FUJ00077840
FUJ00077840
rswcromeronso HN
POH-489p I
BOARD MEETING - 21 FEBRUARY 1996 ee
1. INTRODUCTION
Activity on customer-facing issues has been at a high level since the last Board
meeting, including some weekend negotiating sessions.
Many issues remain on the table, and - in view of Tony Oppenheim’s ‘current
indisposition - this report'merely summarises the critical areas.
2. BUSINESS CASE
Further updating of the business case model. has been taking place, and every
effort will be made to courier the latest version to Board members in advance of
the-meeting.
3. CUSTOMER/CONTRACT ISSUES
Customer negotiations have centred on four separate platforms:-
e Core Negotiating Team (CNT)
e Fraud/Risk Transfer Negotiations
e Charging Structure
¢ Schedules to Contract
Significant progress has beén made, particularly with respect to the CNT and
charging structure.
There are still many open items'in the fraud and risk areas. Appendix A lists the
most serious risks (categories A and B1); and appendix B is the Pathway paper
outlining its stance on fraud liability issues. The general Risk Register process
has been far from satisfactory.
In spite of the long overdue progress, there are several gaps which need to be
addressed. These relate to:-
© The clarification of performance penalty rules and levels
e Issue of a defined programme timetable
e Resolution of conflicts between contract’ requirements and Pathway’s solution
The various forms of performance penalty are discussed further in Section.4.
FUJ00077840
FUJ00077840
We have not received any indications that the ITT date of 29 February will slip .
any further, but much remains to be done within the ever-shortening time
available. If the date-does slip, it is unlikely to be by very much.
The time to respond to the ITT is likely to be a sharp 3 to 4 weeks, and award is
still hoped to be achieved in late May.
We have been told that there will be a 3 month period, post-award, for
negotiation of detailed contractual points such as service requirements and
acceptance criteria. A prudent view is that this will take more than 3 months,
but this would then conflict with the Programme’s objective to carry out user
acceptancé trials in July/August‘and live trials immediately thereafter.
4. AREAS OF EXPOSURE
From a shareholder’s perspective, the main-areas of exposure are as follows:-
© Default liability - of up to £750 million - in the event of catastrophic system
failure. Business interruption insurance to mitigate this risk is currently being
investigated.
¢ Performance penalties under service level agreements are as yet unclear in
magnitude.
¢ Costs of curing system faults that cannot be pushed back to sub-contractors.
In practice, this is likely to be.limited to software, and should be relatively
containable.
© Delays in revenue build-up. This could be significant, and the business model
has been made more prudent in this area.
© Surety for the banks, with regard to infrastructure. The notion of limited
recourse liability will not fly and full recourse arrangements will be necessary.
Our proposed financial structure still has a.category A risk against it.
e Fraud risk transfer. See paper at appendix ,B,
All of the above items are separate and potentially cumulative, resulting in
increased cash risk to Pathway.
5. PENSION ARRANGEMENTS
Appendix C summarises proposed pension arrangements for staff .from
shareholder companies whose employment will be transferred to Pathway on
award.
The proposal mirrors the Camelot solution, with staff from shareholder
companies retaining membership of their ‘home’ pension schemes. This will
involve Pathway and the shareholder companies entering into a deed of
participation. Some formalities are required to be completed vis a vis the Inland
Revenue, and the action plan in the appendix allows for completion of these
activities before the anticipated date of award.
6. BID COSTS
-Bid costs for the 15 month period to June 1996 are still forecast at close to £9
million. Some of the costs of development resources have been Clarified since
the last meeting. A major cost saving through the use of Oracle for CMS/PMS
development - at Oracle’s risk - has teleased enoiigh funds from the bid budget
to cover the -costs of establishing an in-house European Development and
Support’ Centre (EDSC) to address short-term development work, knowledge
transfer from Escher and prepare for ongoing systems support obligations.
Development timescales and the resourcing of test and integration phases are
still critical issues.
Shareholder representatives should refer to the Chief Accountant’s report,
which covers bid costs in more detail. Their attention is particularly drawn to
the need to formalise.an amendment to the Bid Cost Sharing Agreement.
p-p. AE Oppenheim
16 February 1996
FUJ00077840
FUJ00077840
FUJ00077840
FUJ00077840
Appendix A
SKS
There are two.A category and eight category B1 risks remaining on the Risk Register.
1) Category A risks cotild potentially result in Pathway not being invited to tender. They
relaté to:
The financial structure and funding arrangements of Pathway.
The commercial acceptance of fraud.due to co-ordinated attacks on the card.
We have stated that we will accept such fraud; this risk is likely to be reduced
in severity or cleared.
