Fujitsu Services
(Pathway) Limited
NBS definition
Commercial in Confidence
Ref:
Version:
Date:
BP/SPE/nnn
On
04/11/2002
POL00394114
POL00394114
Document Title:
Document Type:
Release:
Abstract:
Document Status:
Originator & Dept:
Contributors:
Internal Distribution:
External Distribution:
Approval Authorities:
NBS definition
Specification
N/A
This document provides a definition of the Network Banking
Service (NBS) which is an Existing Business Application provided
by Fujitsu Services to Post Office.
This document provides a high level summary definition of NBS
and is intended to be referenced from Schedule 18 -Application
Management - of the 'Amendment' to the contract between Fujitsu
Services and Post Office.
DRAFT
Dave Cooke - Consultancy Services
Fujitsu Services
(See PA/PRO/010 for Approval roles)
Jame Position Signature Date
[Dave Hollingsworth Director, Consultancy Services
[Fujitsu Services
© 2002 Fujitsu Services Commercial in Confidence Page: 1 of 1
(Pathway) Limited
CONTRACT CONTROLLED
POL00394114
POL00394114
Fujitsu Services NBS definition Ref: BP/SPE/nnn
(Pathway) Limited
Version: 0.1
Commercial in Confidence Date: 04/11/2002
0.0 Document Control
0.1 Document History
\Version No. Date [Reason for Issue (Associated
\CP/PinICL
0.1 14/11/02 IFirst issue
0.2 Review Details
Review Comments by :
[Review Comments to: [Dave Cooke
Mandatory Review Authority Name
Optional Review / Issued for Information
(* ) = Reviewers that returned comments
0.3. Associated Documents
Reference ersion [Date Title Source
IBP/CON/262 4.0 19/06/2001 Document - NBS _ Service
Definition
Unless a specific version is referred to above, reference should be made to the current
approved versions of the documents.
© 2002 Fujitsu Services
(Pathway) Limited
Commercial in Confidence
CONTRACT CONTROLLED
Page: 2 of 1
POL00394114
POL00394114
Fujitsu Services NBS definition Ref: BP/SPE/nnn
(Pathway) Limited
Version: 0.1
Commercial in Confidence Date: 04/11/2002
0.4 Abbreviations/Definitions
(Abbreviation Definition
0.5 Changes in this Version
\Version Changes
0.1 lone
0.6 Changes Expected
(Changes
© 2002 Fujitsu Services Commercial in Confidence Page: 3 of 1
(Pathway) Limited
CONTRACT CONTROLLED
POL00394114
POL00394114
Fujitsu Services NBS definition Ref: BP/SPE/nnn
(Pathway) Limited
Version: 0.1
Commercial in Confidence Date: 04/11/2002
0.7 Table of Contents
1.0 INTRODUCTION......
SCOPE OF THE NBBS....
3.0 INTERFACES.
4.0 NBS QUALITIES.
4.1 EXTENSIBILITY... seceteenntsneennennentnnntnentsnesetnnetinetineessnsteeeeesneeeneee LS,
4.2. INTEGRATION WITH I EXISTING SERVICES. 19
4.3, REFERENCE DATA. 19
Post OFFICE REFERENCE DATA DISTRIBUTION.... cecneeene 20
5.0 COUNTER POSITION FUNCTIONALITY, PROCEDURES AN
PERFORMANCE.....
5.1 SUPPORTED TOKENS AND TRANSACTIONS. ..0....:cccsscsssssostsessesettnssnnettnnenneetnsennneennaenneee 21
5.2 APPLICATION PRINCIPLES 23
5.3. TRANSACTION FLOW 26
5.4 PROCESSES AND PROCEDURES......c-ccossssosseossssessennetsnsesnnttnnnnsnnesnnnnnnntsneeeees wn 27
5.5 COUNTER ENVIRONMENT...
5.6 CUSTOMER SESSIONS.
5.7 DATA CAPTURE... . ee eevee
5.8 NB TOKEN VALIDATION AND CUSTOMER VERIFICATION... 32
5.9 REQUEST, AUTHORISATION AND CONFIRMATION ACTION 35
5.10 WITHDRAW LIMIT........ 37
5.11 I DECLINED TRANSACTIONS... sosuntistanintanisininisiitisiitieninenn dS
5.12 REVERSED (CONTRA ENTRY) TRANSACTIO 38
5.13. RECEIPTS.
5.14 ERROR SCR
5.15 I SETTLEME
S.
5.16 MESSAC
5.17 RETAINED NB TOKENS. . . ese ese seveeeeeee AZ
5.18 RECOVERY OF BANKING TRANSACTIONS 43
5.19 OUTLET REPORTS. 43
5.20 HELP FUNCTION:
5.21 CASH ACCOUNT.
6.0 BANKING TRANSACTION MANAGEMENT FUNCTIONALITY.
6.1 INTRODUCTION........ cesses . cesses we 4S
6.2 INTERACTIVE COMMUNICATIONS BETWEEN NBE AND Horizon. 45
6.3. BULK AGENTS. 45
6.4 MESSAGE STORE ARCHIVE
7.0 MANAGEMENT INFORMATION, AUDIT AND ARCHIV!
7.1 TPS Host.....
© 2002 Fujitsu Services Commercial in Confidence Page: 4 of 1
(Pathway) Limited
CONTRACT CONTROLLED
POL00394114
POL00394114
Fujitsu Services NBS definition Ref: BP/SPE/nnn
(Pathway) Limited
Version: 0.1
Commercial in Confidence Date: 04/11/2002
7.2 TRANSACTION RECORDING AND ARCHIVING.
7.3 INFORMATION RETRIEVAL AND AUDIT...........
8.0 DATA RECONCILIATION SERVICE...
8.1 INTRODUCTION..........00c00eeee seeeseeseeseesseeseesessesesesecesseesseeseesesesessesesseseseseeesssees 60
8.2 RECONCILIATION. 60
8.3. RECONCILIATION AND SETTLEMENT REPORTING. 63
9.0 COMPLIANCE.
10.0 SYSTEM AND DATA SECURITY.
10.1 LEGAL AND REGULATORY CONTROLS.0....::.ccssssstssssins 66
10.2 SECURITY FOR THE EXISTING SERVICES. .......:c:sscsstssistsistatintnistnieisseissese OT
10.3. SECURITY STANDARDS. 67
10.4. SECURITY ORGANISATION AND MANAGEMENT 68
10.5 I DEVELOPMENT AND MAINTENANCE. 69
10.6 NETWORK BANKING SECURITY ARCHITECTURE... 70
10.7 CONFLICT AND PRECEDENCE.
11.0 PIN PADS - ADDITIONAL PROVISION:
12.0 NBS CAPACITY MANAGEMENT SERVICE....
© 2002 Fujitsu Services Commercial in Confidence Page: 5 of 1
(Pathway) Limited
CONTRACT CONTROLLED
POL00394114
POL00394114
Fujitsu Services NBS definition Ref: BP/SPE/nnn
(Pathway) Limited
Version: 0.1
Commercial in Confidence Date: 04/11/2002
1.0 INTRODUCTION
1d This document details the Network Banking Service (“NBS”) and the NB System
required to support the operational use of the NBS which Fujitsu Services shall
provide.
1.2 Requirements, functionality and/or services which will not be supported by or are
excluded from the scope of the NBS are set out (without limitation) in Annex 1 to this
document. Document
1.3 Not used.
14 The NBS constitutes the elements of End to End Banking (supporting Banking
Transactions) that are within the Service Boundaries referred to in paragraph 2.8 of
this document Documentfor which Fujitsu Services shall have responsibility.
1.5 All references in the form “NBRXXX” or “PPRXXX” (or similar) which follow at the
end of provisions of this DocumentDocument are references to Post Office's
requirements which correspond to those provisions. However, all such references are
for each party’s internal reference and information use only and none of those
references, or the requirements to which they relate, shall be relevant either in
construing or interpreting any of the provisions of this document or otherwise in
determining the extent of Fujitsu Services’ obligations.
© 2002 Fujitsu Services Commercial in Confidence Page: 6 of 1
(Pathway) Limited
CONTRACT CONTROLLED
POL00394114
POL00394114
Fujitsu Services NBS definition Ref: BP/SPE/nnn
(Pathway) Limited
Version: 0.1
Commercial in Confidence Date: 04/11/2002
2.0 SCOPE OF THE NBS
2.1 In developing the NBS, Fujitsu Services shall:
2.1.1 use the message server elements of WebRiposte [NBR022] (but not the
Framework or Asset Manager);
2.1.2 ensure that the Counter Equipment configuration and specification set out in
the CCD entitled “Counter Hardware Design Specification” (BP/DES/003)
will not need changing for the introduction of the NBS (and in particular that
no memory upgrade to counter equipment will be necessary or carried out),
other than for PIN Pads in accordance with paragraph 2.7 of this document;
and
2.1.3 ensure that Banking Transactions shall be in a standard format for all Banks,
and shall be driven by Post Office Reference Data e.g. each type of Banking
Transaction shall be Bank independent with the context being set by the IIN.
[NBR023]
2.2 Not used.
2.3 The NBS shall be available at all automated Counter Positions, mobile configurations
(as described in Schedule 19);
[DN: Assuming that the provisions of old Schedule A1l2 are contained in Schedule
19]
operational sets of Counter Equipment which are not Counter Positions ( “Admin
Positions”) and trolley based solutions in Outlets in each case wherever there is a
© 2002 Fujitsu Services Commercial in Confidence Page: 7 of 1
(Pathway) Limited
CONTRACT CONTROLLED
POL00394114
POL00394114
Fujitsu Services NBS definition Ref: BP/SPE/nnn
(Pathway) Limited
Version: 0.1
Commercial in Confidence Date: 04/11/2002
network connection, unless otherwise specified by Post Office, subject to the overall
limits applicable to each as set out in Schedule19.
[DN: As for comment above]
2.4 The availability of the NBS in any other location in addition to the locations specified
in paragraph 2.3 shall be dealt with through the Change Control Procedure.
2.5 Subject to the overall limits set out in Schedule 19 [DN: As for comment above]], in
relation to those Outlets and Admin Positions where there is no network connection
point or where Post Office or its Agents do not use such connection provided to it the
NBS software shall be installed but will not be able to commence or perform Banking
Transactions. The NBS software installed in those Outlets and Admin Positions shall
not be kept up to date with new NBS Releases or Reference Data other than by way
of the Optional Post Office Services (if any) introduced by CCN 898. [NBROS3,
NBR235]
2.6 Fujitsu Services shall inform Post Office monthly of any operational and external
technical constraints which relate to the allocation of Outlets where the NBS is
available between the categories set out in sub-paragraphs 2.6.1 - 2.6.4 of this
Document which shall apply in addition to the constraints agreed between the parties
and specified in the CCD entitled “Horizon New Service Business Volumes”
(PA/PER/031). Fujitsu Services shall each month carry out an initial allocation of
those Outlets where the NBS is available between the categories set out in sub-
paragraphs 2.6.1 - 2.6.4 of this Document. Post Office shall be entitled each month
to change Fujitsu Services’s initial allocation of Outlets where the NBS is available
between the categories set out in sub-paragraphs 2.6.1 - 2.6.4 of this Document
within such constraints notified by Fujitsu Services on a monthly basis and within the
© 2002 Fujitsu Services Commercial in Confidence Page: 8 of 1
(Pathway) Limited
CONTRACT CONTROLLED
POL00394114
POL00394114
Fujitsu Services NBS definition Ref: BP/SPE/nnn
(Pathway) Limited
Version: 0.1
Commercial in Confidence Date: 04/11/2002
constraints specified in the CCD entitled “Horizon New Service Business Volumes”
(PA/PER/031).
2.6.1 Bronze Service Outlet;
2.6.2 Silver Part Time Service Outlet;
2.6.3 Silver Daytime Service Outlet; or
2.6.4 Silver 24 Hour Service Outlet.
2.7 PIN Pads
2.7.1 Subject to paragraph 2.7.2, Fujitsu Services shall ensure that all automated
Counter Positions where the NBS is available (as set out in paragraphs 2.3
and 2.4 of this Schedule) shall have the capability to support the use of PIN
Pads. [PPRO10] [NBR066]
2.7.2 PIN Pad support provided by the NBS shall be for the purposes of Customer
Verification and change of PIN, and no other purpose. [NBR250] [PPR001]
[PPRO12] [NBR431] It shall be possible to add additional Banking
Transactions through the Change Control Procedure and Fujitsu Services
shall design the NBS so as not to inhibit such additions. PIN Pad support
provided for CAPO shall be no different to that provided for any other Bank.
2.73 Not used.
2.74 The specification for the interface and interaction required between PIN Pads
and other elements of the NB System shall be documented in the CCD
entitled “Generalised API for OPS/TMS” (TD/STD/004).
© 2002 Fujitsu Services Commercial in Confidence Page: 9 of 1
(Pathway) Limited
CONTRACT CONTROLLED
POL00394114
POL00394114
Fujitsu Services NBS definition Ref: BP/SPE/nnn
(Pathway) Limited
Version: 0.1
Commercial in Confidence Date: 04/11/2002
2.8
2.9
2.7.5 The NB System/Counter Clerk dialogue required for Customer Verification
by PIN entry shall be as documented in the CCD entitled “Network Banking
Counter Dialogue — Activity & Screen Flows” (NB/SPE/003). [NBR250]
[PPR0O2] [PPRO14]
The NBS shall be bounded by Service Boundaries with the following computer
systems:
2.8.1 NBE;
2.8.2 Post Office RDS; and
2.8.3 TIP Gateway,
as specified in the relevant AIS and TIS.
Fujitsu Services shall be responsible for provision of, security of, and management of
the communications link between the Data Centres and the NBE (which for the
purposes of this schedule shall include the physical routers, encryption devices, file
transfer management servers and associated cabling), subject to Post Office
complying with (and ensuring that any third party Post Office uses for siting or
storage of such equipment complies with) the following:
2.9.1 provision of a suitable physical operating environment for Fujitsu Services’s
equipment used for or in connection with the communications link including the
following:
(a) — ensuring the physical security of all equipment which is located on Post
Office and/or any such third party’s premises to protect against
unauthorised access; and
(b) provision of environmental conditions as reasonably required by Fujitsu
Services,
© 2002 Fujitsu Services Commercial in Confidence Page: 10 of 1
(Pathway) Limited
CONTRACT CONTROLLED
POL00394114
POL00394114
Fujitsu Services BS definition Ref: BP/SPE/nnn
(Pathway) Limited
Version: 0.1
Commercial in Confidence Date: 04/11/2002
2.9.2 permitting Fujitsu Services to gain access (at reasonable times and on
reasonable notice) to all locations where such equipment is held or is to be
installed, in order to enable Fujitsu Services to effect or procure the installation,
maintenance, repair, renewal and support of such equipment.
For the purposes of paragraphs 2.11 and 2.12 of this Document:
“NB System Design Information” means information concerning the design and
characteristics of the NB System held by Fujitsu Services but not available to Post
Office ; and
the “Purpose” means the operation of End to End Banking and the integration of the
NB System with other elements of End to End Banking.
