THE COMPUTER BULLETIN - December 1996
Seeking after the truth in computer evidence: any proof of ATM fraud? by Stephen Castell
'The revelation that Save & Prosper, the retail banking arm of Robert Fleming & Co, has been the victim of a £200,000 credit card fraud...shows how easy it can be to fool...card security systems. Details of customers' cards were stolen and encoded on to other cards, such as those for petrol points. The bank suspected internal collusion after print-outs containing card details went missing, but an enquiry proved inconclusive. All affected customers have been reimbursed.
The details were then encoded on the magnetic strips of other cards. Although all 500 victims were reimbursed by the bank, the stolen money has not been recovered... Such cases have highlighted yet again the serious issue of plastic card security...Card-issuers have been forced to admit that their security systems are not infallible and that 'phantom' withdrawals from ATMs are not always explained by the cardholder's negligence, or fraud by friends and relatives...'
'Experts agree...that technological failures account for only a tiny percentage of ATM losses'
As an expert witness instructed in the Andrew Stone prosecution referred to in both of these recent FT articles I do not agree that it is clear that card-issuers have been 'forced to admit' anything concerning the fallibility of their security systems; nor that software, computer system or data communications network errors account for 'only a tiny percentage' of losses. Furthermore, reliability of evidence derived from computer systems and used at any criminal trial should never be a 'percentage game'.
It has been my experience that, since banks and building societies steadfastly refuse to allow independent experts direct access to their technical personnel, systems, software, audit reports, transaction logs and so on in order to carry out their own non-partisan investigations, it is impossible to come to any forensically sound conclusion on these matters in specific circumstances (which is what counts, generalisations being of little relevance in a given litigation).
The problem of proving an ATM fraud using computer evidenceAny ATM network is merely an example of computer and communications systems for which the difficulties of obtaining undoubted evidence in order to provide convincing forensic proof are well-known.These difficulties arise from, inter alia, the inherent 'untrustedness' of computer systems [1, 2] which can be readily argued on fundamental mathematical and computer design/architectural grounds; the legal consensus which there has historically been that computer evidence is hearsay, not direct, evidence (giving rise to the still current admissibility and certification provisions in criminal trials); and the somewhat arcane nature of computer technology and software systems engineering which can present many pitfalls to the layperson.These difficulties were neatly summed up in Countering Computer Fraud:
'A British Computer Society conference proceedings report points out that the main problems in any fraud investigation involving a computer system is identifying how the fraud occurred in the first place. Very few installations are in a position to give a guarantee that a genuine mistake has not occurred somewhere in the processing. Even where a fraud is certain, the problems of gathering the correct evidence and obtaining a conviction are likely to be too great for an investigator who does not have specialist computer knowledge.'
A more recent illustration of the problem was given in a Financial Times item of October 25, 1996:
'The National Savings Agency is in such a muddle that one account that should have been in credit appeared to be £37m in the red when checked by auditors... The National Audit Office (NAO), the public spending watchdog, said control systems were so bad it was impossible to tell whether a string of mistakes was the result of computer error, human error or fraud.'
Sir John Bourne, auditor-general of the NAO, put it succinctly:
'The absence of a clear trail from the individual customer transactions into the financial accounting systems makes it difficult for management to establish the integrity of financial accounting systems information.'
The defendant's rights and burden of proofA defendant has the right to examine every link in the chain of evidence proffered against him. If the prosecution is properly to set about proving an allegation of ATM fraud against a defendant it must therefore be prepared to provide to defence experts:
'Phantom withdrawal' - terminologyThe term 'phantom withdrawal' or 'phantom transaction' has been used for some time in the ATM and computer evidence fields to describe a variety of possible situations giving rise to the unexplained (or apparently unexplained) computer recording on a customer's cashcard account of a cash withdrawal from a bank's cash machine.
The phrase 'phantom withdrawal', while not being a precise term of art in these fields, is now sufficiently widely used, and well-used, to convey the essence of the matter: a lack of consensus among the interested parties as to either the fact of a cash withdrawal at all, or as to who (or what) was responsible for there being present (or absent) a particular computer or other documentary record of such a withdrawal.
