FUJ00153133
FUJ00153133
Page 1 of 5
Thomas Penny
From: Thomas Penny
Sent: 15 July 2010 14:37 I T I Hi
To: ‘John Longman’ POH 3588D
Ce: ‘jJane.m.owen'
Subject: RE: Duplicatation of Transaction Records in ARQ Returns
It's in the post
Penny Thomas
Security Analyst, Customer Services
Fujitsu Services Retail & Royal Mail Group Account
Lovelace Road, Bracknell, Berks RG12 8SN
Te:
Mob: I
Fax: hacen
E-Mail: penny.thomasi
Web: hitp://uk.fujitsu-Cor
Fujitsu Services Limited,’ Registered in England no 96056, Registered Office. 22, Baker Street, London W1U 38W
This E-mail is only for the use of its intended recipient. Its contents are subject to a duty of confidence and may be privileged. Fujitsu
Services does not guarantee that this E-mail has not been intercepted and amended or that it is virus-free.
From: John Longman
Sent: 15 July 2010 14:31
To: Thomas Penny
Subject: RE: Duplicatation of Transaction Records in ARQ Returns
Penny
Please post the statement to me at
I will let Lisa Allen have a copy of this statement as she will probably require a Similar one for Porters Ave.
Regards
Jon Longman
From: Thomas Penny
Sent: 15 July 2010 13:56
Cc: Jane M Owen
Subject: FW: Duplicatation of Transaction Records in ARQ Returns
Jon
We're happy with your addition — could you please provide your address and the signed document will be
sent, as requested.
Kind regards
Penny
Penny Thomas
Security Analyst, Customer Services
Fujitsu Services Relail & Royal Mail Group Account
Lovelace Road, Bracknell. Berks RG12 8SN
15/07/2010
FUJ00153133
FUJ00153133
Page 2 of 5
Fax,
E-Mail: penny.thomas,
Web: hitp:/uk fujitsu cor
Fujitsu Services Limited, Registered in England no 96056, Registered Office 22, Baker Street, London W1U 3BW
This E-mail is only for the use of its intended récipient. Its contents are subject to a duty of confidence and may be privileged. Fujitsu
Services does not guarantee that this E-mail has not been intercepted and amended or that it is virus-free.
From: John Longman [{
Sent: 15 July 2010 13:03
To: Thomas Penny
Subject: RE: Duplicatation of Transaction Records in ARQ Returns
Penny
Gareth’s statement is fine. It explains why the duplications occurred and most importantly of all it confirms
that it has no affect on Horizon’s accuracy. I have added an extra paragraph to tie it in with the trial of Seema
Misra and confirm that only ARQ447 has any duplications within the disc you produced as PT/02.
The defence must be made aware of this issue and I would be grateful if a signed copy of the statement could
be sent to me direct.
Regards
Jon Longman
From: Thomas Penny [f._
Sent: 15 July 2010 12:30
To: John Longman
Subject: FW: Duplicatation of Transaction Records in ARQ Returns
FYI
Penny Thomas
Security Analyst, Customer Services
Fujitsu Services Retail & Royal Mail Group Account
Lovelace Road, Bracknell, Berks RG12 8SN
Tel
Mob’
Fax a
E-Mail: penny thomas.
Web: _hitp:/luk.fujitsu.com
Fujitsu Services Limited, Registered in England no 96056, Registered Office 22, Baker Street, London W1U 3BW
This E-mail is only for the use of its intended recipient. Its contents are subject to a duty of confidence and may be privileged. Fujitsu
Services does not guarantee that this E-mail has not been intercepted and amended or that it is virus-free.
From: Thomas Penny
Sent: 08 July 2010 14:52
To: ‘Mark Dinsdale’
Cc: Alan X Simpson; Jane M Owen
Subject: RE: Duplicatation of Transaction Records in ARQ Returns
Mark
Thank you for-your note.
Please find attached our proposed witness statement for review.
Kind regards
Penny
Penny Thomas:
Security Analyst, Customer Services
15/07/2010
FUJ00153133
FUJ00153133
Page 3 of 5
Fujitsu.Services Retail & Royal Mail Group Account
Lovelace Road, Bracknell, Berks RG12 8SN
Tel
Mob
Fax
E-Mail: penny thomas?