Fujitsu Services shall supply or give access to Post OfficePost Office such NB System
Design Information as Post OfficePost Office reasonably requires for the Purpose,
subject to the following conditions and restrictions:
2.11.1 the provision of copies of or access to NB System Design Information to
Post OfficePost Office by Fujitsu Services shall be subject to such
confidentiality provisions and restrictions on disclosure or access as Fujitsu
Services may reasonably specify, taking into account the sensitivity of the
particular System Design Information concerned and any obligations of
Fujitsu Services to third parties in respect of that NB System Design
Information; and
© 2002 Fujitsu Services Commercial in Confidence Page: 11 of 1
(Pathway) Limited
CONTRACT CONTROLLED
POL00394114
POL00394114
Fujitsu Services NBS definition Ref: BP/SPE/nnn
(Pathway) Limited
Version: 0.1
Commercial in Confidence Date: 04/11/2002
2.11.2 where Fujitsu Services is restricted or prohibited by binding obligations to
third parties from disclosing NB System Design Information to Post
OfficePost Office:
(a) Fujitsu Services shall use all reasonable endeavours to procure the
mitigation and release of those restrictions or prohibitions; and
(b) Fujitsu Services shall not be obliged to disclose to Post OfficePost
Office any NB System Design Information which it is prohibited
from so disclosing.
2.12 Post OfficePost Office shall not use NB System Design Information for any purpose
other than the Purpose.
2.13 The provisions of paragraph 2.11 and paragraph 2.12 of this DocumentDocument
shall be in addition to and without prejudice to the provisions of Clause 607 of this
Codified Agreement.
© 2002 Fujitsu Services Commercial in Confidence Page: 12 of 1
(Pathway) Limited
CONTRACT CONTROLLED
POL00394114
POL00394114
Fujitsu Services NBS definition Ref: BP/SPE/nnn
(Pathway) Limited
Version: 0.1
Commercial in Confidence Date: 04/11/2002
3.0 INTERFACES
3.1 The data flows and the NBS interfaces at the Service Boundaries referred to in
paragraph 2.8 of this DocumentDocument and the responsibilities of each party for
the transmission and receipt of data in either direction across those interfaces shall be
as set out in the AISs and TISs applicable to those interfaces. [NBR285]
3.2 The interfaces between the Data Centre and the NBE shall support the transmission of
data defined in the CCD entitled “NBE — Horizon Application Interface
Specification” (NB/IFS/008). The technical detail of the interfaces between the Data
Centre and the NBE shall be defined in the CCD entitled “Technical Interface
Specification — Horizon to NBE”(NB/IFS/009). The procedures which each party
shall follow and the responsibilities of each party in respect of the transmission of
Requests, Authorisations, Confirmations, D Messages and any other data to be
transmitted between the Data Centre and NBE interfaces shall be defined in the
Working Document entitled “NBE Operational Level Agreement”.
[NBR0SO, NBR285, NBR020, NBR219, NBR037, NBR045, NBR109, NBR147,
NBR202, NBR228, NBR277, NBR286, NBR536, NBR537, NBR252, NBR278]
3.3 The interfaces between the Data Centre and TIP shall support the transmission of data
(to be used by Post Office for Banking Transaction settlement and exception
reporting) from the DRSH to the TIP Gateway as documented in the CCD entitled
“Network Banking End to End Reconciliation Reporting” (CS/SPE/011). Fujitsu
Services shall update the TIS required for those interfaces for approval by Post
Office, such approval not to be unreasonably withheld. [NBR109] [NBR147]
© 2002 Fujitsu Services Commercial in Confidence Page: 13 of 1
(Pathway) Limited
CONTRACT CONTROLLED
POL00394114
POL00394114
Fujitsu Services NBS definition Ref: BP/SPE/nnn
(Pathway) Limited
Version: 0.1
Commercial in Confidence Date: 04/11/2002
3.4 The interfaces between the Data Centre and Post Office RDS shall support the
transmission across those interfaces of Post Office Reference Data for the NBS as
documented in the AIS entitled “A/S Reference Data to Pathway” ([BP/IFS/010]).
3.5 Fujitsu Services and Post Office shall agree from time to time the procedures which
each party shall follow and the responsibilities of each party in respect of the
transmission of Post Office Reference Data which shall be documented in Working
Documents.
3.6 Fujitsu Services shall use all reasonable endeavours to update the CCD entitled
“Generalised API for OPS/TMS”(TD/STD/004) to describe the NB Counter
Application interfaces as developed by Fujitsu Services by the date three months after
the NBS Acceptance Date and shall in any event do so by the date six months after
the NBS Acceptance Date.
© 2002 Fujitsu Services Commercial in Confidence Page: 14 of 1
(Pathway) Limited
CONTRACT CONTROLLED
Fujitsu Services
(Pathway) Limited
NBS definition
Commercial in Confidence
POL00394114
POL00394114
Ref: BP/SPE/nnn
Version: 0.1
Date: 04/11/2002
4.0 NBS QUALITIES
4.1
Extensibility
4.1
The NBS shall support, through changes to or the introduction of
appropriate Reference Data, the introduction and removal of new instances
of and changes to each of the items listed in the table below for the purposes
of the NBS. The initial allocation of each of the items to the classifications
described in the CCD entitled “JCL Pathway/ PON Interface Agreement for
Operational Business Change — Product” (CS/PRD/058) shall be as
specified in the table below. The parties may agree to vary the allocation of
the items from time to time, such variation to be documented by Fujitsu
Services in the Working Document entitled “Reference Data Change
Catalogue” (CS/IFS/001).
Ttem type (and, where I Introduction Change classification
different, the classification (as (as described in the
description of such described in the CCD I CCD entitled “7CL
item used in the CCD I entitled “JCL Pathway/PON Interface
entitled “A/S Pathway/PON Agreement for
Reference Data to Interface Agreement I Operational Business
Pathway” for Operational Change — Product”
(BP/AFS/010)) Business Change — (CS/PRD/058))
Product”(CS/PRD/05
8)
Bank issuer schemes I Advanced Complex Advanced Complex —
(CCD description —
Issuer scheme)
unless name change
only, in which case High
Risk
Banking operation
Advanced Complex
Advanced Complex —
unless change to
© 2002 Fujitsu Services
(Pathway) Limited
Commercial in Confidence
CONTRACT CONTROLLED
Page: 15 of 1
Fujitsu Services
(Pathway) Limited
NBS definition
Commercial in Confidence
POL00394114
POL00394114
Ref: BP/SPE/nnn
Version: 0.1
Date: 04/11/2002
presentation sequence
only, in which case High
Risk
IINs for an existing
Bank card
(CCD description -
TIN range)
High Risk
High Risk
NB Token element
definitions
(CCD description -
Bank card and bank
card element)
Advanced Complex
Advanced Complex
Method of data entry
(CCD description —
Permitted method of
entry)
High Risk
High Risk
NBE Routing IDs,
item names, minimum
value, maximum value,
multiple allowed value
N/A (Reference Data
used in the Existing
Services — except
NBE Routing ID
which is a new
element within the
N/A (Reference Data
used in the Existing
Services - except NBE
Routing ID which is a
new element within the
existing item history
existing item history record)
record)
Screen displays, N/A (Reference Data I N/A (Reference Data
changes to menu used in the Existing used in the Existing
hierarchy, new Services) Services)
desktop buttons, help
text and picklists
MCWP and MAAWP.
(NB: Not described in
the CCD entitled “A/S
N/A (as both are
system parameters,
they may be changed
System Parameter —
Pure
© 2002 Fujitsu Services
(Pathway) Limited
Commercial in Confidence Page: 16 of 1
CONTRACT CONTROLLED
Fujitsu Services
(Pathway) Limited
POL00394114
POL00394114
NBS definition Ref: BP/SPE/nnn
Version: 0.1
(BP/FS/010))
Commercial in Confidence Date: 04/11/2002
Reference Data to but can not be
Pathway” introduced)
[NBR405, NBR401, NBR404, NBR406, NBR023, NBR168]
4.1.2 Not used.
4.1.3. The introduction of changes to and new instances of items specified in
paragraph 4.1.1 of this DocumentDocument:
(a)
(b)
(c)
shall be in accordance with the procedures and timescales as
specified in the CCD entitled “JCL Pathway/ PON Interface
Agreement for Operational Business Change — Product”
(CS/PRD/058) The CCD shall be updated by Fujitsu Services before
the start of the Full E2E Testing Stage to include the procedures for
dealing with items classified as System Parameter - Pure and any
other new procedures for introduction of and changes to those
items and in that first updated version of that CCD, it shall be
provided that changes to an item classified as System Parameter —
Pure, insofar as such changes are undertaken by Fujitsu Services
shall take no more than 2 working days;
shall be effected using only the functions and processes used for
introduction of and changes to Reference Data for the Existing
Services;
shall not cause to be exceeded:
© 2002 Fujitsu Services
(Pathway) Limited
Commercial in Confidence Page: 17 of 1
CONTRACT CONTROLLED
POL00394114
POL00394114
Fujitsu Services NBS definition Ref: BP/SPE/nnn
(Pathway) Limited
Version: 0.1
Commercial in Confidence Date: 04/11/2002
(i) any limit or range in respect of any such item (including,
without limitation, limits or ranges on the number of IINs)
where such limit or range is specified in the CCD entitled
“Horizon New Service Business Volumes” (PA/PER/03 1);
and/or
(ii) if no such limit or range is specified in that CCD then a
reasonable limit or range [NBR025];
and
(d) shall not cause to be exceeded the limits in respect of the rates of
change of introduction of and/or changes to any such item specified
in the CCD entitled “/CL Pathway/ PON Interface Agreement for
Operational Business — Change Product” —(CS/PRD/058).
[NBR025] [NBR024] [NBR416]
4.1.4 Post Office shall be responsible for verifying and validating all NBS related
Post Office Reference Data for use in End to End Banking, save to the
extent that Fujitsu Services is obliged to do so (for the purposes of the use of
such Post Office Reference Data within the Post Office Service
Infrastructure) in accordance with paragraph 4.1.3 of this
DocumentDocument. For the avoidance of doubt, the Change Control
Procedure shall be used if Post Office requires, in connection with the
introduction of any of the items referred to in paragraph 4.1.1, Reference
Data validation or testing of the NB System (or any element thereof) outside
the scope of the CCD entitled “CL Pathway/ PON Interface Agreement for
Operational Business Change — Product” (CS/PRD/058).
© 2002 Fujitsu Services Commercial in Confidence Page: 18 of 1
(Pathway) Limited
CONTRACT CONTROLLED
POL00394114
POL00394114
Fujitsu Services NBS definition Ref: BP/SPE/nnn
(Pathway) Limited
Version: 0.1
Commercial in Confidence Date: 04/11/2002
4.1.5 For the avoidance of doubt, where Post Office Reference Data contains
future fields which are not enabled at the time of introduction of that Post
Office Reference Data as set out in the CCD entitled “A/S Reference Data to
Pathway” (BP/IFS/010), Fujitsu Services shall not carry out any processing
of data in those fields until use of such fields is agreed through the Change
Control Procedure. [NBR410, PPRO14]
4.1.6 — Fujitsu Services’s charges and rates for the creation and the introduction of
new icons shall be as set out in Schedule A12.
4.2 Integration with Existing Services
The NBS shall coexist with the Existing Services and the NBS shall appear as another
service at automated Counter Positions alongside the Existing Services. Banking
Transactions shall be reflected in EPOSS (including integration in Customer Sessions)
and the Cash Account. The counter dialogue for the NBS shall be as documented in
the CCD entitled “Network Banking Counter Dialogue — Activity & Screen Flows”
(NB/SPE/003) and by the applicable date specified in the NB Project Plan Fujitsu
Services shall propose and Post Office shall agree (such agreement not to be
unreasonably withheld) any enhancements required to the CCD entitled “Horizon
OPS Style Guide” (SD/STD/001) for the NBS. [NBR448 NBR493, NBR159]
[NBRO28]
4.3. Reference Data
Components of the NBS shall be controllable by Reference Data defined in the AIS
referred to in paragraph 3.4 of this DocumentDocument such that new or changed
items referred to in paragraph 4.1.1 of this schedule may be introduced under
Operational Business Change or the Change Control Procedure, as applicable.
[NBR460]
© 2002 Fujitsu Services Commercial in Confidence Page: 19 of 1
(Pathway) Limited
CONTRACT CONTROLLED
Fujitsu Services
(Pathway) Limited
NBS definition Ref: BP/SPE/nnn
Version: 0.1
Commercial in Confidence Date: 04/11/2002
4.4 Post Office Reference Data Distribution
441
442
4.43
On and after the applicable date specified in the NB Project Plan, Post Office
shall be responsible for generating and transmitting (as reasonably required
by Fujitsu Services) test Reference Data to Fujitsu Services’s RDMC.
[NBR096]
Post Office Reference Data used in the NBS shall be processed in
accordance with the CCD entitled “/CL Pathway/ PON Interface Agreement
Jor Operational Business Change — Product” (CS/PRD/058) once that CCD
has been amended in accordance with paragraph 4.1.3 (a) of this
DocumentDocument. [NBR025]
Post Office shall be responsible for ensuring that Post Office Reference Data
is introduced and is effective in the NBE no later than the date and time on
which it is due to be made effective in the NBS by Fujitsu Services and that
Post Office Reference Data shall continue to be valid in the NBE until a date
and time no earlier than that on which it is due to cease to be valid in the
NBS. Subject to the lead times in the CCD entitled “/CL Pathway/ PON
Interface Agreement for Operational Business Change — Product”
(CS/PRD/058) Fujitsu Services shall ensure that Post Office Reference Data
is implemented in the NBS on the date and time specified by Post Office and
that it remains valid until the expiry date and time specified by Post Office.
[NBR418]
© 2002 Fujitsu Services Commercial in Confidence Page: 20 of 1
(Pathway) Limited
CONTRACT CONTROLLED
POL00394114
POL00394114
POL00394114
POL00394114
Fujitsu Services NBS definition Ref: BP/SPE/nnn
(Pathway) Limited
Version: 0.1
Commercial in Confidence Date: 04/11/2002
5.0 COUNTER POSITION FUNCTIONALITY,
PROCEDURES AND PERFORMANCE
5.1. Supported Tokens and Transactions
5.1.1 The Tokens which shall be supported by the NBS (“NB Tokens”) and shall
be used to initiate Banking Transactions exclude smart cards [NBR063] and
are limited to those which:
(a) have a magnetic stripe; [NBR001]
(b) conform to ISO 7810, 7811, 7812, 7813; [NBR394] [NBR395]
[NBR396] [NBR397] [NBRSO1] and
(c) relate to a single account (including multiple account cards where
these automatically default to a single account). [NBR165]
5.1.2. The Transactions which shall be supported by the NBS (“Banking
Transactions”) are listed in the table below:
Cash Deposit
Cash Withdrawal
Balance Enquiry
Cash Withdrawal with Balance
Withdraw Limit
© 2002 Fujitsu Services Commercial in Confidence Page: 21 of 1
(Pathway) Limited
CONTRACT CONTROLLED
POL00394114
POL00394114
Fujitsu Services NBS definition Ref: BP/SPE/nnn
(Pathway) Limited
Version: 0.1
Commercial in Confidence Date: 04/11/2002
Change of PIN at PIN Pad
[NBRO0O1] [NBR003] [NBR004]
5.1.3 In addition, the NBS shall provide capability for further types of Banking
Transaction to be supported but Fujitsu Services shall not develop that
capability for any further types of Banking Transaction unless and until
agreed under the Change Control Procedure.
