Post Office Scandal

Reporting the Post Office Horizon IT Scandal

Post Office Scandal

Reporting the Post Office Horizon IT Scandal

Were some Subpostmaster discrepancies down to internal fraud?

Nick Wallis

13 comments

9 min read
Tim Chapman, outside Yalding Post Office in Kent

Since the rollout of the Horizon IT system in 1999/2000, the Post Office has been unable to tell the difference between computer error and fraud. Whilst relentlessly pursuing innocent people, it potentially failed to spot the multiple ways public money could be leaking out of its network. In a podcast I hosted last year (Ep 34: Where Did All The Money Go?), Second Sight’s Ron Warmington and former Subpostmaster Mark Baker counted up at least 14 ways the Post Office, Subpostmasters and Fujitsu could lose cash.

One area raised by Ron and Mark was internal fraud, either at Fujitsu, which operated and maintained the Horizon system, or within the Post Office. There are a number of ways in which it could happen, but whilst the Post Office was prosecuting Subpostmasters these were never properly considered, let alone investigated, so there is, as yet, no proof it ever did.

The easiest way would be via collusion, requiring one bent Subpostmaster and one bent Fujitsu or Post Office employee. Thanks to the Subpostmaster contract, which allowed Subpostmasters to keep surplus balances – no questions asked – it would be a relatively simple matter to divert funds from one (or multiple) branches to a bent branch and then remove those funds from that branch in cash. This could be done manually at numerous points in the Post Office back-office financial chain (eg at Chesterfield where manual transaction corrections were issued), or via a clever scamp at Fujitsu who could either manually divert funds by adjusting balances or create a routine which took £10 from 500 random branches each week and diverted those small sums to one specific branch, or even a fictitious client account.

This might be a fantasy. It is possible that all Post Office and Fujitsu employees were paragons of virtue and none considered or attempted, let alone successfully managed to remove any money from the system despite the lax controls, and an institutional willingness to believe that Subpostmasters were on the take.

Tim’s letter to the Inquiry

I have posted below, with permission, a letter written to the Post Office Horizon IT Inquiry by Tim Chapman, a current Subpostmaster. It is conjecture, but I think it is worth publishing in order to attempt to build some kind of body of evidence which raises the possibility of how internal fraud might be or might have been happening within the network.

Penny Williams, Former Subpostmaster
Penny Williams

A few months back, former Subpostmaster Penny Williams told me her sister and sister’s boss analysed printouts sent to her by the Post Office and concluded that something or someone was removing small amounts of money from her account on a regular basis. Sadly Penny has not subsequently been able to get her hands on those printouts – or if she has, she hasn’t given them to me!

There is also a comment below this blog post which asserts that Fujitsu employees were able to, and did, shift money out of Subpostmaster accounts. It read:

“Mr Wallis, twenty years ago I worked in a technical capacity in FUJITSU UK.
I have information you will find useful and which any Public Inquiry must know too.
It establishes criminal culpability on the part of the corporation as well as highups like Crozier and Vennells among the clients, since it proves they knew fully about backdoor access but instructed the POL solicitors to suppress any disclosure of this to defendants and courts.
While I put through no phantom entries myself, I was aware how commonplace it was, and the trivially easy overriding of the rudimentary audit trail embedded in the software too. What started as a prank swiftly became a crime, I prefer to believe most of the perpetrators never seriously consider that POL would treat the discrepancies so seriously and initiate prosecutions. It got totally out of hand. 90% of the phantoms were “against” the agents, thus unjustly enriching POL. Did you notice the disproportionate number of victims whose agent locations were in Wales?
I am able to provide you personally with much more, redacted only to protect my own identity. The FUJITSU non-disclosure agreement is probably more bone chilling than that used by POL, I do not wish at this stage in my life to be bankrupted. I know you are protecting some of your sources because so much of your book is accurate and it cannot all be down to deductive skill and luck. I’ve taken many steps, in addition to using TOR, to obfuscate my ID while making this posting; if I have an email address to which I could send material, I can give you all you need to pass on to the Police or CPS or the Enquiry.
Please provide a throwaway email address which I can use. The email address I provided here is a dummy.”

My multiple attempts to contact the poster of the above comment have failed. They might be mischief-making. If so, they succeeded.