2) Category B1 risks will be assessed to have.a financial impact of greater than £5 million
per annum. They are: -
Riposte; conceriis regarding thé scalability, reliability, performance. Several
responses have been produced, and much discussion. The risk was originally A
category. It is will not be cleared.
Escher; concern regarding the degree of dependence on Escher and a need to
understand the contractual arrangements. This will not be cleared or reduced.
Foreign encashments; concerns régarding the sensitivity of charges to increase
in the level. This risk will be reducéd in severity, but not cleared.
Central sites location; concern over the proximity of Wigan and Bootle. This is
likely to be cleared.
Transaction times; concern over the estimated times for benefit transaction.
This is likely to be reduced in severity.
Card technology; concern over the potential of mass compromise of cards
resulting in loss of credibility in the system. We proposed a change to IC
Protected Memory Card (as a higher security option to Watermark magnetic:
card). This was rejected. The reasons for this rejection have been requested
strongly.
In addition to the card technology risk, 9 other security risks were raised on
18/1/96; 3 of which were B1. All have been responded to. No feedback has
been received.
There are still 19 risks for which no final (or in the case of security risks, even initial)
feedback has been received. This situation at this late stage has been strongly presented to the
CNT as unreasonable.
Pathway
FUJ00077840
FUJ00077840
Append B
: Ref: Liab2.doc
PATHWAY LIABILITY PLANS Version 2.0
Date: — 09/02/96
Document Title:
Document Type:
Abstract:
Distribution:
Document Status:
Document Predecessor:
Associated Documents:
Author:
Approval Authority:
Signature/Date:
Comments To:
Comments By:
PATHWAY LIABILITY PLANS - ISSUES
Fraud Liability
This document relates to the Fraud Liability Meeting held
at Terminal House.03/02/96 and provides a working
document .with respect to the fraud liability Pathway are
willing to accept.
Management Team,
BA/POCL: David Miller
Issued
Pathway Liability Plans Version 2.0, 25/01/96
G?P-King, MH Bennett, A E Oppenheim
M.H.Bennett_Director Quality,and Risk Management
GRO 4/a}ae
COMMERCIAL IN CONFIDENCE
Page 1
FUJ00077840
FUJ00077840
Pathway Ref: Liab2.doc
PATHWAY LIABILITY PLANS Version 2.0
Date: 09/02/96
0.1 CONTENT
O11 DOCUMENT HISTORY
Version _I Date Reason
Lo 05/02/96 Draft
1 08/02/96 Revision.
12 08/02/96 Revision
2.0 09/02/96 Issued
0.1.2 ASSOCIATED DOCUMENTS
Version I Date Title Source
2.0 25/01/96 Pathway Liability Plans Pathway
0.1.3 ABBREVIATIONS
BA Benefits Agency
CVM Cardholder Verification Method
HMG Her Majesty’s Government
IOP Instrument of Payment
PFI Private Finance Initiative
POCL Post Office Counters Ltd
SLA Service Level Agreement
COMMERCIAL IN CONFIDENCE
Page 2
FUJ00077840
FUJ00077840
Pathway Ref: Liab2.doc
PATHWAY LIABILITY PLANS Version 2.0
Date: 09/02/96
10 INTRODUCTION
This document sets out two proposed overall approaches for best managing fraud-risk among
the three parties.
The first approach rests on a framework for individual incentives such that.each party is
charged with making the value for money trade off decisions which it is best placed to make.
The second approach adopts best practice from the insurance market and puts the onus on all
three parties to periodically agree optimum procedures for all categories.of fraud risk such that
the total be minimised within the bounds of best value for money. Each party will bé:required
to bear-a’share of the working risk-consistent.with their relative-ability to manage (which
would neéed to be agreed).
We identify and acknowledge some of the key constraints and limitations of the environment
in which each party is operating. We put forward specific approaches to mitigating each of
them by reference to the framework of incentives and other suggested methods.
These take the proposition into the allocation of risk under the different-fraud and operational
scenarios. .
2.0 OVERALL APPROACH FOR BEST MANAGING FRAUD RISK
Principles:
The subject is encashment ‘fraud, not entitlement fraud.
He who can best-manage a given risk should own that risk.
The’ system will operate according to the information provided to it through one of the agreed
feeder systems (CAPS or CMS): it cannot be expected to “know” facts which have not been so
provided.
The system has been designed.to a set of external constraints (see below) which make it
dependent:to some degree (which can be varied) on the customer interactions of both BA and
POCL staff.
If thére is a boundary condition where management is transferred from one party to another
within the end-to-end service, a’ means needs to be. found which enables both parties to
contribute in its own way to minimising that risk.
Incentives:should align with risk ownership such that trade offs can be made.as to the value of
fraud versus the value.of other-factors, such as counter transaction -time (cost and customer
satisfaction) and social need.