5.1.4 Banking Transactions in the table above shall all be carried out across on-line
network communication links between the NB System and the NBE.
[NBRO009]
5.1.5 I Where required in respect of a Banking Transaction in accordance with the
terms of this Schedule, Customer Verification shall take place in accordance
with paragraph 5.8.2 of this DocumentDocument.
5.1.6 I The Banking Transactions (and underlying Post Office Products) and Issuer
Schemes (as such expression is defined in the CCD entitled “A/S Reference
Data to Pathway” (BP/IFS/010)) supported by the NBS for each type of NB
Token shall be identified by Fujitsu Services through the Post Office
Reference Data associated with the ITN contained in each NB Token.
[NBR006, NBR429, NBRO18]
5.2. Application Principles
5.2.1 Post Office shall be responsible for the integration of the NBS and the NB
System into End to End Banking.
© 2002 Fujitsu Services Commercial in Confidence Page: 22 of 1
(Pathway) Limited
CONTRACT CONTROLLED
POL00394114
POL00394114
Fujitsu Services NBS definition Ref: BP/SPE/nnn
(Pathway) Limited
Version: 0.1
Commercial in Confidence Date: 04/11/2002
5.2.2 The NB Counter Application shall comply with the CCD entitled “Network
Banking Counter Dialogue — Activity & Screen Flows” (NB/SPE/003). Post
Office Reference Data held locally in Outlets shall be used by the NB System
to determine the appropriate counter dialogue for each Banking Transaction.
Each type of Banking Transaction may involve a number of different
dialogues between the NB System and the Counter Clerk and between the
PIN Pad and Customer, depending upon a number of variable factors (such
as, without limitation, whether, and if so what method of Customer
Verification is required in respect of a Banking Transaction). Prompts to
Counter Clerks displayed by the NB Counter Application shall be standard
for all Banks. The principles upon which text is to be generated by the NB
Counter Application and displayed to Counter Clerks and text displayed to
Customers on a PIN Pad, together with specific agreed text shall be as set
out in the CCD entitled “Network Banking Counter Dialogue — Activity &
Screen Flows” (NB/SPE/003). [NBR451, NBR439] [PPRO11, PPRO21,
PPRO23]
5.2.3 Not used.
5.24 The front-end processes for the Existing Services (e.g. menu hierarchy) shall
be reviewed and modified if reasonably necessary (subject to the Change
Control Procedure) in order to support the NBS functionality [NBR463].
The NB System shall be integrated within the Post Office Service
Infrastructure such that a Counter Clerk shall be able to serve a Customer by
carrying out any of the various types of Transaction supported (e.g. OBCS,
EPOSS, APS and NBS) as required by that Customer and all Transactions
for that Customer shall be included in the same EPOSS Customer Session.
For the avoidance of doubt, a Banking Transaction shall not automatically
© 2002 Fujitsu Services Commercial in Confidence Page: 23 of 1
(Pathway) Limited
CONTRACT CONTROLLED
Fujitsu Services
(Pathway) Limited
POL00394114
POL00394114
NBS definition Ref: BP/SPE/nnn
Version: 0.1
Commercial in Confidence Date: 04/11/2002
5.2.10
conclude a Customer Session even if it brings the balance to zero.
[NBR448, NBR450]
Not used
Input of Banking Transaction data by Counter Clerks at Counter Positions
shall be supported by touch screen and keyboard in combination or
separately, as described in the CCD entitled “Nenvork Banking Counter
Dialogue — Activity & Screen Flows” (NB/SPE/003). [NBR438, NBR484]
All Transactions shall be conducted under a common access control regime
such that a Counter Clerk is required to log-on once only (providing only
their allocated user identification and password) in order to make use of both
the NBS and Existing Services. ,[NBR449]
Reference Data held locally in Outlets shall be used to carry out initial
validation of NB Tokens presented by Customers for the purpose of carrying
out Banking Transactions. [NBR240]
Once a Banking Transaction has been initiated, and a Request generated, that
Banking Transaction shall be completed and the Banking Transaction
outcome added to the EPOSS transaction stack before any other Transaction
can commence. [NBR468]
Not used.
© 2002 Fujitsu Servi
(Pathway) Limited
ices Commercial in Confidence Page: 24 of 1
CONTRACT CONTROLLED
POL00394114
POL00394114
Fujitsu Services NBS definition Ref: BP/SPE/nnn
(Pathway) Limited
Version: 0.1
Commercial in Confidence Date: 04/11/2002
5.2.11 The NBS shall operate in a single currency and Banking Transactions shall
be recorded in that currency which, unless agreed otherwise under the
Change Control Procedure, shall be sterling. Fujitsu Services shall design the
NB System in a way which will not preclude a future development to
transact business in EUROs. However any such development shall be subject
to agreement through the Change Control Procedure. [NBR153]
5.2.12 I The NB Counter Application shall be designed and implemented to minimise
(within the constraints associated with performing Banking Transactions in
accordance with the CCD entitled “Network Banking Counter Dialogue
Activity & Screen Flows” (NB/SPE/003) and the constraints imposed by the
Hardware and the development tools connected with the Software used to
develop the NB Counter Application) the counter times for the system
processing elements particular to each variation of a Banking Transaction
involving data entry via screen or keyboard (and not using an NB Token
swipe). The CCD entitled “Generalised API for OPS/TMS” (TD/STD/004)
shall be updated to reflect the design characteristics and limitations of the NB
Counter Application as implemented. [NBR447]
5.2.13 Banking Transaction data that Fujitsu Services is responsible for shall be
recorded at source to ensure the integrity of that data. [NBR453]
5.2.14 The NB Counter Application shall provide a print preview facility
incorporating all details on the NB Receipt to enable the Counter Clerk to
produce a manual NB Receipt in the event of printer failure. [NBR155]
© 2002 Fujitsu Services Commercial in Confidence Page: 25 of 1
(Pathway) Limited
CONTRACT CONTROLLED
Fujitsu Services
(Pathway) Limited
POL00394114
POL00394114
NBS definition Ref: BP/SPE/nnn
Version: 0.1
Commercial in Confidence Date: 04/11/2002
5.3. Transaction Flow
5.3.1
Banking Transactions shall follow the RACOC1 Model. [NBR038, NBR020]
Requests, Authorisations and CO Confirmations shall be processed using on-
line network communication links between the NB System and NBE.
[NBR038] The C1 Confirmations committed to the transaction stack shall be
replicated in the manner used for Existing Services. [NBR021]
The date/time stamp which shall be inserted in Requests shall be based on the
local time in the relevant Outlet, as present on Counter Equipment in that
Outlet. Such date/time stamps shall be carried through any dialogue with a
Bank (in Requests, Authorisations and Confirmations) and the Customer
receipts to ensure consistency. [NBR157]
The Request, Authorisation and Confirmations for each Banking Transaction
shall have a common identifier as defined in the CCD entitled “NBE
Horizon Application Interface Specification” (NB/IFS/008) which is unique
to that Banking Transaction. [NBR158, NBR536]
The C1 Confirmation shall form part of the associated EPOSS Transaction
such that a message shall be recorded at the Outlet at the end of a Customer
Session in addition to any CO Confirmation recorded at the Outlet during a
Customer Session. [NBR182]
C1 Confirmations shall be generated in all cases where a Request has been
generated. CO Confirmations will be generated and transmitted on-line to the
NBE if:
(a) a Banking Transaction is Declined at the Counter Position (unless a
Decline has been received from the NBE);
© 2002 Fujitsu Servi
(Pathway) Limited
ices Commercial in Confidence Page: 26 of 1
CONTRACT CONTROLLED
Fujitsu Services
(Pathway) Limited
POL00394114
POL00394114
NBS definition Ref: BP/SPE/nnn
Version: 0.1
Commercial in Confidence Date: 04/11/2002
(b) a Banking Transaction is failed at the Counter Position; or
(c) there is system time-out either at the Counter Position or at the
Authorisation Agent such that an NBE Authorisation is not received
at the Counter Position for a corresponding Request.
Post Office shall be responsible for ensuring that the NBE supports receipt of
CO Confirmations sent to the NBE, and is able to generate C4 Confirmations
to the DRSH, as applicable.
5.4 Processes and Procedures
5.4.1
5.4.2
Fujitsu Services shall develop for agreement by Post Office (such agreement
not to be unreasonably withheld) clear and unambiguous processes and
procedures for the operation of the NBS in Outlets. Fujitsu Services shall
document such agreement in a PPD (the “NB PPD”) and such other PPDs as
the parties agree to be appropriate. However, until such time as the NB PPD
is agreed by the parties, the processes and procedures to be followed at
Counter Positions shall be those set out in the CCD entitled “Network
Banking Counter Dialogue — Activity & Screen Flows” (NB/SPE/003). The
parties intend that the content of the CCD entitled “Network Banking
Counter Dialogue — Activity & Screen Flows” (NB/SPE/003) which needs to
be maintained after completion of development of the NBS shall be included
in such other CCDs as the parties agree to be appropriate and references in
this DocumentDocument to that CCD will be replaced as appropriate.
[NBR232, , NBR463, NBR026].
Fujitsu Services’s Help Desk and the NBSC processes for dealing with
enquiries from Outlets in connection with the NBS shall be enhanced by
Fujitsu Services and Post Office respectively to support the NBS and each
© 2002 Fujitsu Services Commercial in Confidence Page: 27 of 1
(Pathway) Limited
CONTRACT CONTROLLED
POL00394114
POL00394114
Fujitsu Services NBS definition Ref: BP/SPE/nnn
(Pathway) Limited
Version: 0.1
Commercial in Confidence Date: 04/11/2002
party shall ensure that it follows any related new procedures. [NBR248,
NBR046, NBR047, NBR452] [NBR272]
5.4.3 In addition to its obligation in paragraph 5.4.2 of this DocumentDocument,
Post Office shall be responsible for providing a support desk service which
in respect of the NBE and its associated links to LINK and/or Banks, shall
act as a central point for obtaining information on the working state of the
NBE, and shall be responsible for notifying Fujitsu Services of any scheduled
interruptions. Such support desk service shall be the reporting point for
Fujitsu Services to log faults in systems and services outside the Post Office
Service Infrastructure and shall be responsible for progressing the resolution
of faults and for notifying Fujitsu Services when faults have been resolved.
A description of the service operation of such support desk shall be
documented in the Working Document entitled “ICL Pathway/Post Office
Interface Agreement for the NBSC and HSH Interface” (CS/IF'S/007).
5.4.4 Post Office shall ensure that all Users of the NBS in Outlets are trained in the
use of the NBS within their role and the procedures as set out in the NB
PPD. Each User shall be so trained prior to using the NBS, Post Office shall
be responsible for the production of the relevant training material.
5.4.5 To enable Post Office to design and develop training for NBSC personnel
Fujitsu Services shall provide in a timely manner such accurate information
about the NBS (beyond that which is contained in the NB PPD or other NBS
related CCDs) as may be reasonably requested by Post Office.
© 2002 Fujitsu Services Commercial in Confidence Page: 28 of 1
(Pathway) Limited
CONTRACT CONTROLLED
POL00394114
POL00394114
Fujitsu Services NBS definition Ref: BP/SPE/nnn
(Pathway) Limited
Version: 0.1
Commercial in Confidence Date: 04/11/2002
5.5 Counter Environment
The counter environment for the NBS shall comply with the CCDs entitled “7MS
Architecture Specification” (TD/ARC/029) and the “OPS Architecture Specification”
(TD/ARC/030) which shall be updated by Fujitsu Services before the start of NBS
Tests to include the amendments required to those CCDs to reflect changes to the
counter environment required for the NBS including, without limitation, the
development, introduction and use (for the purposes of the NBS) of WebRiposte, the
NB Counter Application, new Post Office Reference Data objects, PIN Pads, and any
consequential changes to the counter environment to be made by Fujitsu Services.
5.6 Customer Sessions
5.6.1 Banking Transactions shall be carried out within a Customer Session.
5.6.2 Each Banking Transaction shall be separate from other Banking
Transactions, such that, for example, a deposit and a withdrawal by a
Customer shall be two separate Banking Transactions with no system
relationship between them. [NBR151]
5.6.3. The NBS shall ensure that Session Mobility is prohibited between the start of
a Banking Transaction and the time that the C1 Confirmation is written to
the transaction stack. ,[NBR070]
5.6.4 The NBS shall ensure that suspend session as described in Requirement 825
of Schedule A15 of this Codified Agreement is prohibited between the start
of a Banking Transaction (as described in paragraph 5.7.2(a) of this
DocumentDocument) and the time that the C1 Confirmation is written to the
transaction stack. [NBRO71]
© 2002 Fujitsu Services Commercial in Confidence Page: 29 of 1
(Pathway) Limited
CONTRACT CONTROLLED
Fujitsu Services
(Pathway) Limited
POL00394114
POL00394114
NBS definition Ref: BP/SPE/nnn
Version: 0.1
Commercial in Confidence Date: 04/11/2002
5.6.5
5.7 DataC
57.1
5.7.2
The NBS shall ensure that forced end of session shall not compromise the
integrity of the RACOC1 Model. [NBRO72]
apture
The NBS shall enable the Counter Clerk to capture certain details from the
Customer’s NB Token electronically or manually (as described in this
paragraph 5.7 below), select the Banking Transaction type (e.g. withdrawal)
required by the Customer and the details of that Banking Transaction (e.g.
withdraw £50). Banking Transactions shall be capable of being initiated only
when in the serve customer mode described in the CCD entitled
“Generalised API for OPS/TMS” (TD/STD/004).
For the purposes of data capture, the NBS shall operate in accordance with
the following principles and in compliance with the provisions applicable to
data capture set out in the CCD entitled “Network Banking Counter
Dialogue — Activity & Screen Flows” (NB/SPE/003):
(a) Initiation of Banking Transaction shall occur when a NB Token is
swiped through and recognised by the magnetic card reader, or
when the Counter Clerk manually selects a Banking Transaction
(e.g. because the NB Token swipe fails) using the keyboard or
touch screen. [NBR164] [NBR486]
(b) The IIN recorded on the NB Token in conjunction with the method
of data entry and whether or not a PIN Pad has been installed shall
determine the Banking Transactions which the NBS shall support
© 2002 Fujitsu Servi
(Pathway) Limited
ices Commercial in Confidence Page: 30 of 1
CONTRACT CONTROLLED
POL00394114
POL00394114
Fujitsu Services NBS definition Ref: BP/SPE/nnn
(Pathway) Limited
Version: 0.1
Commercial in Confidence Date: 04/11/2002
for that NB Token. [NBR006] A separate NB Token swipe will be
required:
(i) for each individual Banking Transaction; and
(ii) unless a PIN is determined to be invalid at the Outlet, if an
incorrect PIN is input to the PIN Pad.
(c) Once the NB Token details have been successfully captured and
validated in accordance with paragraph 5.8.1(a) of this
DocumentDocument, only the Banking Transactions available to the
Customer using that NB Token shall be selectable. The Counter
Clerk shall be prompted to select the Banking Transaction type
required and, in the case of cash deposits and cash withdrawals
(excluding Banking Transaction type “Withdraw Limit”) to enter
the appropriate financial amount in the prevailing currency.
