FUJ00191538
FUJ00191538
From: "Christopher. Jay@.____
Sent: Thur 07/02/2019 9:41:06 PM (UTC)
To: "Legal.Defence@~"”
Subject: FW: Injecting transactions - urgent [WBDUK-AC.FID27032497]
From: Jonathan Gribben
Sent: 07 February 2019 21:40:51 (UTC+00:00) Dublin, Edinburgh, Lisbon, London
To: Gareth Jenkins; Newsome, Pete; Jay, Christopher; Defence Legal (Chris Jay,)
Cc: Andrew Parsons; Ibbett, Dave; Lucy Bremner; Parker, Steve; Emma Campbell-Danesh
Subject: RE: Injecting transactions - urgent [WBDUK-AC.FID27032497]
Thanks Gareth.
Dave - will you be sending consolidated comments through (and, if so, when)?
Kinds regards
Jonny
Jonathan Gribben
Managing Associate
Womble Bond Dickinson (UK) LLP
Stay informed: sign up to our e-alerts
WOMBLE womblebonddickinson.com
/) BOND
DICKINSON in)
Fro jareth Jenkins [mailto
Sent: 07 February 2019 16:26
To: Jonathan Gribben; pete.newsome@/, 3; Christopher. Jay)_
Cc: Andrew Parsons; Dave.Ibbet Lucy Bremner; ParkerSPG
Subject: RE: Injecting transactions - urgent [WBDUK-AC.FID27032497]
egal.Defence@’ J
‘h; Emma Campbell-Danesh
Hi,
I’ve received mine and commented to others in Fujitsu. I assume that someone will forward a consolidated set of
comments to you.
Best wishes
Gareth
From: Jonathan Gribben [mailto
Sent: 07 February 2019 14:03
To: Gareth Jenkins
Legal.Defence@™
_ ChristopherJay! __
FUJ00191538
FUJ00191538
Cc: Andrew Parsons 4
>; ParkerSP@:__
>
Subject: RE: Injecting transactions - urgent [WBDUK-AC.FID27032497]
Gareth, Pete, Chris and Dave,
Please confirm whether or not you received my email below. I re-sent it with the attachments split across two emails
as the first one bounced back.
Kind regards
Jonny
Jonathan Gribben
Managing Associate
Womble Bond Dickinson (UK) LLP.
Stay informed: sign up to our e-alerts
womblebonddickinson.com
WOMBLE
D
BON
DICKINSON in)
From: Jonathan Gribben
Sent: 06 February 2019 20:01
To: ‘Gareth Jenkins’; 'pete.newsome@
‘Legal.Defence@_ GRO!
Cc: Andrew Parsons;
Danesh (emma.campbell- -danes
Subject: Injecting transactions -
‘Christopher.Jay@~
Lucy Bremner; 'ParkerSt Emma Campbell-
K-AC.FID27032497]
Dear all,
Privileged & Confidential — please do not forward
Apologies in advance for the length of this email.
Exec Summary
Paragraph 35 of Steve's second statement is not entirely correct. We have been looking into this subject further and
below is a summary of our investigation.
We need to send Freeths a letter to clarify the correct position. I have summarised the key points and set out some
questions below along with a summary of our investigation. Please would you review those let me know the
responses/whether anything is incorrect by midday tomorrow. Once this has been done we will draft a letter to Freeths
correcting the position that we will ask you to review and confirm before it is issued.
FUJ00191538
FUJ00191538
Summary of key points/questions
Key points:-
¢ Post Office offered personal banking (manual) for a number of institutions from the introduction of Horizon;
¢ it would have been possible for a rogue SSC employee to inject a cash deposit into their personal banking
account;
*® acustomer's account would not be credited until the paper deposit slip reached the relevant financial
institution (need to confirm this for Girobank), so the rogue SSC employee would not benefit from injecting a
transaction because there would be no corresponding paper deposit slip (query whether a TC would be issued
due to the absence of the paper deposit slip);
e online banking transactions were introduced in 2003 and Gareth does not know if it would even be possible to
get around the encryption issues that would be present if someone tried to insert an "automated" transaction;
and
e there are some other transactions that the rogue SSC employee could have injected — for manual transactions
there may be a paper trail (TBC on a transaction by transaction basis) and for online (i.e. automated)
transactions the position would be the same as per online banking transactions (i.e. encryption issues).
Questions:-
¢ were online Girobank transactions AP transactions?
e does AP mean automated?;
e what would a rogue SSC employee have to do to in order to inject an online/automated transaction (i.e. please
articulate the encryption issues and describe what would have to be done to theoretically get around them,
including references to any controls designed to prevent this)?
Summary of investigation into injecting transactions in Legacy Horizon
Paragraph 35 of Steve's statement reads:-
"With reference to Dr. Worden's statement that "as for transferring money, Horizon includes no functionality
that allows payments to be made to external parties or account", at paragraphs 20.1, 20.3, 21 and 58.4 of my
first statement I said that money could not be transferred, by which I mean that it could not be transferred into
a third party’s bank account. I have given this matter further thought and discussed it with my colleagues and
we have now theorised that someone could have carried out a Post Office transaction, such as a GIRO bank
transfer2 or a utility bill payment. A GIRO bank transfer inserted by someone at SSC would have been
detected as part of Post Office's reconciliation processes because there would be no accompanying paper
document. There is no accompanying paper document for a utility bill payment, so in theory such a transaction
would not be detected through reconciliation. I am not aware of any such activity ever taking place and if it had
occurred it would have resulted in instant dismissal.