The essential feature of a 'phantom withdrawal', then, is simply that there is a dispute over the details of an ATM transaction as recorded in the relevant banks' computer and/or manual records. A better term for a 'phantom withdrawal' is thus a 'disputed ATM transaction' and this is the terminology which, I suggest, should in future generally be used.
Disputed ATM transaction scenariosA disputed ATM transaction can arise from a number and variety of situations - I have identified at least 14 distinct scenarios, and this is by no means an exhaustive list. Furthermore, the true situation could be a combination of one or more of these scenarios; and in practice it is impossible to know merely by making an inference of a withdrawal of monies from an ATM by reading a computer-produced customer's bank statement (whether or not such an inference is itself disputed) which situation (or combination) is in truth the most likely explanation.
The problem with attempting a sensible, objective, non-partisan analysis of this matter in a particular set of circumstances is that any independent computer professional investigating is necessarily wholly reliant on the banks themselves, and their cashcard customers, for (access to) the source data, the computer systems, and computer and other documentary records relevant to disputed ATM transactions.
In my experience, the banks have been reluctant to divulge to independent computer professionals the source data, design details, computer audit trails and operational circumstances of their ATM networks, and access to the relevant computer software, systems and data communications networks, which are necessary for a thorough, independent analysis of disputed ATM transactions to be carried out .
Use of the better terminology 'disputed ATM transactions' would, I believe, provide a more revealing context for a general acceptance that it is for the banks to prove that the computer records which they seek to adduce as evidence of such transactions do indeed 'tell the truth', beyond any reasonable doubt; and that the process of establishing such proof must always include the willingness to open-up source computer systems and records for independent expert inspection.
Undoubted evidential reliability?In my study on computer evidence for the CCTA  I highlighted the need for computer systems and operational practices properly capable of forensic scrutiny, delivering undoubted evidential reliability. The refusal of ATM network operators to allow objective professional examination of the sources of computer-derived evidence proffered at 'phantom withdrawal'-related trials does nothing to build confidence that they are running systems which meet this essential requirement.
In 1995 the Law Commission issued Consultation Paper Number 138 (Computer Evidence), which deals with S69 of the Police And Criminal Evidence Act 1964 and is an extract from its wider consideration of Evidence in Criminal Proceedings: Hearsay and Related Topics. My response to the Law Commission put forward the somewhat extreme proposal that every criminal trial which seeks to rely on computer evidence should first be a trial of the computer systems from which evidence is to be derived. An edited version of this response has been submitted to appear in a forthcoming issue of the new International Journal of Evidence & Proof. Comments are invited from all concerned computer professionals.
On January 23, 1997 in London, the Law Specialist Group will hold a meeting on Computer Disasters and Software Quality: Specification of Requirements v. Fitness for Purpose? It will take the form of a hearing, with Dr Stephen Castell, Committee Member, as Chairman and a team of lawyers and computer experts appearing for Plaintiff and Defendant in the mythical £2m case The Innocent User Company v. The Powerful Software Suppliers Ltd. The real July 1996 St Albans City and District Council v. ICL Appeal Court precedent will feature; and the question of whether software should be Year 2000-compliant will be discussed.
Prior to forming his own consultancy company , he was for three and a half years Group Management Services Manager for Bremar Holdings Limited, international merchant bankers, where he was also involved in corporate finance and venture capital business.
Dr Castell is well-known for developing businesses in voice telephony (National VoiceNet), data broadcasting (BBC Datacast), satellite communications (BBC Eurocast, BT Shield) and on-line information services (BBC Data, Infolex); and in driving the discussion of the 'legal reliability' of information systems and technologies. As an expert witness in computer litigations he has acted in many cases including the largest computer action to have come to trial in the English High Court. He is the founder of Channel 5 Digital Television plc.
CASTELL 20 Grange Road, Wickham Bishops, Witham, Essex CM8 3LT. Tel: 01621 891776. Fax: 01621 892553. firstname.lastname@example.org
This Issue's Contents