FUJ00122901
FUJ00122901
Message
From: Thomas Penny [/O=EXCHANGE/OU=ADMINGROUP1/CN=RECIPIENTS/CN=THOMASP]
Sent: 07/07/2010 10:28:11
To: Lillywhite Tom [/O=EXCHANGE/OU=ADMINGROUP1/CN=RECIPIENTS/CN=LILLYWHITET]; Jenkins Gareth GI
[/O=EXCHANGE/OU=ADMINGROUP1/CN=RECIPIENTS/CN=GARETH.JENKINS]; Wilkerson Guy
[/O=EXCHANGE/OU=ADMINGROUP1/CN=RECIPIENTS/CN=WILKERSONG]
cc: Welsh Graham [/O=EXCHANGE/OU=ADMINGROUP1/CN=RECIPIENTS/CN=WELSHG]; Munro Donna
[/O=EXCHANGE/OU=ADMINGROUP1/CN=RECIPIENTS/CN=MUNROD]
Subject: FW: Duplicatation of Transaction Records in ARQ Returns
Attachments: Duplicate Records Workaround Standard Fujitsu V10 July 10.doc
Please see response from POL.
The suggestion here is that Gareth completes all witness statements; this doesn't fit into the current
SLA; and really isn't feasible, as far as I can see
I_attach a standard witness statement with modifications for duplicate transactions; which Gareth has
already reviewed.
Guy - I'm not sure where you are working from today - could you fit in a conference call any time today?
Kind regards
Penny
Penny Thomas
Security Analyst, Customer Services
Fujitsu Services Retail & Royal Mail Group Account
Lovelace Road, Bracknell, Berks RG12 8SN
Fax:
E-Mail:
web:
penny. thomasi
http://uk.fujitsu.com <http://uk. fujitsu.com/>
Fujitsu Services Limited, Registered in England no 96056, Registered Office 22, Baker Street, London wiu
3BW
This E-mail is only for the use of its intended recipient. Its contents are subject to a duty of
confidence and may be privileged. Fujitsu Services does not guarantee that this E-mail has not been
intercepted and amended or that it is virus-free.
FUJ00122901
FUJ00122901
From: Mark Dinsdale
Sent: 07 July 2010 10726
To: Thomas Penny
Cc: Alan X Simpson; Jane M Owen
Subject: FW: Duplicatation of Transaction Records in ARQ Returns
Penny, as discussed our legal team in principle are happy with this and have agreed that if yourselves
provide a witness statement covering your explanation below and additionally the following points then
the work-around gets the green light.
Juliet suggested the additional points to cover include, what are we doing about it, and over what period
did this anomaly occur (i.e. upon migration to HNGX). She also suggested that the witness statement be
completed by Gareth Jenkins, your expert witness.
Regards
Mark
From: Mark Dinsdale
Sent: 02 July 2010 15:31
To: Marilyn Benjamin; Juliet Mcfarlane
Cc: Jane M Owen
Subject: RE: Duplicatation of Transaction Records in ARQ Returns
Juliet, not sure if this will make total sense, I'm struggling a little.
We had a meeting with Penny from Fujitsu today in respect of a problem that has potentially being in
existence since January.
It appears that the audit data has a number of duplicate transactions contained within (live data is not
effected). It is potentially as a result of systems backing and re-checking itself up towards the close
of play as it only appears to affect data from around 16:40 until close.
The duplicate transactions have the same transaction number so can be readily identified, so there is no
danger of mistaking them for fraudulent duplicate transactions such as POCA duplicate withdrawals.
Unfortunately you may feel this works in favour of the defence as this may strengthen claims as the
question the integrity of Horizon.
This is a further comment provided by Penny Thomas to Alan Simpson (Info Sec)
The duplication of audited records has not, in any way, affected actual physical transactions recorded on
any counter at any outlet. The duplication of records has occurred during the auditing process when
records were in the process of being recorded purely for audit purposes from the correspondence servers
to the audit servers. It should be noted that this duplication of data in the audit stream has always
been happening. However the Horizon retrieval process automatically discarded duplicate records before
creating the ARQ spreadsheets, while the current HNG-X retrieval process for Horizon data does not do so.