But by posting the above together with Tim’s letter below there is the possibility it might trigger more interest from someone who might have something concrete to tell me. Sending me a message is easy and can be done via the contact form on this website, which pings an email straight to my inbox. This is a secure and confidential process.

Here is Tim’s letter as sent to Sir Wyn Williams, the Inquiry chair:

25th August 2024

Dear Sir Wyn Williams,

REF: Possible criminal activity within Fujitsu or Post Office running parallel to Horizon’s other problems.

I have been the Sub Postmaster for Yalding Post Office since July 2011. I took over the Post Office upon my retirement from the London Fire Brigade.  I was only 55 at the time and I only lived immediately next door so it seemed a good way to keep myself busy and be a contributing person within our village community.

I am fairly computer literate and got to grips with Horizon fairly quickly. I worked on my own most of the time, it is only a small village branch. The previous Post Mistress, of over 30 years’ experience, helped out on our busy Monday mornings for about a year. I made mistakes fairly regularly, but I had the assistance of her and the Helpline if required.  So, after a few months the mistakes got fewer and I started to enjoy the job a lot more. I still enjoy the job today.

Thankfully the well documented Horizon problems currently being investigated didn’t appear to affect me or the running of the branch.  

However, every few months I would notice £100 go missing (It was always £100). I do a daily cash count and check that against Horizon’s figures, and generally they tally quite happily fairly close together. Banking transactions of £100 are pretty much the most usual daily transactions. I would check the transaction log, but generally that would only tell of the ones that were confirmed, not of any unfulfilled ones. I assumed that I had made an error somewhere, despite being very careful where cash withdrawals were concerned. If the error could not be found I would have to balance the books using my own money.

I spoke to the previous Post Mistress and she told me that this had happened to her fairly regularly too.

I also regularly attended the local meetings for the National Federation of Sub Postmasters (the Fed) and one day in 2013 I raised the question of the regular losses of £100 to one of their officers. I wish I could remember who it was. I was informed quite categorically that Horizon was faultless and that any shortages were my fault entirely and that if I tried to take it further Post Office would tell me exactly that and the Fed could not have anything to do with it.  I was further informed that nobody could have any remote access to my Horizon account.

This was a bit of a surprise to me, even I know that computer systems can have problems, and most programmes have a back entrance in order to correct errors and bugs, but I took him at his word and left the issue alone. Stupidly I did not document or keep any of the paperwork involved…  

The fairly regular losses of £100 continued into 2015 and appeared to stop at about the same time as Horizon was upgraded. My estimate of loss personally is probably only £500 – £600. I still occasionally make mistakes to this day, but these do not conform to any discernible pattern. I do not expect to ever get any of my money back.  

My theory at the time, which I still think is the most likely scenario, is that there was some criminal activity taking place within the computer system itself. After the Bates v Post Office court case of 2018 – 19, we all now know full well that Fujitsu employees had been regularly secretly accessing branch Horizon accounts for years and I personally think that one or more of them were somehow stealing the money from me, and possibly many other Post Office branches throughout the UK. If this was indeed the case, the total amount stolen could be a very large sum indeed.

I have spoken with other Sub Postmasters and several of them recall similar incidents in that period of time up till 2015.

About a year ago I raised this issue with my Post Office area manager. Her advice was to submit a claim to the Shortfall Scheme. This I have done, and I am waiting for Post Office to come back to me for further enquiry.

I am aware that the possible scenario of criminal activity of the manner I have raised here has not been raised at the Post Office Inquiry, but this may well be something that should perhaps be considered a possibility and investigated further.

It also maybe something that the current Inquiry cannot consider, and in reality, I’m expecting to be told that such a scenario is impossible and, yes, those shortfalls were all my fault entirely. 

I apologise for taking up your valuable time Sir.

Yours sincerely

Tim Chapman

The journalism on this blog is crowdfunded. If you would like to join the “secret email” newsletter, please consider making a one-off donation. The money is used to keep the contents of this website free. You will receive irregular, but informative email updates about the Post Office Horizon IT scandal.

Share This:

,
,

13 responses to “Were some Subpostmaster discrepancies down to internal fraud?”