COMMERCIAL IN CONFIDENCE
Page 3
FUJ00077840
FUJ00077840
Pathway Ref: — Liab2.doc
PATHWAY LIABILITY PLANS Version. 2.0
Date: 09/02/96
Onus of proof should reflect both cost and balance of probability such that-overall costs of
obtaining that proof is minimised. Cost of retrieval of receipt should be borne by the party
owning a given fraud risk.
BA and POCL staff to follow agreed procedures within reasonable bounds.
It should be acknowledged that there-is such a‘category as “no fault”, where-all parties have
performed reasonably and the system has worked correctly but nonetheless fraud has taken
place.
Pathway will make available to BA trend analysis, exception profiles (e.g. Repeat Lost /Stolen
cards), on a regular basis as part of a partnership approach to Fraud Risk Management.
Pathway will enable security audits by BA experts on both:a regular and exception basis: This
will provide certification as to the correct operation of the service within the Pathway
boundaries.
3.0 I CONSTRAINTS AND LIMITATIONS
3.1 Contractor
The benefit encashment service can be characterised by two distinct elements:
« that which ensures the right payment (as instructed by CAPS) goes to the right card
and
¢ that which ensures that the right person is associated with that card
The first is entirely under the Contractor management and should be auditable-and subject to
certification and penalties if found-to be deficient.
The second is’ shared. Even with the best:card technology there is a reliance on verification
procedures to ensirre that the card is associated with the right person. Verification. screens will
minimise the.dependency on POCL but'will increase counter transaction time. Not using
verification screens places a higher dependency on POCL but is quicker.
In addition the Contractor relies on verification by BA staff to ensure that customer statements
are borne out by systems evidence before assuming that a non-entitled party has secured the
benefit in.question.and subsequently. authorising an emergency payment.
Finally, the Contractor’s ability to take on fraud risk in areas which it cannot manage on its
own is inhibited by lack of data on the current’fraud losses and the absence of a close analogy
which can be used to assess the value of such risk transfer.
3.2 POCL
Constraints include:
® transaction and queue times, particularly at workload peaks
COMMERCIAL IN CONFIDENCE
Page4
FUJ00077840
FUJ00077840
Pathway Ref: Liab2.doc
PATHWAY LIABILITY PLANS Version 2.0
Date: 09/02/96
© customer acceptance of verification questions
© ability to transfer risk to-agents
« difficulty in assessing the value of risk transfer against a backcloth of low exposure under
current rules:
3.3 BA
Constraints include:
© social neéds (casual agents, emergency paynients, temporary tokens, etc.)
inability today to trade off operational costs.against fraud savings
4.0 APPROACH ONE - INCENTIVES
The challenge is to set appropriate incentives on each party which when taken together will
result in the overall best value for money balance between minimising the cost of fraud as
compared with other costs.
It must be recognised that.combating fraud does have-a‘cost associated.with it (see constraints
below) and that such effort will be subject to the-law of diminishing marginal retums. The
objective should therefore be to optimise this balance:
The contractor should have’ the incentive to put-inplace and operate correctly all those
elements of'the service: which. fall within their exclusive control.
POCL or POCL’s agent should have the’incentive to carry out those procedures upon which
the end-to-end service reasonably depends.
BA should have the choice as to whether to pay more:for a more secure service with fraud
indemnity by the contractor or accept the fraud risk but pay less in charges.
POCL should have the incentive to offer a more secure service to the BA at a competitive
charge in order that its frauid exposure to higher risk transactions through failure to carry out
counter procedures is‘redticed.
The contractor should have the incentive to make available information required by the BA to
make these trade off decisions on a timely basis.
The BA shoiild have-thé ‘incentive to establish benefit-rules with HMG which strike.a
reasonable balance between social need and the need.to inhibit fraud. The obvious example is
Casual Agents, but the same applies to smoothing the POCL workload across the days of the
week such that more time can be taken on transactions without unduly extending quéue times.