Therefore I'm not sure of the course of action we should not take. My initial response was to request
that Fujitsu provide a witness statement to quantify the above that we could attach to each case (as
appropriate), and treat each case where this is not accepted individually.
FUJ00122901
FUJ00122901
Can you please offer any guidance as to what we should do. Fujitsu will not send any further ARQ
requests until we tell them that we are happy with the potential work-around or are able to come up with
another solution.
Regards
Mark Dinsdale
Security Programme Manager
Security Team, Post Office Ltd
Post office Ltd, Security Team, Royal Mail, 3rd Floor, Clippers House, Clippers Quay, Salford, M50 3NW
IRRELEVANT __
Confidential Information:
This email message is for the sole use of the intended recipient(s) and may contain confidential and
privileged information. Any unauthorised review, use, disclosure or distribution is prohibited. If you
are not the intended recipient please contact me by reply email and destroy all copies of the original
message.
From: Thomas Penny I
Sent: 30 June 2010 13733
To: Sue Lowther; Mark Dinsdale; Jane M Owen
Subject: Duplicatation of Transaction Records in ARQ Returns
Sue/Mark/Jane
we have identified that a number of recent ARQ returns contain duplicated transaction records.
with Horizon counters, the mechanism by which Data is audited has always worked on the principle that it
is acceptable to audit the same data more than once - in particular if in doubt as to whether or not it
has been previously audited successfully.
The Mechanism used on Horizon to retrieve the data took this into account and only presented one instance
of such duplicate data in the ARQ extracts.
FUJ00122901
FUJ00122901
However it has recently been noticed that the HNG-X retrieval mechanism does not remove such duplicates
and a quick scan of the ARQs provided to Post Office Ltd since the change to the new system indicates
that about 35% of the ARQs might contain some duplicate data. A Peak has been raised to enhance the
extraction toolset and remove such duplicate data in the future. However until the fix is developed,
tested and deployed, there is a possibility that data is duplicated.
The reliable way to identify a duplicate transaction is to use the <Num> attribute that is used to
generate the unique sequence numbers. This attribute is not currently included in the Excel version of
ARQ data that has been passed to Post Office Ltd in the past. This will be included in all future ARQs
until the problem is fixed. A workaround, using the <NUM> attribute is suggested, and a detailed process
is attached.
Note that we have identified a scenario with Postal Services transactions where multiple, identical mails
items are accepted (ie the Quantity button is set to greater than 1), but Postage Labels are printed for
each individual item. This results in separate transactions being generated for each item, which are
identical in the ARQ extracts (there is another minor difference in the raw data apart from the <Num>
attribute, but this different attribute is not currently included in the ARQ extract).
I've put together a spreadsheet detailing affected ARQs, which is also attached.
Mark/Jane I've tried to call you both this morning but I understand you are both tied up. Please call
and we can discuss.
Kind regards
Penny/Tom
Penny Thomas Tom Lillywhite
Security Analyst, Customer Services Principal Security Consultant
Information & Security Services
Fujitsu Services Retail & Royal Mail Group Account
Lovelace Road, Bracknell, Berks RG12 8SN
E-mail: tom.1illywhitd
Tel:
Mob:
Fax:
E-Mail: penny. thomas’
Web: http://uk.fujitsu.com <http://uk. fujitsu.com/>
Fujitsu Services Limited, Registered in England no 96056, Registered Office 22, Baker Street, London wWiu
3BW
This E-mail is only for the use of its intended recipient. Its contents are subject to a duty of
confidence and may be privileged. Fujitsu Services does not guarantee that this E-mail has not been
intercepted and amended or that it is virus-free.
FUJ00122901
FUJ00122901
IEEE SEE ISERIES HHMI IGEMERH RE RENE ERG nEnilrinilinied iiiidiideieeiei ani
* Royal Mail Group Limited
registered in England and wales registered number 4138203 registered office 3rd Floor, 100 Victoria
Embankment, London, EC4Y OHQ This email and any attachments are confidential and intended for the
addressee only. If you are not the named recipient, you must not use, disclose, reproduce, copy or
distribute the contents of this communication. If you have received this in error, please contact the
sender and then delete this email from your system.
Pesbeseseatsetee tes tests ser rtrtrrtt stn: secret eles str ter etter errr rrr