  1. Edward Stephenson avatar
    Edward Stephenson

    Having worked on mainframe computers for over 22 years, including 19 years on a Fujitsu/ICL2900 VME machine, my very first thoughts, after acquainting myself with the PO fiasco, centred on criminality in the Bracknell basement. So we must all hope that the Enquiry Chair has this aspect of the affair firmly embedded in his agenda.

    Does anybody know how debit card transactions were/are processed by the PO? I am fascinated by Peter Burfitt’s report of an apparently random purchase of Premium Bonds (a negotiable instrument?). I am aware that credit card transactions are collected by the merchant and then presented to the card provider for settlement (I stand to be corrected there), so did/does Fujitsu collect debit card transactions from the SPM and then pass them ‘en masse’ to the banks? And if so, could a clever criminal with access to the debit card file delete the relevant entry thus making the Bond purchase FOC? Such files of financial data must be heavily protected, but that is not to say that a clever person could not breach the security and amend the data without leaving evidence of tampering.

    Again we must all hope that the Chair has the technical resources and forensic expertise at his disposal to drill down into these sorts of areas.

    Reply
  2. Peter Bedson avatar
    Peter Bedson

    Who is funding the legal costs of the PO Directors and managers at the Inquiry? I know from experience that the traditional market for Directors and Officers Insurance is pretty thin – 20 years ago you couldn’t get more than about £10million – which they will have burnt through long ago so I strongly suspect that they were indemnified by the PO and it is yet another example of the taxpayer picking up the tab for all of this mess. Will we also pick up their defence costs once the inevitable criminal prosecutions start?

    Reply
  3. Mike avatar
    Mike

    I always wondered who were these faceless troglodytes beavering away in The Bunker at Bracknell. We know there were Fujitsu and Post Office staff there. We don’t know how decisions were made, what the management structure was, or how changes were supposed to be audited and how rigorous procedures were enforced. Well clearly, not a lot.
    My point is that, apart from Richard Roll, no one who worked in the Bunker has been giving evidence to the Inquiry. Surely they are the ones who know where the bodies are buried, and I would have thought they are crucial to explaining what happened.
    I’d like to see them called to attend the Inquiry. I don’t see how it can be definitive without this missing element. Obviously the Inquiry would allow them to ignore any confidentiality agreements they’ve signed.
    Though it does sound like many, most, maybe all will have to be careful about incriminating themselves. Perhaps if they are as thick as thieves, one of them will spill the beans, in exchange for immunity, if they are sufficiently worried about their fate, maybe having a troubled conscience.
    I do hope the Met will take an interest in this group, if they haven’t already.

    Reply
  4. Peter Burfitt avatar
    Peter Burfitt

    Interesting.

    I remember an odd couple, who were definitely not local, coming into my secluded village office to buy £200 of Premium Bonds. A transaction I viewed with great suspicion at the time but couldn’t reconcile how their paying me money could count as fraud. Even so I reported it to the ‘ Helpline ‘, ( usual response, ie., nothing ).

    The above suggestion that the transaction was later, shall we say, ‘ modified ‘ may well explain this.

    Even if I had a discrepancy of £200 on balance day ( a fairly frequent occurrence ) there would be no way of my working out that the apparent in-payment could be responsible. A very, very clever scam. Must have been thought up by someone with great intelligence, however, I’ve not seen too many of those during the hearings.

    I sincerely hope POL don’t regard this as a get-out-of-jail-free card, they still knew something was happening and did bugger all.

    Reply
  5. RogerTil avatar
    RogerTil

    Hi Nick, I wrote to you some time ago about the possibility of deliberate fraud.

    It doesn’t necessarily need a bent SPM, just some accomplice to go into a PO, make some transaction that results in them receiving a large amount of cash and then someone with remote access deletes the transaction.

    Obviously a transaction that has some other record (like cashing a cheque or withdrawing on a card), but I’m sure there are plenty of transactions in the PO that would meet that criteria.

    Someone could even be touring round an are (say Wales) visiting all the POs in turn to repeat the trick and pocket thousands.

    Reply
  6. Paul avatar
    Paul

    There are better legal brains analysing this but at first glance it appears hostile and malevolent actors were at play and the full investigative process should be brought to bear to ascertain the part they and/or others singularly or in tandem played.
    I sense those advanced legal brains are already working out whose door should be knocked on – I wish I was young enough to go around the country to bring them in.