COMMERCIAL IN CONFIDENCE
Page 5
FUJ00077840
FUJ00077840
Pathway Ref: Liab2.doc
PATHWAY LIABILITY PLANS Version: 2.0
Date: 09/02/96
5.0 APPROACH-ONE- FRAUDULENT TRANSACTION MATRIX
Genuine Card Verification
Fraudulent Card Authentication I Screen Signature
Transaction Type Available I Method Applied Investigation Check Liability
Yes/No Match. Yes/No
Mass Counterfeiting of I Yes Pathway N/A Pathway Yes/No Pathway
Cards
Skimming Yes IC Card - N/A Pathway N/A Pathway
Pathway
Skimming Yes Magnetic Stripe }.N/A BA/POCL N/A POCL
Card.-POCL ‘
“I visual check of
card to screen _
Attempted Dual Yes Pathway No BA - compare receipt to card Yes BA
Encashmenv/suspect signature
one-off counterfeit
Attempted Dual Yes Pathway No BA - compare receipt to card No POCL
Encashment/suspect signature
one-off counterfeit
Attempted Dual Yes Pathway Yes BA - compare receipt to card Yes Pathway
Encashment/suspect . signature
one-off counterfeit
Attempted Dual Yes Pathway Yes BA - compare receipt to card No Pathway
Encashment/suspect signature
one-off counterfeit
card
COMMERCIAL IN CONFIDENCE
Page 6
Pathway Ref: Liab2.doc
PATHWAY LIABILITY PLANS Version: 2.0
. Date: 09/02/96
5.0 Approach One - Fraudulent Transaction Matrix Cont.
Genuine Card Verification
Fraudulent Card Authentication I Screen Signature
Transaction Type Available Method Applied Investigation Check Liability
Yes/No Match Yes/No
Card Reported L/S No Pathway No BA - compare signature.on receipt Yes BA
Post Encashment against a previous signature
Card Reported L/S No Pathway No BA - compare signature.on receipt I No POCL
Post Encashment against a previous signature
Card Reported L/S No Pathway Yes BA Yes Pathway
Post Encashment
Card Reported L/S No Pathway Yes BA No Pathway
Post Encashment
Altered Cards As the card is not available it is not known whether the card has been altered, therefore the procedure will.be'as Card
reported lost / stolen post encashment. However, should the card become-available in the. future the following will
apply.
Altered Card Yes Pathway No BA - examine card
Alteration evident Yes POCL
Altered Card Yes Pathway No Alteration Evident No POCL
Altered Card Yes Pathway Yes N/A N/A Pathway
Card Issue N/A N/A Yes POCL N/A Pathway
Casual Agent - Card N/A Pathway Yes BA N/A Pathway
Holder
Casual Agent - Card NA Pathway No BA N/A BA
Holder :
Casual Agent - Non N/A N/A N/A BA NIA BA
Card Holder
FUJ00077840
FUJ00077840
COMMERCIAL IN CONFIDENCE
Page 7
FUJ00077840
FUJ00077840
Pathway Ref: Liab2.doc
PATHWAY LIABILITY PLANS Version 2.0
Date: 09/02/96
6.0 APPROACH TWO- RESIDUAL RISK TRANSFER
To reduce the.complexity of fraud liability apportionment and ensure that all parties are
incentivised to reduce the residual levels of fraud in the Benefit Encashment Service, Pathway
offer for discussion an alternative approach.
Pathway propose that an independent assessment of the BES is carried out by-a jointly
appointed insurance broker in order to determine the level of “working risk”, this may be
defined as the level of fraud that.can:reasonably be.expected to be experienced in relation to
the-overall.operation of the.system.
The expected working risk value would be apportioned fairly between all parties. The
remaining risk for exception events is then transferred through fraud insurance, an estimated
premium level would be £1m for each £50m of cover.
The performance of the system is reviewed on a regular basis i.e. annually. This has the
benefit that good fraud prevention performance in year x will be experienced in that year-and
further reflected in reduced costs for risk transfer in year y.
The working fraud risk shou!d be apportioned by independent evaluation and arbitration.
__ This.approach has a number of benefits:
1. All parties have a quantified maximum fraud risk exposure.
2. All parties.have an incentive to reduce the fraud risk.
3. .Any party wishing to reduce the system security will accept the increased working risk
exposure and the additional insurance premium.
4. Reducing the actual fraud levels will reduce the fraud transfer premiums.
This‘method of fraud liability apportionment removes internal conflict as any action taken by a
party is quantifiable in terms‘of working risk and transfer-premium. Therefore, the party
responsible is able to be charged accordingly and assess the cost-in'advance of the intended
action.
The, result of the above proposal:is.a fraud apportionment and transfer method that:
© reduces intemal conflict
© quantifies the maximum fraud exposure for each party
¢ incentives for all parties to reduce fraud
© allows the parties to concentrate on identifying and prosecuting fraudsters
This approach has the considerable benefit that the working risk is predictable, measurable and
can therefore be budgeted and fraud prevention measures monitoréd more effectively.