(d) Following Banking Transaction initiation by manual selection, once
data entry is complete, the Banking Transaction data flow shall be
the same as for a Banking Transaction initiated by NB Token swipe,
with the NB Counter Application recording that initiation was
manual rather than automatic. [NBR536]
5.8 NB Token Validation and Customer Verification
5.8.1 NB Token Validation
© 2002 Fujitsu Services Commercial in Confidence Page: 31 of 1
(Pathway) Limited
CONTRACT CONTROLLED
Fujitsu Services
(Pathway) Limited
POL00394114
POL00394114
NBS definition Ref: BP/SPE/nnn
Version: 0.1
Commercial in Confidence Date: 04/11/2002
NB Token Validation shall operate in accordance with the following
principles and shall be carried out in accordance with the provisions
applicable to NB Token Validation set out in the CCD entitled “Network
Banking Counter Dialogue — Activity & Screen Flows”. (NB/SPE/003).
(a) NB Tokens shall be validated against Reference Data held locally in
Outlets, and Banking Transactions shall be terminated where such
validation fails. [NBR240] [NBR168] [NBR007] [NBR008]
[NBRO33]
(b) Multiple and minimum Banking Transaction limits shall not apply to
the Banking Transaction type ‘Withdraw Limit’. [NBR166,
NBR168, NBR430]
(c) If before a Request is generated, the Banking Transaction is
abandoned by the Counter Clerk or terminated at a Customer’s
request, no C1 Confirmation, CO Confirmation or other record of
that attempted Banking Transaction shall be recorded by the NB
System. [NBR008]
(d) Following successful validation of the NB Token, a screen prompt
shall tell the Counter Clerk to perform the agreed checks
documented in the CCD entitled “Network Banking Counter
Dialogue — Activity & Screen Flows” (NB/SPE/003). [NBR161]
5.8.2 Customer Verification
© 2002 Fujitsu Services Commercial in Confidence Page: 32 of 1
(Pathway) Limited
CONTRACT CONTROLLED
POL00394114
POL00394114
Fujitsu Services NBS definition Ref: BP/SPE/nnn
(Pathway) Limited
Version: 0.1
Commercial in Confidence Date: 04/11/2002
Customer Verification shall operate in accordance with the following
principles and shall be carried out in accordance with the provisions
applicable to Customer Verification set out in the CCD entitled “Network
Banking Counter Dialogue — Activity & Screen Flows” (NB/SPE/003):
(a) In respect of each Banking Transaction, whether or not Customer
Verification is required, and if required the verification method
applicable, shall be identified through the Post Office Reference
Data held locally at Outlets associated with the ITN contained in the
NB Token presented to the Counter Clerk. Each method of
verification shall be able to operate independently of the others (e.g.
it will not be necessary to have installed a PIN Pad in order to
operate functionality associated with Customer Verification by
signature comparison). If Customer Verification is required the
method used shall be one of the following:
. Verification by the Counter Clerk comparing the
Customer’s signature with that on the NB Token, as the
only method
. Verification involving the Customer entering a PIN using
the PIN Pad, as the only method; or
. Verification by signature comparison as an alternative to
PIN entry, where the PIN Pad is not available by reason of
it not having been deployed in accordance with Schedule
G12
[NBR002] [NBR250] [NBR251] [NBR585] [NBR152] [PPROO1]
[PPR0O2] [PPRO14]
© 2002 Fujitsu Services Commercial in Confidence Page: 33 of 1
(Pathway) Limited
CONTRACT CONTROLLED
Fujitsu Services
(Pathway) Limited
POL00394114
POL00394114
NBS definition Ref: BP/SPE/nnn
Version: 0.1
Commercial in Confidence Date: 04/11/2002
(ii)
(iii)
Verification by signature comparison
The result of verification by signature comparison shall be
recorded in the C1 Confirmation and, as applicable, in any
CO Confirmation produced for the relevant Banking
Transaction. [NBRI73]
Verification by PIN entry
Where a Customer’s NB Token is verified by PIN entry,
the encrypted PIN value shall be encapsulated in the
Request and the outcome (e.g. whether or not the PIN
value is correct) shall be returned via the Authorisation.
Where verification is by PIN entry the Customer will not
be required to sign a NB Receipt. The PIN shall not be
displayed nor printed on any NB Receipt. [PPRO71]
[NBR575, NBR577] [PPRO71]
Verification by signature comparison as an alternative to
PIN entry
The principles set out in paragraph 5.8.2 (a)(i) of this
DocumentDocument shall apply.
5.9 Request, Authorisation and Confirmation Action
5.9.1
Fujitsu Services shall ensure that:
© 2002 Fujitsu Services
(Pathway) Limited
Commercial in Confidence Page: 34 of 1
CONTRACT CONTROLLED
POL00394114
POL00394114
Fujitsu Services NBS definition Ref: BP/SPE/nnn
(Pathway) Limited
Version: 0.1
Commercial in Confidence Date: 04/11/2002
(a) Following successful NB Token Validation, a Banking Transaction
shall not proceed unless a network connection to the Data Centre
can be reasonably expected to be established to obtain on-line
Authorisation, as set out in the CCD entitled “Nenwork Banking
Counter Dialogue — Activity Screens & Flows” (NB/SPE/003).
Once that connection has been established, a Request shall be sent
to the NBE, and the Banking Transaction shall only proceed if a
positive Authorisation is received from the NBE and that Banking
Transaction is not Declined by the Counter Clerk. In the event that
the Counter Clerk Declines a Financial Transaction a CO
Confirmation shall be sent on-line to the NBE. [NBR010, NBR008,
NBRO11, NBRO12]
(b) There shall be no local facility within an Outlet to override a Decline
response in an Authorisation. [NBR156]
(c) If the Authorisation is not for the same amount as the Request, the
Banking Transaction will be Declined by the NB System, except in
the case of a Request for a Banking Transaction type “Withdraw
Limit”, which will be permitted to proceed subject to the maximum
limit set by Reference Data.
(d) The MAAWP and the MCWP shall be:
(i) set as parameters in the NB System;
(ii) common for all Banks; and
(iii) configurable by Pathway Reference Data.
© 2002 Fujitsu Services Commercial in Confidence Page: 35 of 1
(Pathway) Limited
CONTRACT CONTROLLED
Fujitsu Services
(Pathway) Limited
POL00394114
POL00394114
NBS definition Ref: BP/SPE/nnn
Version: 0.1
Commercial in Confidence Date: 04/11/2002
5.9.2
and in any event the MCWP shall not exceed 40 seconds.
If after the generation of a Request at a Counter Position or after the
Authorisation Agent makes a Request available to the NBE a
corresponding Authorisation is not received within the MCWP or
MAAWP respectively, the Banking Transaction shall be Declined.
(e) The outcome of each Banking Transaction shall be written to the
EPOSS stack. Each Banking Transaction shall be identifiable to an
individual Counter Clerk “log-in ID” and Stock Unit. [NBR239]
For the purposes of the NBS, and in particular the NBS Service Levels
described in Schedule NO8, the result of the following calculation:
. MCWP minus MAAWP,
(such result being referred to in this paragraph 5.9.2 as the “Additional
Time”) shall not be less than 15 seconds. Once set, or as otherwise specified
in this Schedule changes to the MCWP and/or MAAWP where the resulting
MCWP is less than or equal to 40 seconds and where the resulting
Additional Time is more than or equal to 15 seconds shall be subject to
change under Operational Business Change, and changes where the resulting
MCWP is greater than 40 seconds and/or the resulting Additional Time is
less than 15 seconds shall be subject to agreement under the Change Control
Procedure. [NBR221]
© 2002 Fujitsu Services Commercial in Confidence Page: 36 of 1
(Pathway) Limited
CONTRACT CONTROLLED
POL00394114
POL00394114
Fujitsu Services NBS definition Ref: BP/SPE/nnn
(Pathway) Limited
Version: 0.1
Commercial in Confidence Date: 04/11/2002
5.10 Withdraw Limit
5.10.1 In the case of the Banking Transaction type “Withdraw Limit”, the NBS
shall not require the Counter Clerk to enter the withdrawal amount into the
NB System. [NBR430]
5.10.2 Following transmission of the Request for such Banking Transaction, Post
Office shall ensure that the amount which is permitted to be withdrawn
shall be included in the Authorisation. The NB System shall not allow the
amount permitted to be withdrawn to be overridden locally at the Outlet
other than by Declining the Banking Transaction. [NBR430]
5.11 Declined Transactions
Banking Transactions shall be Declined or shall be capable of being Declined by a
Counter Clerk or the NB System in accordance with the applicable processes and
procedures set out in the CCD entitled “Network Banking Counter Dialogue
Activity & Screen Flows” (NB/SPE/003), and in particular the provisions of that CCD
which relate to the:
(a) rules which govern when a Banking Transaction may or shall be Declined;
[NBR008] [NBRO10] [NBR458] [ NBR480]
(b) NB Receipts which shall be produced when a Banking Transaction is
Declined; [NBR167]
(c) prompts and messages which shall be displayed to a Counter Clerk when a
Banking Transaction is Declined; [NBR480] and
© 2002 Fujitsu Services Commercial in Confidence Page: 37 of 1
(Pathway) Limited
CONTRACT CONTROLLED
POL00394114
POL00394114
Fujitsu Services NBS definition Ref: BP/SPE/nnn
(Pathway) Limited
Version: 0.1
Commercial in Confidence Date: 04/11/2002
(d) Confirmation messages which shall be produced in event of a Decline.
[NBR167] [NBR0O8]
5.12 Reversed (Contra Entry) Transactions
The NBS will not support contra entries, that is Banking Transactions which negate
preceding Banking Transactions to which they refer. [NBRO15]
5.13 Receipts
5.13.1 NB Receipts shall be produced by the NB System in accordance with
paragraphs 5.13.2 to 5.13.4 (inclusive) of this DocumentDocument and the
applicable provisions of the CCDs entitled “Network Banking Counter
Dialogue — Activity & Screen Flows” (NB/SPE/003) and “Horizon OPS
Reports and Receipts” (SD/DES/005).
5.13.2. Derivation of NB Receipts
(a) The same form of NB Receipt shall be used for all Banks for each
Banking Transaction type. [NBR029]
(b) The NB System shall provide the capability for printing NB
Receipts in English and bilingual NB Receipts in English and Welsh
in the same manner as for the Existing Services. The language used
by the NBS in printing Outlet specific headers and footers in such
NB Receipts shall be determined by Reference Data. [NBR149]
© 2002 Fujitsu Services Commercial in Confidence Page: 38 of 1
(Pathway) Limited
CONTRACT CONTROLLED
Fujitsu Services
(Pathway) Limited
POL00394114
POL00394114
NBS definition Ref: BP/SPE/nnn
Version: 0.1
Commercial in Confidence Date: 04/11/2002
(c)
The NB System shall support the interpretation of messages
received from the NBE in accordance with the CCD entitled “NBE
Horizon Application Interface Specification” (NB/IFS/008)) and
such messages shall be printed within defined areas on NB Receipts
and documented in the CCD entitled “Network Banking Counter
Dialogue — Activity & Screen Flows” (NB/SPE/003). [NBR149,
NBRO31]
5.13.3 Production of NB Receipts
(a)
(b)
(c)
The NB System shall print NB Receipts for all Banking
Transactions undertaken using the NBS other than those which are
abandoned before a Request is generated. [NBR030] [NBR238]
An NB Receipt shall be produced where an Authorisation is
received with instruction to retain the NB Token in accordance with
paragraph 5.17 of this DocumentDocument.
The circumstances in which the NB System shall support the
capability of reprinting a current NB Receipt are described in the
CCD entitled “Network Banking Counter Dialogue — Activity &
Screen Flows” (NB/SPE/003).
5.13.4 Content of NB Receipts and reports
© 2002 Fujitsu Services
(Pathway) Limited
Commercial in Confidence Page: 39 of 1
CONTRACT CONTROLLED
Fujitsu Services
(Pathway) Limited
POL00394114
POL00394114
NBS definition Ref: BP/SPE/nnn
Version: 0.1
Commercial in Confidence Date: 04/11/2002
(a)
(b)
(c)
The detailed content and layout of each type of NB Receipt and
report and the circumstances in which they shall be printed shall be:
(i) consistent with paragraphs 5.13.1 and 5.13.2 of this
DocumentDocument;
(ii) as described in the CCD entitled “Network Banking
Counter Dialogue — Activity & Screen Flows’
(NB/SPE/003); and
(iii) documented by amendment to the CCD entitled “Horizon
OPS Reports and Receipts” (SD/DES/005). [NBR030,
NBR032, NBR539, NBR031, NBR429] [NBR237]
The NBS shall support printing of free text in agreed fields where
this is received from the NBE provided the free text does not
exceed the limit specified in the CCD entitled “NBE — Horizon
Application Interface Specification” (NB/IFS/008).
The provision of information required via the NBE for printing on a
NB Receipt is the responsibility of Post Office.
5.14 Error Screens
Error messages displayed by the NB System shall be as set out in the CCD entitled
“Network Banking Counter Dialogue — Activity & Screen Flows” (NB/SPE/003).
© 2002 Fujitsu Services
(Pathway) Limited
Commercial in Confidence Page: 40 of 1
CONTRACT CONTROLLED
Fujitsu Services
(Pathway) Limited
POL00394114
POL00394114
NBS definition Ref: BP/SPE/nnn
Version: 0.1
Commercial in Confidence Date: 04/11/2002
5.15 Settlement
For the purposes of this paragraph, “EPOSS Settlement” is the process at the end of a
Customer Session whereby monies and Receipts (as appropriate) are exchanged
between the Counter Clerk and Customer and all Transactions on the transaction
stack are written to the message store. Transactions written to the message store at
EPOSS Settlement shall include C1 Confirmations for Banking Transactions carried
out during the relevant Customer Session. [NBR254]
5.16 Messages
5.16.1
5.16.2
5.16.3
The Authorisation received from the NBE may contain codes for translation
into messages for display to the Counter Clerk or for printing on the NB
Receipt (or both) and the NB System shall display or print such messages as
described in the CCD entitled “Network Banking Counter Dialogue —
Activity & Screen Flows” (NB/SPE/003) and in accordance with the CCD
entitled “NBE — Horizon Application Interface Specification”
(NB/IFS/008).
The NB System shall display a message to the Counter Clerk asking him to
notify the Customer of any fees chargeable by a Bank for the Banking
Transaction requested by that Customer, provided that all required fee data
is included in the Authorisation received from the NBE. [NBR150] The NB
System shall allow the Customer the option to elect not to continue with that
Transaction without incurring the fee, or to proceed with that Transaction
with the fees as notified. [NBR150]
Collection of the fees referred to in paragraph 5.16.2 of this
DocumentDocument shall not be supported by and is excluded from the
NBS. [NBR242]
© 2002 Fujitsu Services Commercial in Confidence Page: 41 of 1
(Pathway) Limited
CONTRACT CONTROLLED
POL00394114
POL00394114
Fujitsu Services NBS definition Ref: BP/SPE/nnn
(Pathway) Limited
Version: 0.1
Commercial in Confidence Date: 04/11/2002
5.17 Retained NB Tokens
5.17.1 Where an Authorisation is received instructing that a NB Token be retained,
the NB System shall require the Counter Clerk to indicate whether or not
that NB Token has been retained and the result shall be included in the C1
Confirmation. [NBR014] [NBR252]
5.17.2 The NB System shall print a NB Receipt when a NB Token is retained in
accordance with the CCD entitled “Network Banking Counter Dialogues
Activity and Screen Flows” (NB/SPE/003).