    Reply
  7. Howard Yates avatar
    Howard Yates

    Tim Chapman states ” the possible scenario of criminal activity of the manner I have raised here has not been raised at the Post Office Inquiry”.
    Is this the case?
    Surely internal fraud must be one of the most likely causes of the discrepancies?
    At the very least, the enquiry should investigate what controls both POL and Fujitsu had in place for exposing potential fraud. If these controls were inadequate, then management was negligent.

    Reply
  8. Philip Smith avatar
    Philip Smith

    Nick,
    Have you ever seen the 1968 film ‘Hot Millions’? This film from 1968 and starring/written by Peter Ustinov and a young Maggie Smith is prophetic on a number of different levels. Also the film production company borrowed a mainframe computer at the very centre of the plot from…..

    The Post Office!!

    Cheers,

    Phil Smith

    Reply
  9. I'll keep this anonymous thanks avatar
    I’ll keep this anonymous thanks

    IT systems often have unknown vulnerabilities. I recall about 35 years ago I was working on a system that processed around £5,000,000 through direct debit on a once a month run.

    We’d made some changes to make the system work more quickly.

    After about 6 months I was making some legitimate changes, when I relalised that I could pinch the whole £5M and get away with it for 2 days… just long enough to leg it abroad….. fortunately I am honest and anyway, I didn’t want to live out my days in Brazil 🙂

    Instead I documented the way it could be done (which was rediculously easy) and went to see the internal audit team the next day…… the head of the team went “white”. Closed the loophole same day.

    Reply
  10. Victor Lilley avatar
    Victor Lilley

    It is Fraud by false representation s2 Fraud Act 2006 where the person knows the representation is false or MIGHT BE.
    The MIGHT BE seems to be being disregarded.

    Reply
  11. Peter Colledge avatar
    Peter Colledge

    A thoroughly respectful letter to the chair of the enquiry, so thank you, Tim. It seems obvious to me that Fujitsu’s claim that they could not access individual accounts, a fact that has been totally disproved by the enquiry, is false. I’ve no doubt whatever that money was being syphoned off from SP’s accounts in the unlikely even of scrutiny by government, the SP’s own union or any further investigation. I do hope the chair will take this up and taked the sums involved into consideration when determining compensation across the board.

    Reply
  12. Philip avatar
    Philip

    I am not discounting criminal activity but it would have to be very sophisticated and involve only a tiny number of people to succeed over that length of time. I have read this post several times. Amongst other things, the use of the word ‘agents’ concerns me as this had a specific meaning on Legacy Horizon. I believe that the poster is a fantasist.

    Reply
    1. Fred avatar
      Fred

      Re “agents”

      Pretty sure that the PO sometimes refer to subpostmasters as “Agents” and to their contract as the “Agency Agreement”. Not the PO in this case but it is the first seemingly relevant one I found. My _*highlighting*_.

      “JUSTICE FOR SUBPOSTMASTERS ALLIANCE – Latest

      Justice for Subpostmasters Alliance
      https://www.jfsa.org.uk
      A Subpostmaster does not earn a salary from Post Office Limited, but instead the post office branch of that _*agent*_ receives an office remuneration based upon.”

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Archives

  • 2024
  • 2023
  • 2022
  • 2021

Most Popular

Subscribe For Latest Blog Updates


Tags

Alan Bates alice perkins Alwen Lyons Andrew Winn Andy Dunks Andy Parsons Bates v Post Office BBC Bonusgate CCRC Chris Aujard Clarke Advice False Accounts Fujitsu Gareth Jenkins Grabiner HCAB Horizon Hugh Flemington Inquiry Interim Report Janet Skinner Jarnail Singh Lee Castleton Lord Arbuthnot Mark Davies Neuberger Nicki Arch Nick Read Noel Thomas Outcasts Creative Paula Vennells Paul Marshall Post Office Receipts and Payments mismatch bug Rob Wilson Rod Ismay Rodric Williams Second Sight Seema Misra ShEx Simon Clarke Susan Crichton Tracy Felstead UKGI

Categories