COMMERCIAL IN CONFIDENCE
Page 8
FUJ00077840
FUJ00077840
Pathway Ref: Liab2.doc
PATHWAY LIABILITY PLANS Version 2:0
Date: 09/02/96
APPENDIX
CONTENTS
10 PATHWAY /BA/POCL LIABILITY AREAS
2.0 I ENCASHMENT FRAUD SCENARIOS
2.1 Counterfeit Cards
2.2 Counterfeit Card / Attempted Dual Encashment
2.3 Card reported lost/stolen post encashment.
2.4 Altered Cards
3.0 CASUAL AGENT
3.1 Card Collection by an Agent
4.0 I PATHWAY RELIANCE ON POCL STAFF
5.0 PATHWAY RELIANCE ON BA STAFF
6.0 AGREED LIABILITIES
COMMERCIAL IN CONFIDENCE
Page 9
FUJ00077840
FUJ00077840
Pathway Ref: Liab2.doc
PATHWAY LIABILITY PLANS Version 2.0
Date: 09/02/96
10 PATHWAY/BA/POCL LIABILITY AREAS
1 2 14
in
$2,
BFE! a
ago,
Card Authentication s \ 3
Method (CAM) 1 3
3 , 9
esz: §
$3° 5
aa '
FA
3 '
z I
\
+ >
END TO END SERVICE
I. This area represents the system authenticating the card as genuine. Pathway accept ail
liability for the authentication of cards.
2. This area represents those transactions that have been identified and agreed as High Risk;
verification screens are automatically invoked at the time of encashment. Pathway accept
all liability for the verification of the cardholder in these instances.
Pathway accept full liability for transactions with system invoked verification screens under
the following conditions.
e All High Risk Transactions.are agreed with the BA
© Questions are agreed with the BA/POCL
Type of Question Information Source
First Name BA
Maiden Name BA
Date of Birth BA
Address - House number and street BA
Date of Last Payment Pathway
Parental / sibling: name BA
Amount of Last Payment Pathway
Place of Birth . BA
COMMERCIAL IN CONFIDENCE
Page 10
FUJ00077840
FUJ00077840
Pathway Ref: Liab2,doc
PATHWAY LIABILITY PLANS Version 2.0
Date: 09/02/96
Name of Spouse BA
BA Office (not statutory) BA
Nominated Post Office BA/Pathway
Benefit Type(s) BA/Pathway
« Pathway have. flexibility t0 moderate up and down
e Periodic review of screen function through FRM MIS fraud trend analysis (say
monthly)
© No unreasonable rejection of the right.to invoke screens
e BA provide the information requested by Pathway
e Agreement is reached on counter SLA times.
Pathway’ will accept liability for all fratidulent transactions in agreed high risk transactions and
in the following cases:
e Pathway fai! to invoke the verification screens
¢ Verification-screens fail
e Pathway choose not to invoke.the verification screens
Pathway will not accept liability in instances where BA/POCL:
© Unreasonably withhold permission to invoke verification screens
e The.required information is not supplied by CAPS
© {nformation:relevant to fraudilént activity is not.passed to Pathway in a timely
manner.
Pathway will not accept the residual fraud risk resulting from transactions not involving
verification screens and will charge a higher transaction charge for high risk transactions in
line with the additional liability accepted. °
3. Area three:represents those transactions that do not automatically invoke verification
screens.i.e: are subject only to CAM and the visual signature check. Verification screens
may be.invoked on any transaction type or-béneficiary at the request of,the BA. This will
extend average transaction time and Pathway will accept the fraud.liability, subject to-the
conditions in 2 above.
4. Area four represents the visual and tactile check that will be carried.out by POCL counter
staff. This will include checking the signature on the card against that produced on the
receipt, and that the signature panel has not been tampered with. This will be referred to as
the signature check for the remainder of this document. Pathway will provide an option. for
the counter staff to invoke the additional verification screens in times of doubt.
COMMERCIAL IN CONFIDENCE
Page I 1
FUJ00077840
FUJ00077840
Pathway Ref: Liab2.doc
PATHWAY LIABILITY PLANS Version 2.0
Date: 09/02/96
There are two categories of signature check failure:
Incompatible Signatures: A disputed transaction occurs and the card is available. If the
signature on the card is obviously different from that on the receipt, liability rests with POCL.
Should the card not be available the receipt signature will be ‘required to be checked against a
previous receipt or an agreed BA enrolment document; should the signatures be obviously
different liability rests with POCL.
No Fault Scenario: A disputed transaction-occurs and upon comparison of the card signature
to the receipt signature, there is no difference that could-reasonably be detected by the counter
staff. These transactions must be treated as “No Fault” transactions. The liability for these
transactions should remain’ with the BA as per 3 above:
e The transactions were not subject'to additional verification screens as in 2 above.
« The POCL counter staff would not be reasonably expected to identify the signature as a
forgery.
2.0 I ENCASHMENT FRAUD SCENARIOS
This describes the scenarios discussed at the Fraud Liability Meeting 03/02/96. This section
provides a realistic‘and workable solution to the liability issues discussed at the above
meeting.
2.1 Counterfeit Cards
Pathway, on acceptance of the revised card proposal by the BA/POCL, will accept liability for
fraud associated with large scale counterfeiting.
