POL00448371
POL00448371
From: Saf ismail;
Sent: Wed 30/03/2022 11:54:19 AM(UTC)
To: Sree Balachandran
Ce: Jeff Smyth ee
Subject: RE: Dual Log In's for Horizon & New Banking Screen
Hi Sree
Hope all is well, has there been any progress with the issues I raised?
The dual log in’s and process of the new payments, I was under the impression you were going to get
back to me.
I mentioned the issues to you in detail on the 18.2.22 by phone, happy to go through them again if
needed.
Regards
Saf Ismail
Non-Executive Director
Post Office Ltd
Finsbury Dials
20 Finsbury Street
London EC2Y 9AQ
From: Jeff Smyt!
Sent: 17 Febr
To: Saf ismail
Cc: Sree Balachandran ¢ GRO oT
Subject: Re: Dual Log In’s for Horizon & New Banking ~
Post Office Limited - Document Classification: INTERNAL
Saf. Apologies for not responding earlier in a promptly manner; I am somewhat buried in a number of parallel
technical programmes of activity.
I have asked Sree (Balanchandra) to lead the exploration of all available options relating to dual Horizon logon. Sree is
working with the POL Compliance and Network Operations teams to understand which avenues are open to us. He
will revert when he has followed up with the necessary individuals in POL. I’d expect that to happen in the next week.
I have also asked Sree to chase up on the PCI-DSS question that you raised. I rather suspect that the new PCI-DSS
compliance requirements dictated the revised journey steps mean because we (POL) have limited access to the BIN
ranges that are encoded in the PAN data. In the previous non- compliant journey, Horizon had full access to the full
PAN data on the card (16 digits) and held reference data about the card capabilities (whether it is deposit only, ATM
etc). With the new compliant PCI solution the Horizon system has restricted access, called BIN 6 - i.e. the first 4 PAN
digits and 2 others in the PAN 16 char string. This means that the issuing bank holds the precise card features and
these are securely released to POL when the card is inserted an a valid PIN is provided. Overall these changes are
what allow us to achieve PCIDSS compliance. I will ask Sree to get one of our technical specialists to join on us ona call
to explain this in depth.
Finally, I have asked Zdravko to loop back on the BranchHub login question that you raised with me and he has agreed
to do so.
Would it be useful to have a catch up this afternoon — I am free today from 17:00 onwards or could do anytime
between 13:00 and 15:00 tomorrow (Friday) if either works for you.
Best regards
Jeff
POL00448371
POL00448371
From: Saf ismai
Sent: Wednesday, February 16, 2022 5:01:46 PM
To: Jeff Smytl i
Subject: Dual Log In's for Horizon & New Banking Screen
Post Office Limited - Document Classification: INTERNAL
Hi Jeff
Hope all is well, do you have any updates on the dual log in an the new banking screen that I sent via
WhatsApp?
Regarding the banking screen was this ever trialled if so where and when?
Call me if needed.
Regards
Saf Ismail
Non-Executive Director
Post Office Ltd
Finsbury Dials
20 Finsbury Street
London EC2Y 9AQ
From: Saf ismaii i
Sent: 10 February 2022 16:31
To: Jeff Smyt
Subject: RE: Du:
Hi Jeff
Hope all is well, did you have any further updates regarding the issues I raised?
Regards
Saf Ismail
Non-Executive Director
Post Office Ltd
Finsbury Dials
20 Finsbury Street
London EC2Y 9AQ.
From: Jeff Smyt!
POL00448371
POL00448371
Post Office Limited - Document Classification: INTERNAL
Saf — Very happy to do that. I’m in a GE session for a few hours this morning.
Today, I’m free 1300-1400, 1430-15:00 or 15:30-16:00 or 18:00-1830 if any of those slots work for you.
Probably also worth saying up front that the Horizon policies around dual login for users are set by network and
compliance teams - and then implemented by IT.
Lets work through what the issues so I can understand it better.
Thanks
Jeff
From: Saf ismail! GRO I
Sent: 01 February/2022 11% _
To: Jeff Smyth; GRO I
Subject: Dual Log Ta's for Horizon
Hi Jeff
Hope all is well, please can we have a 20 minute chat regarding dual log in’s for PM’s.
This issue has come up so many times and nothing seems to be getting done. Its frustrating for the
PM’s are resulting in a poor customer journey.
Regards
Saf Ismail
Non-Executive Director
Post Office Ltd
Finsbury Dials
20 Finsbury Street
London EC2Y 9AQ.