Fujitsu engineers might make adjustments to Post Office branch accounts with out anybody realizing
By
-
Karl Flinders,
Chief reporter and senior editor EMEA
Published: 11 May 2023 10:00
Fujitsu had no management over staff in certainly one of its tech assist groups accessing Post Office branch accounts remotely to make adjustments which could possibly be hidden from subpostmasters.
While it was already revealed that remote access was attainable, the dearth of management of this access, revealed throughout a Post Office Horizon scandal public inquiry listening to, sheds additional mild on Fujitsu’s lax practices supporting its error-prone system.
The Post Office Horizon scandal public inquiry heard that staff working at Fujitsu’s Software Support Centre (SCC), which offers third-line tech assist to Post Office branches, had “unrestricted and unauditable” remote access to branch accounts.
Horizon software program was launched in 1999 to exchange primarily handbook accounting practices. Originally from ICL, earlier than its acquisition by Fujitsu, the IT system was rolled out to hundreds of Post Office branches, however its introduction led to a sudden improve in subpostmasters reporting unexplained shortfalls of their accounts, for which they had been blamed.
Hundreds had been prosecuted, with some despatched to jail, and hundreds misplaced enormous sums of cash, with many going bankrupt. In complete, 86 former subpostmasters have up to now had wrongful convictions for fraud and theft overturned.
The existence of unrestricted and unauditable access by Fujitsu staff to accounts would have referred to as into query any accusation that unexplained losses had been attributable to subpostmaster error or theft.
Stephen Parker, a former SCC supervisor, confronted the general public inquiry in its present section, which is investigating the operation of the controversial Horizon system. During questioning, he admitted that management of SCC staff remotely accessing branch systems relied on them being reliable and following the access coverage, with no policing of their exercise.
Post Office denial
For years, the Post Office, below strain over allegations the Horizon system errors had been inflicting accounting shortfalls, denied that remote access to branch accounts was attainable. In 2015, in written proof to the BIS Select Committee Inquiry of 2015, the Post Office stated: “There is no functionality in Horizon for either a branch, Post Office or Fujitsu to edit, manipulate or remove transaction data once it has been recorded in a branch’s accounts.” The Post Office solely admitted it was in truth attainable when it was left with no alternative, throughout a High Court case in 2019.
During the newest public inquiry listening to this week (10 May 2023), an operations handbook from 2001 was examined. It acknowledged: “SSC has access to the live system, which can be used to correct data on the system when this has been corrupted in some way.”
The inquiry heard that Fujitsu had a course of in place for staff to make what had been often known as Operational Correction Requests (OCRs), which they’d full earlier than remotely accessing stay systems to make adjustments. OCRs have a course of connected to them which incorporates that when adjustments are made there must be a minimum of two folks from SSC concerned, recognized a “four eyes” process.
But there was no policing of access and its correct use trusted folks sticking to the method. Parker stated that so far as he remembers, this process was associated to adjustments that may have a monetary impression on subpostmaster accounts. “It was enforced only by process,” he stated. “This means everybody was aware that this was the requirement and whenever an OCR was approved then they knew of the [process] they needed to do.”
Jason Beer, Horizon Inquiry barrister, stated: “People are aware of the speed limit – that doesn’t mean they always abide by it, does it?”
Parker stated: “I agree with you, but I am not aware of any times that members of the SSC did not abide by that rule.”
But when requested whether or not there was an audit or monitoring to see if folks accessed the stay surroundings exterior of the system exterior of the OCR insurance policies, Parker admitted that “ultimately they were trusting [people] to follow the process”.
Financial information
Parker, who labored at SCC for 22 years, didn’t recall any audit of whether or not access to the stay property to right or change monetary information occurred. During the listening to, it additionally emerged that SCC staff might make adjustments to branch accounts with out leaving a digital signature, leaving the subpostmaster of the branch at the hours of darkness.
He admitted that any member of the SSC might make adjustments with out anyone’s data. “But I am not aware of that ever happening, and the nature of the people within SSC (experienced technicians) means the chances of someone doing that without somebody else realising there was something going on are almost nil.”
Former subpostmaster Michael Rudkin is definite he was singled out by the Post Office for asking tough questions on remote access to Horizon. In August 2008, when he was chairman of the negotiating committee of the Federation of Subpostmasters, Rudkin visited a Fujitsu know-how centre as a part of a working group taking a look at how to enhance bureau de change processes. During his go to, a Fujitsu worker demonstrated how he might make adjustments to subpostmaster branch accounts remotely, with out the subpostmasters realizing.
Rudkin’s expertise was confirmed in 2015 by former Fujitsu engineer Richard Roll. After contacting Alan Bates, the previous subpostmaster who led the combat for justice for subpostmasters, Roll blew the whistle on remote access.
In 2009, Computer Weekly printed an investigation into the issues skilled by seven subpostmasters who had been utilizing Horizon. The Post Office instructed every of them that no one else was experiencing issues and lined up the pc errors. It’s a standard grievance of subpostmasters that the helpdesk didn’t assist them examine unexplained accounting shortfalls.
Read extra on IT for retail and logistics
More Post Office software-related convictions overturned takes complete to 86
By: Karl Flinders
CCRC says ‘door open’ for extra critiques of subpostmaster convictions
By: Karl Flinders
Subpostmaster calls for names of Post Office executives who crushed him to suffocate reality
By: Karl Flinders
IT employee proof reveals a poisonous Post Office IT helpdesk that discriminated in opposition to subpostmasters
By: Karl Flinders
…. to be continued
Read the Original Article
Copyright for syndicated content material belongs to the linked Source : Computer Weekly – https://www.computerweekly.com/news/366537376/Fujitsu-staff-had-unrestricted-and-unauditable-remote-access-to-Post-Office-branch-systems