Pathway asserts that limited encashment fraud cannot be associated with counterfeiting and
therefore if the card is unavailable for inspection the assumption must be that another type of
fraud has taken place. Pathway proposes that an independent evaluation be carried out to
substantiate this assertion before rollout.
2.2 Counterfeit Card / Attempted Dua! Encashment
Scenario:
The customer, in possession of their genuine card, would report to the BA office that their
benefit had already been encashed.
Assumptions:
A Counterfeit card has been used or it is an attempted dual encashment
It is a BA responsibility to investigate the matter. Pathway will provide evidence that the
system was working correctly at the time of encashment. The BA can request the receipt:
COMMERCIAL IN CONFIDENCE
Page 12
FUJ00077840
FUJ00077840
Pathway Ref: Liab2.doc
PATHWAY LIABILITY PLANS Version 2.0
. Date: 09/02/96
1. The signature on the receipt is an acceptable match for that.on the genuine card
In this case it is nota counterfeit card. Therefore this transaction falls into
category 3 in the above diagram.
The signature on the receipt is different from that on the genuine card. If the
card is agreed to be “impossible to counterfeit on a small scale (one-off)” then
this falls into category 4.in the above diagram, and POCL are responsible.
Pathway are able to provide the option that the system will write-to the Protected Memory IC
Card identifying the last date of use, therefore identifying whether the card in the customers
possession was used. This will allow BA investigators to confirm whether the card in the
customers possession was used to obtain the benefit in question.
2.3. Card reported lost/stolen post encashment.
In:the.scenario where a.card is. reported lost/stolen post encashment the BA must investigate
the matter in order to ascertain whether the customer has already collected the payment and
subsequently reports the:card Jost or has genuinely lost the card.
The BA will investigate issue. Pathway undertake to provide evidence that the system was
working correctly at the time of encashment and information with respect to the transaction in
question. This information will be available through the PMS and CMS Help Desks. Pathway
will accept liability if the information is not available. Liability will-rest with the BA should
Pathway fulfil the above conditions.
This is as agreed 03/02/96:
2.4 Altered Cards
Pathway have proposed a card. that.incorporates a tamper evident signature panel.
Tlie circumstances in.which an altered card would’be:used would mirror-those for a card
reported lost/stolen post encashment.
The card will not be available.for inspection and therefore the situation described in 2.3
applies. However, should the card become available at a later date and an alteration be evident
liability will rest-with POCL.
Pathway will supply evidence that any alterations to the signature strip are identifiable.
3.0 CASUAL AGENT
Pathway will accept liability for Casual Agents in the following circumstances:
¢ The Casual Agenit is known to the system and therefore is a card holder.
COMMERCIAL IN CONFIDENCE
Page 13
FUJ00077840
FUJ00077840
Pathway Ref: — Liab2.doc
PATHWAY LIABILITY PLANS Version 2.0
Date: 09/02/96
@ The Casual Agent presents their own card plus the card of the Beneficiary and the signed
mandate receipt.
Pathway ‘will, subject to the conditions established in section 2 and.3:accept liability for
payment of benefit to the card holder present in the post office. Pathway declines to accept
any liability for the authorisation of the casual agent by the beneficiary or for the-transfer of
funds from the casual agent to the.beneficiary. ,
Pathway propose, in order to ensure that customers who.do not have contact with.other card
holders may collect benefit in exceptional circumstances, that the BA authorise and enrol
individuals of a responsible nature onto the system as “Permanent Casual Agents”. These
agents may be social workers, Home Helps or special interest groups such:as Help the Aged
etc. Pathway will work with the BA in securing the agreement of selected groups for
enrolment onto the system.
3.1 Card Collection by'an Agent
If the customer is unable to visit his nominated post office in person to collect his benefit card,
it will be because he is suddenly, but hopefully transiently, indisposed, although still entitled to
benefit and perhaps with authorisations.already available to him. If the customer is not able to
attend the nominated post office for some time then there is of course no point in attempting to
collect a card for that very purpose and agent procedures should be, or have been invoked.
The Pathway solution handles this case in the following ways:
1..For existing customers replacing cards routinely:
If the customer is an existing card holder then he will call the CMS Help Desk explaining his
position. The CMS Help Desk will extend the.validity of his current card by a period to be
agreed.between-BA/POCL and Pathway, and extend the date by which his new card can be
collected to the same date. The old card remains available for casual agent encashments. New
authorisations will carry a card expiry date which BES will use in place of the expiry date read
from the card.
2: For existing customers replacing cards following card loss or damage:
If the-card has been lost, stolen or damaged, as.might-be the case.if the customer has been in
an accident or suffered an.assault - the CMS Help Desk will stop.the:current card-and initiate a
replacement cycle providing a longer time during which he may collect 'the‘card.