2A Giro bank is also an AP transaction (like bill payments). It is the only type of bank account that is. All other
banking deposits go through a totally different path."
After the statement had been submitted, Gareth provided the following comments:-
1. The Giro Bank Transactions are not AP, but standard EPOSS Transactions. I don’t know how info on them got
to Giro Bank — it may well be that Giro Bank worked off the paper trail and then sent summaries to POL which
they then reconciled with the Horizon feed. POL would need to provide the details.
2. Prior to online banking (introduced in 2003), POL did support some (but not all) other banks with deposit and
cheque cashing facilities. Again these were EPOSS (not AP) transactions. I assume that there was also a
paper trail here and it would work in a similar way to Giro Bank. Again it is POL that need to define the
process. All Horizon did was provide the buttons to record the electronic part of the transaction.
Please find attached the following documents:
1. Post Office's Counter Operations Manual for Personal Banking (version 1 August 2001) which sets out the
FUJ00191538
FUJ00191538
procedure for accepting cash deposits other than Alliance & Leicester Giro services (see the comment on
page 2 re Alliance & Leicester Giro services being distinct and separate from those that appear in this booklet
and can be found in the Alliance & Leicester Giro booklet — Post Office have not yet been able to locate the
corresponding version of this booklet but has provided version 3 from March 2007 — see point 3 below) and
states that cash is not deposited into a customer's account until the paper deposit document reaches their
bank (section 5.9 on page 9).
2. Post Office's Operational Focus 0203 from 3 - 9 April 2003 which contains a list of banking services available
at branches from Tuesday 1 April 2003 and shows that Post Office accepted cash deposits from seven banks.
All of them are stated to be "manual", apart from Alliance & Leicester/Giro Bank which is stated to be
"automated or manual”. Manual means paper based and automated means online using a card.
3. Post Office's Operations Manual for Alliance & Leicester Personal Banking (version 3 March 2007). This
version shows that Post Office did not offer manual Alliance & Leicester personal banking by March 2007 - it
was online banking only.
4. Post Office's Horizon System User Guide / Balancing with Horizon Guide (version 1 28 July 2000). This
Balancing with Horizon Guide Section 1 deals with Personal Banking (page 734 of the PDF) and Alliance &
Leicester Girobank (page 743 of the PDF). It was a requirement to rem out paper deposit slips on a daily
basis. There was also an opportunity for branches to reconcile the Horizon record of deposit transactions with
the paper deposit slips they were holding as part of this process.
The distinction between online and manual banking transactions is that it would have been possible for SSC to insert a
"manual" transaction, but Gareth does not know if it would even be possible to get around the encryption issues that
would be present if someone tried to insert an "automated" transaction. Automated deposit transactions required the
customer's card to be swiped through the PIN Pad, which would add in some crypto data that prevents SSC being able
to mimic this step.
In terms of other transactions that could have potentially been injected for personal benefit, based on the list of
products and services available in branches as at July 2005 as per the attached welcome pack Gareth has advised
that:-.
« it may have been possible to inject bill payment transactions to pay a bill (i.e. the utility bill example given in
Parker 2, for which there would be no paper trail/reconciliation);
* telephony transactions were all online, so the position is the same as online banking transactions (i.e.
encryption issues);
* banking/savings — covered above;
* national savings and investments — a mix of online and offline. We are checking with Post Office whether
there was a paper trail for the offline ones;
* money transfer — online; and
* the rest did not involve any accounts to credit and therefore the rogue SSC employee wouldn't benefit.
Please consider the environment! Do you need to print this email?
ted by law. gi,jenkins
s. Unauthorised u
¢ personal data is in our
ind delete
be unlawful. Information about how
ttached to this e
rus detection s
ould carry out yc
wre before transmission. Womble Bond Dickinson (UK) LLP accepts no liability for any
or damage which m
Content of this email which does not relate to the official business of Womble Bond Dickinson (UK) LLP, is neither given nor endorsed by it.
This ema
is 4 More L
or consultant who is of
is sent by Womble Bond Dickinson (UK) LLP whic
don Riverside, London, SE1 2AU, whe:
tanding, Our VAT
tered in England and Wales under
We use the term partner to refer
0317661. Our registered
x of the LLP, or an empl
nivalen ion number is C
FUJ00191538
FUJ00191538
Womble Bond Dickinson (UK) LLP is a member of Womble Bond Dickinson (International) Limited, which consists of independent and autonomous law firms providing
services in the US, the UK, and elsewhere around the world. Each Womble Bond Dickinson entity is a separate legal entity and is not responsible for the acts or omissions of, nor
can bind or obligate, another Womble Bond Dickinson entity. Womble Bond Dickinson (Intemational) Limited does not practice law. Please see
www. womblebonddickinson.com/legal notices for further details.
Womble Bond Dickinson (UK) LLP is authorised and regulated by the Solicitors Regulation Authority.