Web: _ hitp*//uk.fujitsu’
1
Fujitsu Services Limited, Registered in England no 96056, Registered Office 22, Baker Street, London W1U 3BW
This E-mail is only for the use of its.intended recipient. Its contents-are subject to a duty of confidence and may be privileged. Fujitsu
Services does not guarantee that this E-mail has not been intercepted and amended or that it is virus-free.
From: Mark Dinsdale [
Sent: 07 July 2010 10:
homas Penny
lan X Simpson; Jane M Owen
Subject: FW: Duplicatation of Transaction Records in ARQ Returns
Penny, as discussed our legal team in principle are happy with this and have agreed that if yourselves provide
a witness statement covering your explanation below and additionally the following points then the work-
around gets the green light.
Juliet suggested the additional points to cover include, what are we doing about it, and over what period did
this anomaly occur (i.e. upon migration to HNGX). She also suggested that the witness statement be.
completed by Gareth Jenkins, your expert witness.
Regards
Mark
From: Mark Dinsdale
Sent: 02 July 2010 15:31
To: Marilyn Benjamin; Juliet Mcfarlane
Ce: Jane M Owen
Subject: RE: Duplicatation of Transaction Records in ARQ Returns
Juliet, not sure if this will make total sense, I'm struggling a little.
We had a meeting with Penny from Fujitsu today in respect of a problem that has potentially being in
existence since January. .
\t appears that the audit data has a number of duplicate transactions contained within (live data is not
effected). It is potentially as a result of systems backing and re-checking itself up towards the close of play as
it only appears to affect data from around 16:40 until close.
The duplicate transactions have the same transaction number so can be readily identified, so there is no
danger of mistaking them for fraudulent duplicate transactions such as POCA duplicate withdrawals.
Unfortunately you may feel this works in favour of the defence as this may strengthen claims as the question
the integrity of Horizon.
This is a further comment provided by Penny Thomas to Alan Simpson (Info Sec)
The duplication of audited records has not, in any way, affected actual physical transactions recorded on any
counter at any outlet. The duplication of records has occurred during the auditing process when records were
in the process of being recorded purely for audit purposes from the correspondence servers to the audit
servers. It should be noted that this duplication of data in the audit stream has always been happening.
However the Horizon retrieval process automatically discarded duplicate records before creating the ARQ
spreadsheets, while the current HNG-X retrieval process for Horizon data does not do so.
Therefore I'm not sure of the course of action we should not'take. My initial response was to request that
Fujitsu provide a witness statement to quantify the above that we could attach to each case (as appropriate),
and treat each case where this is not accepted individually.
Can you please offer any guidance as to what we should do. Fujitsu will not send any further ARQ requests
15/07/2010
FUJ00153133
FUJ00153133
Page 4 of 5
until we tell them that we are happy with the potential work-around or are able to come up with another
solution.
Regards
Mark Dinsdale
Security Programme Manager
Security Team, Post Office Ltd
e Post Office Ltd, Security Team, Royal Mail, 3rd
Floor, Clippers House, Clippers Quay, Salford, MSO
BRINT
Confidential Information:
This email message is for the sole use of the
intended recipient(s) and may contain confidential
and privileged information. Any unauthorised
review, use, disclosure or distribution is prohibited.
If you are not the intended recipient please contact
me by reply email and destroy all copies of the
original message.
From: Thomas Penny
Sent: 30 June 2010 13:33
To: Sue Lowther; Mark Dinsdale; Jane M Owen
Subject: Duplicatation of Transaction Records in ARQ Returns
Sue/Mark/Jane
We have identified that a number of recent ARQ returns contain duplicated transaction records.
With Horizon counters, the mechanism by which Data is audited has always worked on the principle that it is
acceptable to audit the same data more than once — in particular if in doubt as to whether or not it has been
previously audited successfully.
The Mechanism used on Horizon to retrieve the data took this into account and only presented one instance
of such duplicate data in the ARQ extracts.
However it has recently been noticed that the HNG-X retrieval mechanism does not remove such duplicates
and a quick scan of the ARQs provided to Post Office Ltd since the change to the new system indicates that
about 35% of the ARQs might contain some duplicate data. A Peak has been raised to enhance the
extraction toolset and remove such duplicate data in the future. However until the fix is developed, tested and
deployed, there is a possibility that data is duplicated.
The reliable way to identify a duplicate transaction is to use the <Num> attribute that is used to generate the
unique sequence numbers. This attribute is not currently included in the Excel version of ARQ data that has
15/07/2010