3. If the.customer is not,a cardholder, he-should first call the CMS, Help Desk
He is newly enrolled into the benefit system - the CMS:Help Desk will extend the date by
which his new card can be collected.
In cases 2 and 3, the CMS Help Desk will advise the customer to call the BA office.and
arrange for a form of agent to be appointed, if collection of payments is nécessary during the
COMMERCIAL IN CONFIDENCE
Page 14
FUJ00077840
FUJ00077840
Pathway Ref: Liab2.doc
PATHWAY LIABILITY PLANS Version 2.0
Date: 09/02/96
expected period of their indisposition and an agent is not already appointed. If the
indisposition is protracted then a permanent agent should be authorised, and if:necessary be
equipped with a card. If only:a short indisposition is'anticipated then a casual agent can be
identified. In either case-if the customer is short of immediate funds and has authorisations
available, then the agent without a card of his own can also be provided with a temporary
token to collect these funds. The verification data used for the temporary token will then be
specific to the Agent not the beneficiary.
In all cases, the CMS Help Desk will advise the customer:that if it transpires he is not able to
get to his post office until after the extension, then he should contact.his.BA office towards the
end of the extension period and arrange a permanent agency.
If in.the event he recovers before or during the extension period, he can pick up his
replacement card in the normal way, the new card will be activated and, when appropriate (i.e.
in case 1), the old.card stopped.
4.0 PATHWAY RELIANCE ON POCL STAFF
Pathway will rely on POCL staff to carry out a number of tasks in order that the system and
therefore, the end-to-end service functions effectively.
The service will require the:counter staff to carry out a,znumber of agreed procedures e.g.
impounding and destroying cards, carrying out receipt of cards into post office procedures, and
ensuring that receipts and new cards'are signed at the counter. POCL shall be liable for any
fraud relating to or resulting from these acts should the counter staff not carry out these
procedures with due diligence.
Incentives: Pathway proposé that a fraud prevention incentive scheme is incorporated into the
systém in order to maintain the level of counter staff vigilance. Pathway proposes that a
reward is payable for any card that is retained that has been altered or is an attempted
counterfeit. This scheme could be extended in order that the best performing counter clerk is
rewarded on an annual basis i.e. no fraudulent transactions results in award status as does the
highest number of identifications of fraudulent activity:
5.0 PATHWAY RELIANCE ON BA STAFF
Pathway will rely on BA staff to carryout a number of tasks in order that the system:and
therefore, the end-to-end service functions effectively.
The service will require the.counter staff to carry outa number of agreed procedures e.g. the
issue of.temporary tokens, casual agent enrolment, dual encashment investigation,
confirmation of change of nominated office, to obtain first encashment details’ for claimed dual
encashment. BA shall be liable for any fraud relating to or resulting from these acts should the
counter staff not carry out these procedures with due diligence.
COMMERCIAL IN CONFIDENCE
Page 15
FUJ00077840
FUJ00077840
Pathway Ref: Liab2.doc
PATHWAY LIABILITY PLANS Version 2.0
Date: 09/02/96
6.0 AGREED LIABILITIES
The:references below relate directly to the references in document Pathway Liability Plans
Version 2.0, 25/01/96
7.2 Lost/Stolen/ Damaged Cards
Pathway will accept liability for encashments successfully completed using.cards that have
been reported lost/stolen/damaged to the CMS Help Desk*from the time that-the
loss/thef'damage has been logged.
7.3 Hacking
Pathway will accept all liability for successful hacking directly into.a Pathway operated
system.
The BA will take the risk of hacking into the Pathway system should entry be gained to a BA
system and a level of authority to enter the Pathway system is achieved. This relates only to
systems that have dedicated access i.e. CAPS. Pathway must take-all-reasonable steps to
protect their system from hacking. Likewise POCL via TIP etc. interfaces and other POCL
clients through comparable interfaces to CAPS.
Pathway will take all reasonable measures to protect the Pathway domain from the threat of
“Hacking”.
8.3 Temporary Tokens
Pathway-will accept the liability for temporary token encashments made to the incorrect person
ie. an individual other than the person issued with the token, in casés where the beneficiary is
Known to the system. .
Agreement has been reached that all payments must be to a known account i.e. NINO. Should
the procurement team push for a bearer type Temporary Token Pathway should escalate the
issue. There.is no intention by the BA to create a bearer token.
84 Card Collection by an Agent
See section 5.1
85 Report of a Lost/Stolen Card Post Encashment
See Section 4.3
8&6 BA Staff Collusion
. Should any member of BA staff use privileged information-alone or in collusion with a third
party, éxcept Pathway staff, to commit a fraudulent act, full liability will rest with-the BA as
they are best.able to manage their own-staff. Such. fraud will generally be Entitlement fraud.
