transfer where the user, who is already registered, log in to the app and on successful login the user completes the two steps of verification using OTP, goes to the dashboard, selects the e-transfer option, and makes payment to the already registered payee by selecting the option of making payment on beneficiary’s phone number. the user provides the security questions as per need and inputs the mandatory OTP for the successful payment. it also shows the facility to reset the password. after resetting the password, the user can perform all the activities mentioned above.

High Fidelity Mockups and Prototypes of the app

Below are the high-fidelity mockups. These mockups represent the future state of BPMN and show all the necessary features the app should have.

Starting with the app landing page for the first-time user followed by a Login page, Two-step verification using OTP or Fingerprint, app dashboard, pages for e-transfer, new user registration, making payment to reset the password, and first-time registrations.

New Registration to the app

Below are the mockups depicting the process of registering the new user to the app which includes a total of 5 steps.