Overview - ligayoleg/oleg-bank GitHub Wiki

Overview

Plan

  1. Sign Up and Login Pages:

    • Sign Up Page (Before Email):

      • Collect user information:
        • First Name
        • Middle Initial (optional)
        • Last Name
        • Email Address

    • Sign Up Page (After email verification)

      • Pre-existing Information from email
        • First Name
        • Middle Initial (optional)
        • Last Name
        • Email
      • Collect user information:
        • SSN
        • Address
          • Street
          • Street More. (optional)
          • Goverment Issued ID
          • Employment Status
          • Income Details
          • Password
          • Security Q/A (under question)
          • Acceptance of Terms of Services and Privacy Policy
          • Consent to perfrorm necessary checks (e.g. credit check)
          • Authorization for electronic communications

    • Login Page:

      • Authenticate users based on stored credentials.
      • Implement session management to keep users logged in.
      • Include "Forgot Password" functionality with email verification.
      • Implement CAPTCHA to prevent automated login attempts.

  2. Account Overview Page: Dashboard: Display account balance and recent transactions. Provide quick links to common actions (e.g., transfer funds, view statements). Include charts or graphs to visualize spending patterns (optional). Transaction History: Show a list of recent transactions with details (date, amount, description). Implement pagination for a smooth user experience. Profile Settings: Allow users to update personal information, password, and notification preferences. Provide options to link external accounts or manage security settings.

  3. Multi-Factor Authentication (MFA): Two-Factor Authentication (2FA): Implement SMS, email, or app-based 2FA for an additional layer of security. Allow users to enable/disable 2FA in their account settings. Provide recovery options in case of lost 2FA devices. Biometric Authentication (Optional): If feasible, consider adding biometric authentication (fingerprint, face recognition).

  4. Notifications: Account Alerts: Implement customizable account alerts (e.g., low balance, large transactions). Allow users to choose notification channels (email, SMS, in-app). Transaction Notifications: Send instant notifications for transactions, including amounts and merchants. Implement a notification history section on the website. Security Notifications: Notify users of any changes to their account settings. Send alerts for successful and failed login attempts. Additional Considerations: Responsive Design: Ensure the website is responsive and accessible on various devices. Security Measures: Use HTTPS to encrypt data in transit. Regularly update dependencies and libraries. Implement security headers to protect against common web vulnerabilities. Testing: Perform thorough testing, including unit tests, integration tests, and security testing. Documentation: Provide clear and concise documentation for future developers or users. Compliance: If relevant, consider compliance with data protection regulations (e.g., GDPR).