This was accepted
COMMERCIAL IN CONFIDENCE
Page 16
FUJ00077840
FUJ00077840
Pathway Ref: Liab2.doc
PATHWAY LIABILITY PLANS Version 2.0
Date: 09/02/96
87 Hacking
BA shall accept full responsibility for any occurrence of hacking affecting the performance of
the Pathway system that has occurred because access has been enabled by BA through a BA or
BA authorised/certified system.
Accepted see 7.3 above
92 POCL Staff Collusion
Should any member of POCL staff use privileged information alone or in collusion with a
third party, except Pathway staff, to.commit a fraudulent act full liability will rest with POCL
as they are best able to manage their own staff.
This was acceptable with the proviso that Pathway make all reasonable efforts to assist POCL
to prevent the above occurring.
9.3 POCL Hacking
POCL shall accept.full responsibility forany occurrence:of hacking affecting the performance
of the. Pathway system that has occurred because access has been enabled by POCL through a
POCL or POCL authorised/certified/client system.
Accepted See 7.3 above
COMMERCIAL IN CONFIDENCE
Page 17
Pensions Plan for Pathway
Background
FUJ00077840
FUJ00077840
Appendix ©
A major consideration in the resourcing of Pathway with employees for the shareholder
companies is the handling of pension arrangements. Many of the key:individuals would
stand to lose considerable benefits if asked to transfer out of their long-standing
membership of their corporate pension schemes. Equally, it would be.a costly exercise for
Pathway to compensate them for this change in terms and conditions.
Thé most.sénsible solution to these issues would be to arrange for transferees into Pathway
from the parent companies to remain as members in their present pension schemes, as was
successfully achieved in the case of Camelot. In order to implement this a deed of
participation must be signed by Pathway with each of the Parent companies’ pension funds,
by which Pathway is charged for the cost of retaining individuals in their current pension
schemes. Such deeds of participation must be agreed by the Inland revenue before being
implemented. This process can take:some' time so action must.be taken promptly.
The scheme must be ready to implement immediately on award of contract.
Actions to be taken
ACTION OWNER DATE
Shareholder representatives to agree to the above approach to Shareholder Reps. 21/02/96
Pension arrangements to Pathway
Pass Briefing Document to Company Pension Managers Shareholder Reps 23/02/96
Supply Pension Managers with description of Pathway Veriture to I Graham Wingrove, Chief I 01/03/96
include: % participation of Girobank/DLR/ICL, length and nature I Accountant, Pathway
of contract,.approximate number of employces transferring,
pension:arrangements for-non-ICL/DLR/Girobank employees of
Pathway
Implement actions contained in Briefing Document Pension Managers See Brief
Supply Pension Managers with details of staff transferring to John. McIntosh, HR 26/04/96
Pathway Manager, Pathway
Sign deeds of Participation with Pension Funds, under the guidance I Tony Oppenheim, 2 weeks prior
of Bob Coe, [CL Pensions Manager Commercial and Finance to award of
Director, Pathway contract
FUJ00077840
FUJ00077840
AMosmot to
Appande C
Pensions Plan for Pathway
Pension Managers Briefing Document
Background
A major consideration ‘in the resourcing of Pathway with employees for the shareholder
companies is the handling of pension arrangements, Many of the key individuals would
stand to lose considerable benefits if asked to transfer out of their long-standing
* membership of their corporate pension schemes. Equally, it would be a costly exercise for
Pathway to compensate them for this change in terms and conditions.
The most-sensible.solution to these issues would be to arrange for transfetees into Pathway
from the parent companies to remain as members in their present pension schemes, as was
successfully achieved in the case of Camelot. In order to implement this a deed of
participation must be signed by Pathway with each of the Parent companies’ pension funds,
by which Pathway is charged for the cost of retaining individuals in their current pension
schemes. Such deeds-of participation must be agreed by the Inland revenue before being
implemented. This process can take some time so action must be taken promptly.
The scheme miust be ready to implement immediately on award, currently likely to be
around the beginning of June.
Graham Wingrove, Chief Accountant, Pathway will be happy to supply you with the
nlecéssary information regarding the nature of the Shareholder arrangements, the length
and:nature of:the,contract, approximate numbers’ transferring and pension artange
for non-ICL/DLR/Girobank employees of Pathway. Graham can be contacted on {
Actions For Pension Managers
Action . Dates (Latest)
Contact ICL Pensions Manager Bob Coe oni 01/03/96
agree a consistent:approach acceptable to the Inland Revenue
Inform Inland Revenue Inspectors of intention of Pathway to 15/03/96
take deeds of participation in ICL, DLR and Girobank Pension
Schemes
Inform Pathway of Inland Revenue decision 26/04/96
Implement necessary changes on transfer of staff to Pathway On award