5.17.3. The production of NB Token retention reports shall not be supported by the
NBS. [NBR064]
5.18 Recovery of Banking Transactions
Where a failure at a Counter Position causes Confirmation messages not to be written
to the message store or to be lost before they are replicated, irrespective of whether
such failure is catastrophic (requiring replacement of an element of the NB System) or
temporary (cured by “re-booting”) and whether such failure is at a single or multi
Counter Position Outlet, the NB System shall initiate a recovery process in
accordance with the CCD entitled “Network Banking Counter Dialogues — Activity
and Screen Flows” (NB/SPE/003) (the “Recovery Process”).
[NBR035, NBR176, NBRO13, NBR505]
© 2002 Fujitsu Services Commercial in Confidence Page: 42 of 1
(Pathway) Limited
CONTRACT CONTROLLED
POL00394114
POL00394114
Fujitsu Services NBS definition Ref: BP/SPE/nnn
(Pathway) Limited
Version: 0.1
Commercial in Confidence Date: 04/11/2002
5.19 Outlet Reports
The reports that shall be capable of being generated on demand in respect of the NBS
in Outlets (in relation to the Outlet in which such reports are requested) shall be in the
form described in the CCD entitled “Network Banking Counter Dialogue - Activity &
Screen Flows” (NB/SPE/003). [NBR256]
5.20 Help Functions
The NB System shall display integrated context sensitive help messages to assist
Counter Clerks at key points in the Banking Transaction as described in the CCD
entitled “Network Banking Counter Dialogue — Activity & Screen Flows”
(NB/SPE/003). [NBRO28]
5.21 Cash Account
The total value of successful Banking Transactions and the aggregate number of
successful and Declined Banking Transactions conducted in an Outlet shall be
recorded in the Cash Account for that Outlet using the mechanisms controlled by Post
Office Reference Data which are used for Existing Services. [NBR017, NBRO18,
NBR464, NBR258, NBR263]
© 2002 Fujitsu Services Commercial in Confidence Page: 43 of 1
(Pathway) Limited
CONTRACT CONTROLLED
POL00394114
POL00394114
Fujitsu Services NBS definition Ref: BP/SPE/nnn
(Pathway) Limited
Version: 0.1
Commercial in Confidence Date: 04/11/2002
6.0 BANKING TRANSACTION MANAGEMENT
FUNCTIONALITY
6.1 Introduction
The functions of the TMS in supporting each element of the NBS shall be as set out in
the CCD entitled “7MS Architecture Specification” (TD/ARC/029).
6.2 Interactive Communications between NBE and Horizon
The NBS shall support the RACOCI Model and the sequence for each Banking
Transaction, as set out in the CCDs entitled “NBE — Horizon Application Interface
Specification” (NB/IFS/008) and “Network Banking Counter Dialogues — Activity
and Screen Flows” (NB/SPE/003). Fujitsu Services shall document the RACOC1
Model in detail in a Working Document within a reasonable time (and in any event
not more than three months) after signature of the NBS CCN.
6.3 Bulk Agents
The TPS Agent shall harvest C1 Confirmations originating from each Outlet for
transmission via the TPS Host to Post Office TIP (as for EPOSS as an Existing
Service) making them available to the Data Warehouse and the DRSH.
6.4 Message Store Archive
The contents of the message store in the Data Centre shall be archived to the Archive
Server in accordance with the CCD entitled “Audit Trail Functional Specification”
(CR/FSP/006).
© 2002 Fujitsu Services Commercial in Confidence Page: 44 of 1
(Pathway) Limited
CONTRACT CONTROLLED
POL00394114
POL00394114
Fujitsu Services NBS definition Ref: BP/SPE/nnn
(Pathway) Limited
Version: 0.1
Commercial in Confidence Date: 04/11/2002
7.0 MANAGEMENT INFORMATION, AUDIT AND
ARCHIVE
7.1 TPS Host
The TPS Host shall process C1 Confirmations harvested by the TPS Agent.
7.2 Transaction Recording and Archiving
7.2.1 All Banking Transaction messages (including those to and from the NBE)
will be auditable consistent with the principles set out in the CCD entitled
“Audit Trail Functional Specification” (CR/FSP/006) and an audit trail of
each Banking Transaction message will be maintained for fifteen years after
its creation. [NBR441, NBRO16, NBR542] All such audit trails shall:
(a) have protection against unauthorised alteration and deletion;
(b) be irretrievably deleted or destroyed as soon as reasonably
practicable after that fifteen year period has expired, except where
Post Office has requested (prior to such deletion or destruction) an
Audit Record Query in connection with litigation support (in
accordance with paragraph 7.3 of this DocumentDocument), in
which event the relevant audit trail data (extracted by the Audit
Record Query) shall be retained for the duration of the associated
investigation; and
(c) identify the log-on identification used for each Banking Transaction.
[NBRS41]
© 2002 Fujitsu Services Commercial in Confidence Page: 45 of 1
(Pathway) Limited
CONTRACT CONTROLLED
Fujitsu Services
(Pathway) Limited
POL00394114
POL00394114
NBS definition Ref: BP/SPE/nnn
Version: 0.1
Commercial in Confidence Date: 04/11/2002
7.3 Inform
731
For the avoidance of doubt, the data contained in such audit trails are Post
Office Data.
It shall be Post Office’s responsibility to ensure that Users of the NBS, log-
on with separate log-on “IDs” and do not perform Banking Transactions
under a different log-on ID in order that the User responsible for each
Banking Transaction may be identified from audit trail data. [NBR541]
ation Retrieval and Audit
For the purposes of this paragraph 7.3:
“Banking Transaction Record Query” means a Record Query in respect
of a Banking Transaction which the Data Reconciliation Service has
reconciled or has reported as an exception, the result or records of which are
subsequently queried or disputed by Post Office or a third party;
“Audit Record Query” means a Record Query which is not a Banking
Transaction Record Query and which relates to Transactions;
“Old Format Query” means the extraction of records created before
commencement of NB Pilot (Soft Launch) relating to Transactions (other
than Banking Transactions) meeting the Search Criteria, such extraction
being limited to the following specific types of information/data fields: the
ID for the user logged-on, Counter Position ID, stock unit reference,
Transaction ID, Transaction start time and date, Customer Session ID, mode
(e.g. serve customer), product number and quantity, and sales value;
© 2002 Fujitsu Servi
(Pathway) Limited
ices Commercial in Confidence Page: 46 of 1
CONTRACT CONTROLLED
Fujitsu Services
(Pathway) Limited
POL00394114
POL00394114
BS definition Ref: BP/SPE/nnn
Version: 0.1
Commercial in Confidence Date: 04/11/2002
“Period One” means, in respect of each Transaction the period of 90 days
commencing on the date of that Transaction;
“Period Two” means, in respect of each Transaction the period commencing
the day after expiry of Period One for that Transaction, expiring the earlier
of the date:
(a) 18 months (in the case of Transaction records created before
commencement of NB Pilot Soft (Soft Launch)) or 15 years (in the
case of Transaction records created after commencement of NB Pilot
Soft (Soft Launch)), after the records of that Transaction were first
created; or
(b) of completion of transfer of Post Office Data (including the record of
that Transaction) in accordance with paragraph 4.1 of Schedule N06 or
paragraph 4.1 of Schedule A07, as applicable;
“Query Day” means each date against which an Audit Record Query or an
Old Format Query is raised;
“Record Query” means the extraction of records created after
commencement of NB Pilot (Soft Launch) in accordance with the terms of
this paragraph 7.3 relating to Banking Transactions (and, in the case of Audit
Record Queries relating to all Transactions) meeting the Search Criteria,
such extraction being limited to specific types of information/data fields as
follows:
© 2002 Fujitsu Services Commercial in Confidence Page: 47 of 1
(Pathway) Limited
CONTRACT CONTROLLED
POL00394114
POL00394114
Fujitsu Services NBS definition Ref: BP/SPE/nnn
(Pathway) Limited
Version: 0.1
Commercial in Confidence Date: 04/11/2002
- in the case of an Audit Record Query - the ID for the user logged-
on, Counter Position ID, stock unit reference, Transaction ID,
Transaction start time and date, Customer Session ID, mode (e.g.
serve customer), product number and quantity, and sales value; and
- in the case of a Banking Transaction Record Query - Banking
Transaction ID, Banking Transaction type, receipt date, receipt
time, the reason code (in the case of a discrepancy) and DRSH sub-
value(s) (eg CO Confirmation, C1 Confirmation, Decline); and
“Search Criteria” means:
- in the case of an Audit Record Query or Old Format Query either
of:
(a) date or dates (not exceeding 31 consecutive days), time-
range, Outlet and PAN (or equivalent identifier); or
(b) date or dates (not exceeding 31 consecutive days), time-
range and Outlet; and
- in the case of a Banking Transaction Record Query either of:
(a) date, time-range, Outlet and PAN; or
(b) date, time-range and Outlet, [NBR544]
© 2002 Fujitsu Services Commercial in Confidence Page: 48 of 1
(Pathway) Limited
CONTRACT CONTROLLED
POL00394114
POL00394114
Fujitsu Services NBS definition Ref: BP/SPE/nnn
(Pathway) Limited
Version: 0.1
Commercial in Confidence Date: 04/11/2002
to be specified for each individual Record Query or Old Format
Query (as applicable).
7.3.2 Fujitsu Services shall have access (such access being restricted to properly
authorised Contractor staff) to records of each Banking Transaction during
Period One and Period Two.
7.3.3 Limits and target times for Record Queries
(a) The table below sets out the limits on Record Queries and/or Old
Format Queries which Fujitsu Services shall be obliged to carry out
and the target times for carrying out each Record Query and/or Old
Format Query:
© 2002 Fujitsu Services Commercial in Confidence Page: 49 of 1
(Pathway) Limited
CONTRACT CONTROLLED
POL00394114
POL00394114
Fujitsu Services NBS definition Ref: BP/SPE/nnn
(Pathway) Limited
Version: 0.1
Commercial in Confidence Date: 04/11/2002
(1) Limits on Banking Transaction (2) Aggregate Limits on Audit Record (3) Limits on Old Format
Record Queries Queries and Old Format Queries Queries
Period One Period Two Period One and Period Two Period One and Period Two
Limits I 900 per year (ona I 100 per year(ona I Subject to paragraph 7.3.6 below, the limit per I The limit per year (on a rolling
rolling year basis) I rolling year basis) year (on a rolling year basis) shall be the first of I year basis) shall be the first of the
with no more than I with no more than I the following to be reached: (i) 550 (in following to be reached: (i)
126 in any calendar I 14 in any calendar I aggregate) Audit Record Queries and Old 50 Old Format Queries; or (ii) 700
month month Format Queries; or (ii) 7700 Query Days, and Query Days, and the limit per
the limit per calendar month shall be the first of I calendar month shall be the first of
the following to be reached (i) 77 (in aggregate) I the following to be reached: (i) 7
Audit Record Queries and Old Format Queries, I Old Format Queries; or (ii) 98
or (ii) 1078 Query Days Query Days
Target I 5 MSU Days 7 MSU Days Subject to paragraph 7.3.4 below and applicable I Subject to paragraph 7.3.4 below,
Time only in respect of Audit Record Queries, 7 14 working days (for queries of 14
working days (for queries of 14 or less days’ or less days’ duration) and 28
duration) and 14 working days (for queries of working days (for queries of
greater than 14 days’ duration). greater than 14 days’ duration).
© 2002 Fujitsu Services Commercial in Confidence Page: 50 of I
(Pathway) Limited
CONTRACT CONTROLLED
POL00394114
POL00394114
Fujitsu Services NBS definition Ref: BP/SPE/nnn
(Pathway) Limited
Version: 0.1
Commercial in Confidence Date: 04/11/2002
(b) The limits set out in columns numbered I and 2 in the table above and
the provisions of this paragraph 7.3 relevant in connection with the
application of those limits shall apply with effect from commencement
of NB Pilot (Soft Launch).
(c) The limits set out set out in the column numbered 3 in the table above
and the provisions of this paragraph 7.3 relevant in connection with
the application of those limits shall apply with effect from the date of
approval by both parties of the CCN which introduces the NBS
(CCN[no]) and shall cease to be applicable 18 calendar months after
the commencement of NB Pilot (Soft Launch).
(d) For the purpose of applying the limits in column 3 from the date of
approval by both parties of the CCN which introduces the NBS
(CCNIno]), the equivalent of Old Format Queries (and associated
Query Days) carried out in the 12 months prior to that date shall count
towards the annual limit (on a rolling year basis) and the equivalent of
Old Format Queries carried out in the calendar month in which the
NBS CCN is approved (prior to the date of such approval) shall count
towards the limits for that month.
(e) For the purpose of applying the limits in columns 2 and 3 after
commencement of NB Pilot (Soft Launch), any Old Format Queries
(and associated Query Days) carried out in the 12 months prior to
commencement of NB Pilot (Soft Launch) shall count towards the
annual limits (on a rolling year basis) and Old Format Queries carried
out in the calendar month in which NB Pilot (Soft Launch)
© 2002 Fujitsu Services Commercial in Confidence Page: 51 of 1
(Pathway) Limited
CONTRACT CONTROLLED
POL00394114
POL00394114
Fujitsu Services NBS definition Ref: BP/SPE/nnn
(Pathway) Limited
Version: 0.1
Commercial in Confidence Date: 04/11/2002
commences (prior to that commencement) shall count towards the
limits for that month
7.3.4 Where:
(a) anew Audit Record Query or Old Format Query is received by
Fujitsu Services or Post Office requires analysis of an existing Audit
Record Query or Old Format Query; and
(b) a member of Fujitsu Services’s personnel is needed to deal with that
new or existing Audit Record Query or Old Format Query; but
(c) that person is unavailable due to his or her attendance at court or
other proceedings in connection with an Audit Record Query or
Old Format Query,
the target times specified in paragraph 7.3.3 shall not apply to that new or
existing Audit Record Query or Old Format Query referred to in paragraph
7.3.4 (a) which Fujitsu Services shall instead deal with as soon as reasonably
practicable.
7.3.5 For the avoidance of doubt, the limits set out in paragraph 7.3.3 in respect of
Banking Transaction Record Queries shall not apply in respect of
reconciliation incident management and settlement reporting carried out as a
function of the Data Reconciliation Service.
