FUJ00122903
FUJ00122903
Message
From: Thomas Penny [/O=EXCHANGE/OU=ADMINGROUP1/CN=RECIPIENTS/CN=THOMASP]
Sent: 07/07/2010 10:28:11
To: Lillywhite Tom [/O=EXCHANGE/OU=ADMINGROUP1/CN=RECIPIENTS/CN=LILLYWHITET]; Jenkins Gareth GI
[/O=EXCHANGE/OU=ADMINGROUP1/CN=RECIPIENTS/CN=GARETH.JENKINS]; Wilkerson Guy
[/O=EXCHANGE/OU=ADMINGROUP1/CN=RECIPIENTS/CN=WILKERSONG]
cc: Welsh Graham [/O=EXCHANGE/OU=ADMINGROUP1/CN=RECIPIENTS/CN=WELSHG]; Munro Donna
[/O=EXCHANGE/OU=ADMINGROUP1/CN=RECIPIENTS/CN=MUNROD]
Subject: FW: Duplicatation of Transaction Records in ARQ Returns
Attachments: Duplicate Records Workaround Standard Fujitsu V10 July 10.doc
Please see response from POL.
The suggestion here is that Gareth completes all witness statements; this doesn't fit into the current SLA; and really isn’t
feasible, as far as I can see.
I attach a standard witness statement with modifications for duplicate transactions; which Gareth has already reviewed.
Guy — I'm not sure where you are working from today — could you fit in a conference call any time today?
Kind regards
Penny
Penny Thomas
Security Analyst, Customer Services
This E-mail is only for the use of its intended recipient. Its contents are subject to a duty of confidence and may be privileged. Fujitsu Services does
not guarantee that this E-mail has not been intercepted and amended or that it is virus-free.
From: Mark Dinsdale:
Sent: 07 July 2010 10:
To: Thomas Penny
Cc: Alan X Simpson; Jane M Owen
Subject: FW: Duplicatation of Transaction Records in ARQ Returns
Penny, as discussed our legal team in principle are happy with this and have agreed that if yourselves provide a witness
statement covering your explanation below and additionally the following points then the work-around gets the green light.
Juliet suggested the additional points to cover include, what are we doing about it, and over what period did this anomaly
occur (i.e. upon migration to HNGX). She also suggested that the witness statement be completed by Gareth Jenkins,
your expert witness.
Regards
Mark
From Mark Dinsdale
Sent: 02 July 2010 15:31
FUJ00122903
FUJ00122903
To: Marilyn Benjamin; Juliet Mcfarlane
Cc: Jane M Owen
Subject: RE: Duplicatation of Transaction Records in ARQ Returns
Juliet, not sure if this will make total sense, I'm struggling a little.
We had a meeting with Penny from Fujitsu today in respect of a problem that has potentially being in existence since
January.
It appears that the audit data has a number of duplicate transactions contained within (live data is not effected). It is
potentially as a result of systems backing and re-checking itself up towards the close of play as it only appears to affect
data from around 16:40 until close.
The duplicate transactions have the same transaction number so can be readily identified, so there is no danger of
mistaking them for fraudulent duplicate transactions such as POCA duplicate withdrawals. Unfortunately you may feel
this works in favour of the defence as this may strengthen claims as the question the integrity of Horizon.
This is a further comment provided by Penny Thomas to Alan Simpson (Info Sec)
ay, affected actual p
rred during the auditin
Ss aly ever the Harizo!
eating the current HNG-X reti
Therefore I'm not sure of the course of action we should not take. My initial response was to request that Fujitsu provide
a witness statement to quantify the above that we could attach to each case (as appropriate), and treat each case where
this is not accepted individually.
Can you please offer any guidance as to what we should do. Fujitsu will not send any further ARQ requests until we tell
them that we are happy with the potential work-around or are able to come up with another solution.
Regards
Mark Dinsdale
Security Programme Manager
Security Team, Post Office Ltd
«= Post Office Ltd, Security Team, Royal Mail, 3rd Floor, Clippers House, Clippers Quay, Salford, M50
Confidential Information:
This email message is for the sole use of the intended recipient(s) and may contain confidential and
privileged information. Any unauthorised review, use, disclosure or distribution is prohibited. If you are
not the intended recipient please contact me by reply email and destroy all copies of the original message.
FUJ00122903
FUJ00122903
From: Thomas Penn
Sent: 30 June 2010 13:33
To: Sue Lowther; Mark Dinsdale; Jane M Owen
Subject: Duplicatation of Transaction Records in ARQ Returns
Sue/Mark/Jane
We have identified that a number of recent ARQ returns contain duplicated transaction records.
With Horizon counters, the mechanism by which Data is audited has always worked on the principle that it is acceptable
to audit the same data more than once — in particular if in doubt as to whether or not it has been previously audited
successfully.
The Mechanism used on Horizon to retrieve the data took this into account and only presented one instance of such
duplicate data in the ARQ extracts.
However it has recently been noticed that the HNG-X retrieval mechanism does not remove such duplicates and a quick
scan of the ARQs provided to Post Office Ltd since the change to the new system indicates that about 35% of the ARQs
might contain some duplicate data. A Peak has been raised to enhance the extraction toolset and remove such duplicate
data in the future. However until the fix is developed, tested and deployed, there is a possibility that data is duplicated.
The reliable way to identify a duplicate transaction is to use the <Num> attribute that is used to generate the unique
sequence numbers. This attribute is not currently included in the Excel version of ARQ data that has been passed to Post
Office Ltd in the past. This will be included in all future ARQs until the problem is fixed. A workaround, using the <NUM>
attribute is suggested, and a detailed process is attached.
Note that we have identified a scenario with Postal Services transactions where multiple, identical mails items are
accepted (ie the Quantity button is set to greater than 1), but Postage Labels are printed for each individual item. This
results in separate transactions being generated for each item, which are identical in the ARQ extracts (there is another
minor difference in the raw data apart from the <Num> attribute, but this different attribute is not currently included in the
ARQ extract).
I've put together a spreadsheet detailing affected ARQs, which is also attached.
Mark/Jane I've tried to call you both this morning but I understand you are both tied up. Please call and we can discuss.
Kind regards
Penny/Tom
Penny Thomas Tom Lillywhite
Security Analyst, Customer Services Principal Security Consultant
Information & Security Services
This E-mail is only for the use of its intended recipient. Its contents are subject to a duty of confidence and may be privileged. Fujitsu Services does
not guarantee that this E-mail has not been intercepted and amended or that it is virus-free.
FUJ00122903
FUJ00122903
Royal Mail Group Limited registered in England and Wales
registered number 4138203 registered office 3rd Floor, 100 Victoria Embankment, London, EC4Y OHQ This email and
any attachments are confidential and intended for the addressee only. If you are not the named recipient, you must not
use, disclose, reproduce, copy or distribute the contents of this communication. If you have received this in error, please
contact the sender and then delete this email from your system.