[NBR260, NBR546]
© 2002 Fujitsu Services Commercial in Confidence Page: 52 of 1
(Pathway) Limited
CONTRACT CONTROLLED
Fujitsu Services
(Pathway) Limited
POL00394114
POL00394114
NBS definition Ref: BP/SPE/nnn
Version: 0.1
Commercial in Confidence Date: 04/11/2002
7.3.7
Post Office may at any time on three months’ notice (such notice expiring no
earlier than commencement of NB Pilot (Soft Launch) vary the aggregate
limits of Audit Record Queries and Old Format Queries which Fujitsu
Services is required to carry out as specified in column numbered 2 in the
table in paragraph 7.3.3,
7.3.6.1 between
(a) the limits specified in paragraph 7.3.3; and
(b) the following substitutes for those limits (applicable on the
same basis): 800 Audit Record Queries or 11200 Query
Days per year on a rolling year basis, and 112 Audit
Record Queries or 1568 Query Days per calendar month;
7.3.6.2 and between
(a) the substitute limits set out in paragraph 7.3.6.1(b); and
(b) the following substitutes for those limits (applicable on the
same basis): 1050 Audit Record Queries or 14700 Query
Days per year on a rolling year basis, and 147 Audit
Record Queries or 2058 Query Days per calendar month,
and in each case Fujitsu Services’s charges in respect of dealing with any
Audit Record Queries and/or Old Format Queries up to the limits as varied
in accordance with this paragraph shall be as specified in part C of Schedule
Al2.
Not used.
© 2002 Fujitsu Services Commercial in Confidence Page: 53 of 1
(Pathway) Limited
CONTRACT CONTROLLED
POL00394114
POL00394114
Fujitsu Services NBS definition Ref: BP/SPE/nnn
(Pathway) Limited
Version: 0.1
Commercial in Confidence Date: 04/11/2002
7.3.8 Post Office shall submit:
(a) Banking Transaction Record Queries to the Horizon System Help
Desk which will pass the Record Query to Fujitsu Services’s
customer service management support unit; and
(b) Audit Record Queries and Old Format Queries to Fujitsu Services’s
customer service security prosecution support section.
Fujitsu Services shall accept Record Queries and Old Format Queries only
from properly authorised Post Office staff.
7.3.9 Litigation Support
Where Post Office submits an Audit Record Query or Old Format Query, at
Post Office’s request Fujitsu Services shall, in addition to conducting that
query:
(a) present records of Transactions extracted by that query in either
Excel 95 or native flat file format, as agreed between the parties;
and
(b) subject to the limits set out below:
(i) analyse:
© 2002 Fujitsu Services Commercial in Confidence Page: 54 of 1
(Pathway) Limited
CONTRACT CONTROLLED
POL00394114
POL00394114
Fujitsu Services NBS definition Ref: BP/SPE/nnn
(Pathway) Limited
Version: 0.1
Commercial in Confidence Date: 04/11/2002
. the appropriate Fujitsu Services’ Help Desk
records for the date range in question;
. Outlet non-polling reports for the Outlet in
question; and
. fault logs for the devices from which the records
(ii)
(iii)
of Transactions were obtained
in order to check the integrity of records of Transactions
extracted by that query; [NBR260, NBR545]
request and allow the relevant employees of Fujitsu
Services to prepare witness statements of fact in relation
to that query, to the extent that such statements are
reasonably required for the purpose of verifying the
integrity of records provided by Audit Record Query or
Old Format Query, and are based upon the analysis and
documentation referred to in this paragraph 7.3.9; and
[NBRS547]
request and allow the relevant employees to attend court
to give evidence in respect of the witness statements
referred to in (ii) above,
provided that:
(iv)
Fujitsu Services’s obligations set out in (i) and (ii) above
shall be limited, in aggregate, to dealing with a maximum
© 2002 Fujitsu Services
(Pathway) Limited
Commercial in Confidence Page: 55 of 1
CONTRACT CONTROLLED
POL00394114
POL00394114
Fujitsu Services NBS definition Ref: BP/SPE/nnn
(Pathway) Limited
Version: 0.1
Commercial in Confidence Date: 04/11/2002
of 250 (in aggregate) Record Queries and Old Format
Queries per year (on a rolling year basis); and
(v) Fujitsu Services’s obligations in the case of provision of
witnesses referred to in paragraph (iii) above shall be to
provide witnesses to attend court up to a maximum (for all
such attendance) of 100 days per year (on a rolling year
basis).
For the avoidance of doubt the target times set out in paragraph 7.3.3 for
dealing with Audit Record Queries and Old Format Queries shall not apply
in respect of Fujitsu Services’s obligations under paragraph 7.3.9.(b).
7.3.10 Any information requested beyond that available by Record Query and/or
any witness statements or witness attendance beyond that available in
accordance with this paragraph 7.3 shall be agreed on a case by case basis
and shall be dealt with in accordance with the Change Control Procedure.
7.3.11 Sensitive Data included in records of Banking Transactions extracted by
Record Query and provided to Post Office (but, for the avoidance of doubt,
not that included in records for Transactions extracted for Audit Record
Queries in respect of any other Post Office Service) shall be in the encrypted
form in which they are held by the NB System. [NBR538]
7.3.12 Audit Access
© 2002 Fujitsu Services Commercial in Confidence Page: 56 of 1
(Pathway) Limited
CONTRACT CONTROLLED
POL00394114
POL00394114
Fujitsu Services NBS definition Ref: BP/SPE/nnn
(Pathway) Limited
Version: 0.1
Commercial in Confidence Date: 04/11/2002
Reasonable access to the audit trail of Banking Transactions for Post Office
auditors for audit purposes shall be by request (and reasonable notice to)
Fujitsu Services’s Audit Manager. [NBR444]
© 2002 Fujitsu Services Commercial in Confidence Page: 57 of 1
(Pathway) Limited
CONTRACT CONTROLLED
POL00394114
POL00394114
Fujitsu Services NBS definition Ref: BP/SPE/nnn
(Pathway) Limited
Version: 0.1
Commercial in Confidence Date: 04/11/2002
8.0 DATA RECONCILIATION SERVICE
8.1 Introduction
The reconciliation and settlement reporting services for Banking Transactions (the
“Data Reconciliation Service”) are described in this paragraph 8.
8.2 Reconciliation
8.2.1 This paragraph 8.2 describes the functionality for that part of the end-to-end
network banking reconciliation system required by Post Office which shall
be developed and operated by Fujitsu Services as part of the NBS. Such
part is referred to in this DocumentDocument as the “Reconciliation
System”. [NBR040]
8.2.2 Post Office and Fujitsu Services shall follow the reconciliation and incident
management procedures (applicable to each of them) for the investigation,
reporting and resolution of business incidents related to the NBS as set out
in the CCD entitled “Network Banking Reconciliation and Incident
Management” (NB/PRO/002). [NBR041, NBR500, NBR504]
8.2.3 Post Office shall not unreasonably withhold or delay its agreement to the
design of back end processes and Banking Transaction processing
procedures required to support the reconciliation and incident management
of Banking Transactions. [NBR041, NBR495, NBR496]
8.2.4 Reconciliation between counter and Cash Account
© 2002 Fujitsu Services Commercial in Confidence Page: 58 of 1
(Pathway) Limited
CONTRACT CONTROLLED
POL00394114
POL00394114
Fujitsu Services NBS definition Ref: BP/SPE/nnn
(Pathway) Limited
Version: 0.1
Commercial in Confidence Date: 04/11/2002
Reconciliation of EPOSS Transactions to the Cash Account shall be dealt
with at summary level using the reconciliation functionality used for EPOSS
as an Existing Service [NBR454]. Such reconciliation functionality shall
ensure that all Banking Transactions (reflected in C1 Confirmations) are
included in the Cash Account, but shall not identify erroneous Cash Account
mappings which cause such Banking Transactions to be included in the
wrong line of the Cash Account, or non-Banking Transactions to be
included in Cash Account lines intended for Banking Transactions.
Reconciliation to the Cash Account described in this paragraph 8.2.4 will be
performed after the electronic Cash Account is produced, which will be an
indeterminate time after the Transactions have been settled (in the same
manner as for the Existing Services).
8.2.5 Branching data-flows
(a) The Reconciliation System shall enable reconciliation of Financial
Transactions arriving at the DRSH from the following three sources:
[NBR183, NBR212, NBR229]
(i) _ the Confirmation Agent (i.e. the Cl Confirmations received by
the Confirmation Agent from the Counter Position);
(ii) the NBE (i.e. D Messages and C4 Confirmations) [NBR294,
NBR389]; and
(iii) the TPS Host (i.e. the C1 Confirmations harvested by the TPS
Agent as described in paragraph 6.3 of this Schedule),
© 2002 Fujitsu Services Commercial in Confidence Page: 59 of 1
(Pathway) Limited
CONTRACT CONTROLLED
POL00394114
POL00394114
Fujitsu Services NBS definition Ref: BP/SPE/nnn
(Pathway) Limited
Version: 0.1
Commercial in Confidence Date: 04/11/2002
which reconciliation shall be reported by Fujitsu Services in
accordance with the CCD entitled “Network Banking End to End
Reconciliation Reporting” (CS/SPE/011).
In the event that a CO Confirmation is sent to the NBE the relevant C1
Confirmation will indicate that a CO Confirmation has been generated.
(b) The Reconciliation System shall monitor the Financial Transactions
and report Banking Transaction states which are:
(i) intrinsically anomalous, in that their occurrence implies
malfunction in End to End Banking; or
(ii) anomalous in that an expected state has persisted for an
unexpected duration (e.g. where C1 Confirmations are
received from the Confirmation Agent and C4
Confirmations are received from the NBE but the
Confirmation from the TPS Host has not been received
after an abnormal delay),
identifying any such anomalous Banking Transaction states which
require human analysis for resolution. [NBR042, NBR228]
(c) The expected Banking Transaction states and Banking Transaction
states which constitute exceptions are those set out in the CCD
entitled “Network Banking End to End Reconciliation Reporting”
(CS/SPE/011).
© 2002 Fujitsu Services Commercial in Confidence Page: 60 of 1
(Pathway) Limited
CONTRACT CONTROLLED
POL00394114
POL00394114
Fujitsu Services NBS definition Ref: BP/SPE/nnn
(Pathway) Limited
Version: 0.1
Commercial in Confidence Date: 04/11/2002
(d) The Data Reconciliation Service shall not produce reports which
relate Banking Transactions included in Cash Accounts to Banking
Transactions included in the Transaction files sent by the TPS Host
to TIP, as these shall be covered by the reconciliation reporting and
processes used for EPOSS (as an Existing Service) and for TIP.
8.2.6 Complete processing
(a) The Reconciliation System shall:
(i) ensure that all data received by it are processed;
(ii) check for completeness of Financial Transactions; and
(iii) report exceptions/anomalies for resolution as described in
paragraphs 8.2.5 (b) and 8.2.5 (c) of this
DocumentDocument. [NBR227, NBR042]
(b) The Reconciliation System shall not regard a Banking Transaction
as complete until reported as such in accordance with the CCD
entitled “Network Banking End to End Reconciliation Reporting”
(CS/SPE/011).
8.3. Reconciliation and Settlement Reporting
The Reconciliation System shall transmit to the TIP Gateway the reports described in
the CCD entitled “Network Banking End to End Reconciliation Reporting”
(CS/SPE/011)) at intervals set out in that CCD. [NBR456]
© 2002 Fujitsu Services Commercial in Confidence Page: 61 of 1
(Pathway) Limited
CONTRACT CONTROLLED
POL00394114
POL00394114
Fujitsu Services NBS definition Ref: BP/SPE/nnn
(Pathway) Limited
Version: 0.1
Commercial in Confidence Date: 04/11/2002
8.4 Widespread Errors (as referred to in the CCD entitled “Network Banking
Reconciliation & Incident Management” (NB/PRO/002)) shall be dealt with in
accordance with the provisions of that CCD.
8.5 Fujitsu Services shall use reasonable endeavours to resolve all exceptions in each of
the following categories within 5 MSU Days:
(a) Priority Exceptions to which the Minimum Acceptable Threshold set out in
paragraph 2.4.6 of Schedule N08 does not apply, as specified in paragraph
2.4.5 of Schedule N08; and
(b) all other exceptions in any of the system state categories set out in the CCD
entitled “Network Banking End to End Reconciliation Reporting”
(CS/SPE/011).
8.6 For the purposes of paragraph 8.5 of this DocumentDocument, the resolution time
for:
(a) Priority Exceptions shall be measured by Fujitsu Services in accordance with
paragraph 2.4.1 of Schedule NO8; and
(b) all other exceptions shall be measured in accordance with the CCD entitled
“Network Banking Reconciliation and Incident Management”
(NB/PRO/002).
8.7 Fujitsu Services shall report on a monthly basis (in the Working Document entitled
“TIP Operational Review Book” its performance against the 5 MSU Day target
referred to in paragraph 8.5 of this DocumentDocument.
© 2002 Fujitsu Services Commercial in Confidence Page: 62 of 1
(Pathway) Limited
CONTRACT CONTROLLED
POL00394114
POL00394114
Fujitsu Services NBS definition Ref: BP/SPE/nnn
(Pathway) Limited
Version: 0.1
Commercial in Confidence Date: 04/11/2002
9.0 COMPLIANCE
91 Subject to paragraph 9.2 of this DocumentDocument, Fujitsu Services shall after
completion of NB Go Live provide reasonable co-operation and support as
reasonably requested by Post Office in carrying out the following activities:
(a) 1SO17799 policy and system audit: a single external audit, conducted by an
independent third party appointed by Post Office, of the documented
policies, procedures and processes adopted within each of the network
banking domains to validate conformance to ISO17799. The audit shall be
conducted at a mutually convenient time for all parties; and
(b) LINK compliance: as required by LINK when the Post Office Services
change Fujitsu Services shall assist Post Office to review LINK security
compliance requirements to identify any changes required.
9.2 Fujitsu Services’s obligations to provide co-operation, support and assistance under
paragraph 9.1 of this Document shall be introduced in accordance with the Change
Control Procedure and Fujitsu Services shall not unreasonably withhold agreement to
provision of such co-operation, support and assistance.
© 2002 Fujitsu Services Commercial in Confidence Page: 63 of 1
(Pathway) Limited
CONTRACT CONTROLLED
Fujitsu Services
(Pathway) Limited
POL00394114
POL00394114
NBS definition Ref: BP/SPE/nnn
Version: 0.1
Commercial in Confidence Date: 04/11/2002
10.0 SYSTEM AND DATA SECURITY
10.1 Legal and Regulatory Controls
10.1.1
10.1.2
10.1.3
Regulation of Investigatory Powers Act 2000
The security features, capabilities and related procedures provided by Fujitsu
Services in respect of the NBS shall be compliant with the requirements of
Part 3 of the Regulation of Investigatory Powers Act 2000 (the “Act”). In
the event that any provision of this Codified Agreement imposes an
obligation on Fujitsu Services which is inconsistent with any requirement
imposed by the Act, the requirement of the Act shall prevail over the
provisions of this Codified Agreement and those provisions shall cease to
apply to the extent of such inconsistency.
Other Legal and Regulatory Controls
Fujitsu Services shall comply with all banking laws and regulations,
including all relevant instructions, standards and directions of a regulatory
authority, which are in force and applicable to Fujitsu Services on signature
of the CCN to introduce the NBS into the Codified Agreement. Fujitsu
Services shall co-operate with Post Office to agree any necessary changes to
ensure compliance with any subsequent changes to such laws, regulations,
instructions, standards and directions and the Banking Code, such changes
(and Fujitsu Services’s reasonable charges in respect of such changes) to be
agreed and introduced under the Change Control Procedure. [NBR503]
CAPO
© 2002 Fujitsu Services Commercial in Confidence Page: 64 of 1
(Pathway) Limited
CONTRACT CONTROLLED
POL00394114
POL00394114
Fujitsu Services NBS definition Ref: BP/SPE/nnn
(Pathway) Limited
Version: 0.1
Commercial in Confidence Date: 04/11/2002
The parties agree and acknowledge that in the event that additional or
different legal or regulatory requirements arise in respect of provision of the
NBS to CAPO beyond those which apply for provision of the NBS to other
Banks then compliance by Fujitsu Services with such additional or different
legal and/or regulatory requirements and the charges for such compliance
will be dealt with through the Change Control Procedure.
10.2 Security for the Existing Services
The security features, facilities and functionality of the NBS set out in this paragraph
10 shall not reduce, mitigate, add to or modify any of Fujitsu Services’s security
obligations under this Agreement in respect of the Existing Services. [NBR568]
10.3 Security Standards
10.3.1 Fujitsu Services shall adhere, in providing the NBS, to the security standards
and requirements referred to in paragraph 4.1.4 (b) and (c) of Schedule A02.
Fujitsu Services shall co-operate with Post Office (and shall provide such
assistance as may reasonably be required by Post Office) in developing Post
Office’s network banking automation security policy, but shall not undertake
any new or modified obligations arising in respect of that policy, save as may
be agreed and introduced under the Change Control Procedure. Fujitsu
Services’s charges in respect of such co-operation and assistance provided at
any time following completion of NB Go Live shall be paid by Post Office to
Fujitsu Services and calculated on a time and materials basis using the
applicable Fujitsu Services' rates specified in paragraph 22.1 of Schedule
Al2.
© 2002 Fujitsu Services Commercial in Confidence Page: 65 of 1
(Pathway) Limited
CONTRACT CONTROLLED
POL00394114
POL00394114
Fujitsu Services NBS definition Ref: BP/SPE/nnn
(Pathway) Limited
Version: 0.1
Commercial in Confidence Date: 04/11/2002
10.3.2 Fujitsu Services shall update the CCDs entitled “JCL Pathway Security
Policy” (RS/POL/002) and “Security Functional Specification”
(RS/FSP/001) to document the NBS security features, facilities and/or
functionality provided by Fujitsu Services in accordance with this Document.
[NBR479, NBR501, NBR557]
10.4 Security Organisation and Management
10.4.1 Security for the NBS shall be managed and organised by Fujitsu Services in
accordance with the CCD entitled “/CL Pathway Security Policy”
(RS/POL/002) once updated in accordance with paragraph 10.3.2 of this
Document. [NBR559]
10.4.2 In any investigation carried out by Post Office and/or by Fujitsu Services of
any potential or actual security breach or threat, Post Office and Fujitsu
Services shall report to each other (or Fujitsu Services shall report to
Consignia, if required by Post Office) any actual or potential threats
identified in the course of such investigation that may have a material
adverse effect upon the NBS itself or End to End Banking. Fujitsu Services
and Post Office shall agree the procedures by which such threats shall be
reported and the methodology for investigating and resolving security
incidents (including disputed Banking Transactions) associated with the
NBS and/or End to End Banking. Such methodology shall be recorded by
Post Office in the CCD entitled “Security Incident Management” by the
applicable date specified in the NB Project Plan and, once agreed by Fujitsu
Services (such agreement not to be unreasonably withheld), the relevant
sections of that CCD setting out those procedures which impose obligations
on Fujitsu Services in respect of the NB System shall be referenced in the
CCD entitled “/CL Pathway Security Policy” (RS/POL/002) by the
applicable date specified in the NB Project Plan . [NBR563]
© 2002 Fujitsu Services Commercial in Confidence Page: 66 of 1
(Pathway) Limited
CONTRACT CONTROLLED
POL00394114
POL00394114
Fujitsu Services NBS definition Ref: BP/SPE/nnn
(Pathway) Limited
Version: 0.1
Commercial in Confidence Date: 04/11/2002
10.4.3 Fujitsu Services shall not unreasonably withhold assistance requested by
Post Office (or by Post Office on behalf of Consignia) in connection with the
investigation and resolution of any actual or potential security breach or
threat.
10.4.4 The scope of the CCDs entitled “Security Incident Management” and “ICL
Pathway Security Policy” (RS/POL/002) shall include all potential security
breaches or threats, other than those arising in exceptional circumstances.
10.4.5 Where this Codified Agreement does not cover potential security breaches
or threats Fujitsu Services’s charges in respect of co-operation and
assistance in respect of such breaches or threats (which shall be paid by Post
Office to Fujitsu Services) shall be calculated on a time and materials basis
using the applicable Fujitsu Services' rates specified in paragraph 22.1 of
Schedule A12. [NBR562]
10.5 Development and Maintenance
Fujitsu Services shall comply with the relevant parts of IS017799 in the
development and implementation of the NBS. Security related assumptions and
processes, upon which the NBS may depend, which are identified and/or developed
by Fujitsu Services during the design of the systems required to support the operation
of the NBS shall be reported to Post Office’s network banking automations security
working group and, as may be required by Post Office, to Consignia, unless Post
Office requests otherwise. [NBR561, NBR560]
© 2002 Fujitsu Services Commercial in Confidence Page: 67 of 1
(Pathway) Limited
CONTRACT CONTROLLED
Fujitsu Services
(Pathway) Limited
POL00394114
POL00394114
NBS definition Ref: BP/SPE/nnn
Version: 0.1
Commercial in Confidence Date: 04/11/2002
10.6 Network Banking Security Architecture
10.6.1 PIN Pads
(a)
(b)
The use of PIN Pads and the associated cryptographic management
shall be supported by the NBS. PIN Pads shall comply with the
requirements of ISO 9564. Fujitsu Services's key management for
any key directly or indirectly protecting the secrecy of PIN values
(together, "PIN Encryption Keys") shall comply with ISO 11568
Parts 1 to 3. The key management scheme used between each PIN
Pad and the rest of the Post Office Service Infrastructure shall be
the DUKPT scheme as described in section 4.7 and Appendix A of
the ANSIX9.24-1998 standard. Secure remote initialisation of any
PIN Encryption Keys held in PIN Pads will be put in place (by the
applicable date specified in the NB Project Plan by Fujitsu Services)
for PIN Encryption Keys within the NB System using an enhanced
version of the key management service and manual procedures used
for the Existing Services. Until such time as remote key
initialisation is in operation, Fujitsu Services shall use secure key
generation and loading processes managed in conjunction with the
supplier of the PIN Pads. [NBR582, NBR506] [PPR095]
[NBRS75]
Whenever information is passed between the Post Office Service
Infrastructure and the NBE the NBS shall translate any encrypted
PIN value received from a PIN Pad used within the Post Office
Service Infrastructure into a different encrypted value, using the
PIN Encryption Keys in force at the time, prior to transmission of
that PIN value to the NBE. Each translation shall be performed as
© 2002 Fujitsu Services
(Pathway) Limited
Commercial in Confidence Page: 68 of 1
CONTRACT CONTROLLED
Fujitsu Services
(Pathway) Limited
POL00394114
POL00394114
NBS definition Ref: BP/SPE/nnn
Version: 0.1
Commercial in Confidence Date: 04/11/2002
(c)
(d)
(e)
aresult of a single call toa HSM. Any HSM used to process
encrypted PIN values or PIN Encryption Keys shall be conformant
to the requirements of the versions of FIPS 140-1 level 3 and ISO
9564-1 section 6.3.1 as specified in the LINK Information Security
Standard issued January 2001 (subject to such dispensations from
that Standard (if any) as LINK may grant from time to time).
[NBRSO1, NBRS75,] [PPR028]
In the event of an actual or suspected key compromise in respect of
a PIN Encryption Key used within the Post Office Service
Infrastructure, Fujitsu Services shall implement key change
mechanisms in accordance with the principles stated in ISO 11568
Parts I to 3. Where the actual or suspected compromise affects a
key shared with the NBE the parties’ obligations in respect of key
change mechanisms shall be as documented in the CCD entitled
“NBE — Horizon Application Interface
Specification” (NB/IFS/008) [NBR574]
Fujitsu Services shall provide preventative measures against replay
of encrypted PIN values between the PIN Pad and the Counter
Position in accordance with the principles set out in the CCD
entitled “Security Functional Specification ”(RS/FSP/001) in
respect of protection against replay attacks.[NBR581]
PIN values shall be protected in accordance with the requirements
of ISO 9564 from the point of entry to the PIN Pad to the Service
Boundary with the NBE. Fujitsu Services shall ensure that any
plain-text PIN block is formatted as specified in ISO 9564 prior to
encryption, that PIN values do not appear in plain text other than
© 2002 Fujitsu Services
(Pathway) Limited
Commercial in Confidence Page: 69 of 1
CONTRACT CONTROLLED
POL00394114
POL00394114
Fujitsu Services NBS definition Ref: BP/SPE/nnn
(Pathway) Limited
Version: 0.1
Commercial in Confidence Date: 04/11/2002
within a HSM as specified in paragraph 10.6.1 (b) above or within a
PIN Pad and that any PIN Encryption Key used to encipher a PIN
block shall not be used for any other cryptographic purpose.
[NBRS75] [NBR576] [NBR577] [NBR578]
10.6.2 The Counter Terminal
(a) The NBS shall provide cryptographic protection of discretionary
data held on track 2 of a NB Token magnetic stripe and NB Token
details entered by a Counter Clerk (which will be one of or a
combination of the start date, NB Token issue number, validation
period and/or expiry date, according to the specific Banking
Transaction) (together, “Sensitive Data”) between the NB Counter
Application and the Service Boundary with the NBE. [NBR538]
(b) Once captured, Sensitive Data shall remain encrypted whilst it is
within the Post Office Service Infrastructure whether in transit or in
storage, save as necessary during the process of translation from
encryption under keys used within the Post Office Service
Infrastructure to encryption under keys in force at the relevant time
in the NBE. [NBR567] [NBR445] [NBR538]
(c) The technical security architecture shall differ between those
Outlets with PIN Pads and those Outlets that do not have PIN Pads
in that where a PIN Pad has been installed an encrypted PIN block
and associated cryptographic controls will be present within the
message following entry by the Customer of the PIN value.
[NBRS84]
© 2002 Fujitsu Services Commercial in Confidence Page: 70 of 1
(Pathway) Limited
CONTRACT CONTROLLED
Fujitsu Services
(Pathway) Limited
POL00394114
POL00394114
NBS definition Ref: BP/SPE/nnn
Version: 0.1
Commercial in Confidence Date: 04/11/2002
10.6.3 Data transit across the Post Office Service Infrastructure
(a)
(b)
All NBS Request, Authorisation and Confirmation messages will be
digitally signed prior to transmission. [NBR567] [NBR569]
[NBR558] [NBR228] [NBR445]. For the avoidance of doubt, the
use of such digital signatures is in addition to the security provided
by the virtual private network deployed at the Outlet LAN and the
WAN between the Outlet and the Data Centres. [NBR445]
In the event of a duplicate Request being submitted to the Data
Centre, which has been copied from the original Request without
authority, the NBS software will identify the duplicate Request as
having been originated at the Data Centre. Only Requests that
originate at a Counter Position will be passed to the NBE.
Furthermore if by some other means a duplicate Request is
submitted, the Authorisation arising from a duplicate Request
would not be processed by the Counter Position as it could not be
paired with the originating Request. [NBR580]
10.6.4 The Data Centre/NBE Interface
(a)
All interface connections between the Data Centres and the NBE
shall in addition to other security measures specified in this
paragraph 10 be protected by a combination of firewalls and
filtering routers to guard against unauthorised access, protocols and
services. [NBR558]
© 2002 Fujitsu Services
(Pathway) Limited
Commercial in Confidence Page: 71 of 1
CONTRACT CONTROLLED
Fujitsu Services
(Pathway) Limited
POL00394114
POL00394114
NBS definition Ref: BP/SPE/nnn
Version: 0.1
Commercial in Confidence Date: 04/11/2002
(b)
(c)
(d)
(e)
Message authentication codes (“MACs”) shall be used to verify and
authorise the integrity of all message or file data exchanged
between the Data Centres and the NBE. The MACs shall be
calculated using uni-directional MAC keys (“MAC Key”).
[NBR228] [NBR445] The process and procedures which Fujitsu
Services uses for MAC computation and MAC Key management
shall comply with the CCD entitled “NBE — Horizon Application
Interface Specification” (NB/IF'S/008).[NBR569] [NBR570]
[NBRS82] [NBRS06]
Fujitsu Services’s encryption devices for the network
communications link between the Data Centre and the NBE (other
than those located on Post Office’s premises or Post Office’s
agents’ premises) shall be located within the physical security
boundary of the Data Centre. [NBR573]
The crypto keys used by Fujitsu Services in respect of PIN Pads
shall be different from any other crypto keys used by Fujitsu
Services.
The crypto keys used by Fujitsu Services in respect of the network
communications link between the Data Centres and the NBE shall
be different from any other crypto keys used by Fujitsu Services.
[NBRS73] [NBR445]
The protection of encrypted PIN values in transit between the Post
Office Service Infrastructure and the NBE shall be performed in
© 2002 Fujitsu Services
(Pathway) Limited
Commercial in Confidence Page: 72 of 1
CONTRACT CONTROLLED
POL00394114
POL00394114
Fujitsu Services NBS definition Ref: BP/SPE/nnn
(Pathway) Limited
Version: 0.1
Commercial in Confidence Date: 04/11/2002
accordance with paragraph 10.6.1(b) of this Document. [NBR575]
[NBRS76] [NBRS77] [NBRS78]
(g) The protection of Sensitive Data in transit between the Post Office
Service Infrastructure and the NBE shall be as documented in the
CCD entitled “NBE — Horizon Application Interface Specification”
(NB/IFS/008).
(h) Post Office shall ensure the security, safe keeping and proper
management (as defined in ISO 11568 parts 1 to 3) of all keys
shared between the Data Centre and the NBE on the NBE side of
the interface between the Data Centre and the NBE. Fujitsu
Services shall ensure the security, safe keeping and proper
management (as defined in ISO 11568 parts 1 to 3) of all keys
which are used by it in connection with the NBS.
(i) Post Office shall be responsible for ensuring that the link from the
NBE to the Data Centres and information transmitted from the
NBE to Fujitsu Services across that link shall be in accordance with
the CCDs entitled “NBE — Horizon Application Interface
Specification” (NB/IFS/008) and “Technical Interface
Specification - Horizon to NBE” (NB/IFS/009).
q) If data received by Fujitsu Services from the NBE is in accordance
with or as described in the CCDs entitled “NBE — Horizon
Application Interface Specification” ( NB/IFS/008) and “Technical
Interface Specification -Horizon to NBE”( NB/IFS/009) then
© 2002 Fujitsu Services Commercial in Confidence Page: 73 of 1
(Pathway) Limited
CONTRACT CONTROLLED
Fujitsu Services
(Pathway) Limited
POL00394114
POL00394114
NBS definition Ref: BP/SPE/nnn
Version: 0.1
Commercial in Confidence Date: 04/11/2002
(k)
0)
Fujitsu Services shall not be liable to Post Office for acting in
accordance with that data
If data received by Fujitsu Services from the NBE is not in
accordance with or as described in the CCDs entitled “NBE —
Horizon Application Interface Specification” (NB/IFS/008) and
“Technical Interface Specification — Horizon to NBE”
(NB/IFS/009) then:
(i) Fujitsu Services shall reject such data and not act upon it;
and
(ii) to the extent that Fujitsu Services can show that such data
caused it to fail to comply with Service Levels under this
Codified Agreement, it shall be released from such
obligations and shall use reasonable endeavours to achieve
such Service Levels.
For the purpose only of Clauses 102.5.1 and 102.5.2, the provisions
of paragraph 10.6.4(k)(ii) of this Document shall be deemed to be
included also in Schedule A06.
Fujitsu Services shall be responsible for ensuring that the link from
the Data Centres to the NBE and information transmitted from the
Data Centres to the NBE across that link shall be in accordance
with the CCDs entitled “NBE — Horizon Application Interface
Specification” (NB/IFS/008) and “Technical Interface
Specification - Horizon to NBE” (NB/IFS/009).
© 2002 Fujitsu Services
(Pathway) Limited
Commercial in Confidence Page: 74 of 1
CONTRACT CONTROLLED
POL00394114
POL00394114
Fujitsu Services NBS definition Ref: BP/SPE/nnn
(Pathway) Limited
Version: 0.1
Commercial in Confidence Date: 04/11/2002
10.6.5 Audit
Notwithstanding any requirements in Schedule A03, any PIN values or
Sensitive Data held in audit and archive logs or trails maintained by Fujitsu
Services shall only be held in encrypted form and not as a plain text value.
[NBR577] [NBR538] Fujitsu Services shall retain the encryption keys used
to encrypt Sensitive Data but not those used to encrypt PIN values. For the
avoidance of doubt Fujitsu Services shall not be required to provide a
mechanism or means to decrypt any Sensitive Data or PIN values held on
audit and archive logs and trails.
10.6.6 Protection against malicious software
Fujitsu Services shall provide in relation to the NBS such protection against
malicious software (including viruses, network worms, logic bombs and
Trojan horses) and such physical security as commensurate with the
protection it provides in relation to the Existing Services including (to the
extent not already provided):
(a) the use of logical and physical floppy drive locking mechanisms to
prevent the unauthorised physical introduction of malicious
software; and
(b) the installation and appropriate configuration of NBS-dedicated
firewalls at the interface between the NBE and each Data Centre.
[NBR589]
© 2002 Fujitsu Services Commercial in Confidence Page: 75 of 1
(Pathway) Limited
CONTRACT CONTROLLED
POL00394114
POL00394114
Fujitsu Services NBS definition Ref: BP/SPE/nnn
(Pathway) Limited
Version: 0.1
Commercial in Confidence Date: 04/11/2002
10.6.7 Operational System and Security Management
The NB System elements in Outlets shall be remotely managed from the
Data Centres and Fujitsu Services’s other premises at Stevenage and Belfast
over public bearer networks by an operational management team authorised
by Fujitsu Services. Such team shall carry out legitimate maintenance and
diagnostic functions authorised in accordance with the CCD entitled
“Security Functional Specification” (RS/FSP/001) and the Working
Document “Access Control Policy” ((RS/POL/003). All public networks
between the Data Centres and the Outlets shall be protected by a virtual
private network. [NBR572]
10.7 Conflict and precedence
For the avoidance of doubt, the provisions of this Document in respect of
cryptographic mechanisms (e.g. encryption key lengths) and the security architecture
of the NBS shall apply to the NBS and to the extent that they differ from other
provisions relating to cryptographic mechanisms set out elsewhere in this Codified
Agreement (excluding the N Schedules) shall not apply to the Existing Services.
© 2002 Fujitsu Services Commercial in Confidence Page: 76 of 1
(Pathway) Limited
CONTRACT CONTROLLED
POL00394114
POL00394114
Fujitsu Services NBS definition Ref: BP/SPE/nnn
(Pathway) Limited
Version: 0.1
Commercial in Confidence Date: 04/11/2002
11.0 PIN PADS - ADDITIONAL PROVISIONS
11.1 Not used.
11.2 Fujitsu Services shall provide and maintain firmware distribution facilities from the
applicable date specified in the NB Project Plan to ensure the distribution of firmware
from the Data Centres to PIN Pads. The facility shall meet the software control
requirements of ISO 9564. [PPR031] [NBR575]
© 2002 Fujitsu Services Commercial in Confidence Page: 77 of 1
(Pathway) Limited
CONTRACT CONTROLLED
POL00394114
POL00394114
Fujitsu Services NBS definition Ref: BP/SPE/nnn
(Pathway) Limited
Version: 0.1
Commercial in Confidence Date: 04/11/2002
12.0 NBS CAPACITY MANAGEMENT SERVICE
12.1 For the purposes of this paragraph 12:
12.1.1 the following terms shall have the following meanings:
“Contracted Notice Period”
The meaning ascribed to it in the CCD entitled “Horizon New Service Business
Volumes” (PA/PER/031);
“Design Limit”
Each of the levels defined as a Design Limit in the CCD entitled “Horizon New
Service Business Volumes” (PA/PER/03 1) applicable to components of the Post
Office Service Infrastructure as specified in that CCD;
“Design Limit Notice Period”
The meaning ascribed to it in the CCD entitled “Horizon New Service Business
Volumes” (PA/PER/031); and
“Scalability Threshold”
© 2002 Fujitsu Services Commercial in Confidence Page: 78 of 1
(Pathway) Limited
CONTRACT CONTROLLED
POL00394114
POL00394114
Fujitsu Services NBS definition Ref: BP/SPE/nnn
(Pathway) Limited
Version: 0.1
Commercial in Confidence Date: 04/11/2002
12.1.2
12.2
12.3
Each of the levels defined as a Scalability Threshold in the CCD entitled “Horizon
New Service Business Volumes” (PA/PER/031) applicable to the components of the
Post Office Service Infrastructure as specified in that CCD; and
the Contracted Volumes, Design Limits and Scalability Thresholds shall, save as
provided in paragraph 12.2, be those applicable in respect of Phase I (as such term is
defined in the CCD entitled “Horizon New Service Business Volumes”
(PA/PER/031)).
In the event that Post Office serves a Phase 2 Notice on Fujitsu Services, the
Contracted Volumes, Design Limits and Scalability Thresholds shall, with effect from
the date specified in the Phase 2 Notice, be those applicable in respect of Phase 2 (as
such term is defined in the CCD entitled “Horizon New Service Business Volumes”
(PA/PER/031)). For the purposes of this paragraph 12.2, a “Phase 2 Notice” shall be
a notice in writing given by Post Office to Fujitsu Services specifying a date, at least
six months after the date of service of that notice but not earlier than 1 September
2003, on which Post Office requires Phase 2 to commence.
The NB System shall support the Contracted Volumes. EFTPoS volumetrics shall be
included in the capacity sizing for the NB System, to the extent and for such purposes
as described in the CCD entitled “Horizon New Service Business Volumes”
(PA/PER/03 1), and in accordance with the assumptions described in that CCD, but
the introduction of EFTPoS shall be subject to agreement under the Change Control
Procedure.
© 2002 Fujitsu Services Commercial in Confidence Page: 79 of 1
(Pathway) Limited
CONTRACT CONTROLLED
POL00394114
POL00394114
Fujitsu Services
(Pathway) Limited
NBS definition Ref: BP/SPE/nnn
Commercial in Confidence
Version: 0.1
Date: 04/11/2002
12.4. On each day that any of the following Contracted Volumes is exceeded the measures
of Fujitsu Services’s performance for the applicable NBS Service Level(s) listed in
the table below shall be disregarded on that day:
Contracted Volume exceeded (by NBS Service Level (as specified in
reference to the volume sets specified I Schedule N08) measurement(s) to be
in the CCD entitled “Horizon New disregarded
Service Business Volumes”
(PA/PER/03 1))
Network Banking - 5 minute (per Request and Authorisation transmission
second) Contracted Volume -CCD __I times — paragraph 2.1 of Schedule NO8
paragraphs 2.2.1 and 2.2.2
Online transactions - 5 minute (per Request and Authorisation transmission
second) Contracted Volume— CCD times — paragraph 2.1 of Schedule NO8
paragraphs 4.2.1 and 4.2.2
Outlet to Data Centre network — Request and Authorisation transmission
5 minute online transaction rate (per wad ~ paragraph 2.1 of Schedule No8
second); an
5 minute dialled transaction rate wes felabiity measures ~ Paragraph 2.3
period 1 (per second); oF schedule
5 minute dialled transaction rate
period 2 (per second); and/or
5 minute dialled transaction rate
period 3 (per second)CCD paragraph
5.3.1
and Fujitsu Services shall use reasonable endeavours to meet the applicable Service
Levels (specified in the table above) on that day.
12.5 If any of the Design Limits is exceeded then this paragraph 12.5 shall apply (in
addition to paragraph 12.4, as may be applicable):
(a) the measures of Fujitsu Services’s performance for:
© 2002 Fujitsu Services
(Pathway) Limited
Commercial in Confidence
Page: 80 of 1
CONTRACT CONTROLLED
Fujitsu Services
(Pathway) Limited
POL00394114
POL00394114
NBS definition Ref: BP/SPE/nnn
Version: 0.1
Commercial in Confidence Date: 04/11/2002
12.6
(b)
(i) any Service Level related to data processing by Fujitsu Services
(involving either automated or manual processing or both), whether
in respect of the NBS or any other Post Office Service; and/or
(ii) (in the case of Help Desk calls) any of the service targets set out in
paragraphs 4.3.2.1, 4.3.2.2, 4.3.2.3 and 4.3.2.4 of Schedule G10,
requirement 914 paragraphs 1.164.25, 1.164.26 and 1.164.27 of
Schedule A15 and solution reference 914 paragraphs [2.1.3 and
2.11.1] (targets 1, 2, 3, 5 and 6) of Schedule A16,
shall be disregarded to the extent Fujitsu Services can show that failure to
meet the Service Level and/or service target, as the case may be, occurred as
a result of the Design Limit being exceeded. Fujitsu Services shall use
reasonable endeavours to meet those Service Levels and/or service targets
during the period when the measures of Fujitsu Services’s performance are
disregarded; and
Fujitsu Services shall not be in breach and shall not be liable to Post Office
for any failure to perform its obligations related to data processing
(involving either automated or manual processing or both) and/or related to
dealing with Help Desk calls, whether in respect of the NBS or any other
Post Office Service, under this Codified Agreement, or delay in performing
such obligations, to the extent it can show that such failure or delay
occurred as a result of any of the Design Limits being exceeded.
In the event of a Design Limit being exceeded, Fujitsu Services shall be entitled to
recover from Post Office its reasonably incurred, increased costs and expenses of
performing obligations under this Codified Agreement to the extent that such
increased costs and expenses were the result of that Design Limit being exceeded.
Fujitsu Services shall use all reasonable endeavours to mitigate the amounts payable
in accordance with this paragraph and shall provide a statement of such increased
© 2002 Fujitsu Services Commercial in Confidence Page: 81 of 1
(Pathway) Limited
CONTRACT CONTROLLED
POL00394114
POL00394114
Fujitsu Services NBS definition Ref: BP/SPE/nnn
(Pathway) Limited
Version: 0.1
Commercial in Confidence Date: 04/11/2002
12.7
12.8
12.9
12.10
costs and expenses incurred for approval by Post Office, such approval not to be
unreasonably withheld.
In the event that Post Office requires a Contracted Volume or a Design Limit to be
increased it shall only be increased where such increase (and the amount of any
additional NB System equipment required and/or the allocation of any system
capacity or equipment to the NBS from any other Post Office Service) has been
agreed, through the Change Control Procedure, in advance of the required
Contracted Notice Period or Design Limit Notice Period as applicable.
For the avoidance of doubt any proposed increase in the Scalability Thresholds shall
be in accordance with the Change Control Procedure.
Fujitsu Services shall monitor the actual volumes as against the volumes specified in
the CCD entitled “Horizon New Service Business Volumes” (PA/PER/031) and shall
report such numbers and resulting trends at each meeting of the Service Review
Board. The Service Review Board shall review volume forecasts and may in the light
of such reports, recommend changes that may be required to the CCD entitled
“Horizon New Service Business Volumes” (PA/PER /031). The parties shall agree
volumes, trends and/or peak thresholds which, if they occur or are exceeded in live
operation, shall be reported by Fujitsu Services to the Service Review Board.
For the purpose only of Clauses 102.5.1 and 102.5.2, the provisions of paragraphs
12.2 and 12.4 of this Document shall be deemed to be included also in Schedule A06.
© 2002 Fujitsu Services Commercial in Confidence Page: 82 of 1
(Pathway) Limited
CONTRACT CONTROLLED
POL00394114
POL00394114
Fujitsu Services NBS definition Ref: BP/SPE/nnn
(Pathway) Limited
Version: 0.1
Commercial in Confidence Date: 04/11/2002
ANNEX 1 TO DOCUMENT
1. EXCLUDED AND UNSUPPORTED REQUIREMENTS
1d For the avoidance of doubt, the following features, functionality, equipment, services
and/or requirements that are referenced in the Post Office document “Network
Banking Automations Requirements Catalogue” shall not in any respect be provided,
supported, met or installed by or as part of the NBS:
1.1.1 training mode; [NBR027]
1.1.2 any form of fraud risk management service; [NBR068]
1.1.3. Banking Transactions involving cheque deposits; [NBR069]
1.1.4 any form of NBS demonstrator; [NBR186, NBR307, NBR308, NBR309,
NBR310, NBR311, NBR312, NBR313, NBR314, NBR378]
1.1.5 any support for a banking transaction type “cash deposit” with provision of
balance information (except as two separate Banking Transactions which
may be within a single EPOSS Customer Session); [NBR467]
1.1.6 functionality associated with Bank account opening, Customer enquiries or
Customer complaints; [NBR001]
© 2002 Fujitsu Services Commercial in Confidence Page: 83 of 1
(Pathway) Limited
CONTRACT CONTROLLED
POL00394114
POL00394114
Fujitsu Services NBS definition Ref: BP/SPE/nnn
(Pathway) Limited
Version: 0.1
Commercial in Confidence Date: 04/11/2002
1.1.7 functionality associated with delivery of NB Tokens to Outlets or Customers
or receipt of NB Tokens at Outlets, “pick-up” notices, or notification of
initial PIN to Customers;
1.1.8 functionality associated with NB Token reporting or redirection;
1.1.9 resilience features over and above those provided in respect of the Existing
Services, other than for the infrastructure that supports on-line Banking
Transactions;
1.1.10 direct connections between the Post Office Service Infrastructure and the
internet; [NBR571]
1.1.11 the requirement that messages are delivered to the NBE once only, although
the circumstances in which the same message may be delivered to the NBE
more than once shall be the exception (e.g. during recovery from system
failure) rather than the rule and shall be as specified in the CCD entitled
“NBE — Horizon Application Interface Specification” (NB/IFS/008), and
1.11.12 extended verification procedures. [NBR152]
© 2002 Fujitsu Services Commercial in Confidence Page: 84 of 1
(Pathway) Limited
CONTRACT CONTROLLED