List of Log Files
From Phantom
Here follows a list of log files, database and records which may or should be kept by the bank in the course of its operations. Some or all of these could be relevant in resolving a dispute. Banks will keep some of these logs indefinitely, but other records may be automatically deleted or converted to summarised information.
For this reason, if you are involved in a dispute you should think carefully about which records you request, and act quickly to secure their preservation. Sometimes if you are unable initially to get access to the records you demand, you can at least ensure they are preserved, so that they will still exist if subsequent legal action in order to secure their release succeeds.
| Account master file record for customer's account. | This is the definitive and up-to-date record in the bank's systems of the balance held by your customer. Although this is in some senses the most important log a bank keeps, it is not usually revelant to disputes, unless for instance you believe there is an error in the records and none of the disputed withdrawals actually took place at all (or that they were mis-ascribed to the wrong account). |
| Transaction/payment records for the customers's account. | This is the record of movements of money entering and exiting the customers's account. Is the definitive record showing that money was actually taken from his account. Sometimes this is combined with the account master file (i.e. current balance) database system, and sometimes it is separate. |
| Authorisation system logs | This is the record of the bank computer system that approved the hand-over of goods to the client at a merchant, or the dispensing of cash at an ATM, returning its response via the appropriate banking network. The authorisation system checks the PIN which is submitted by the customer at an ATM (and has a database of correct "reference PINs" to check it against), and also verifies and produces "authorisation request and response cryptograms" which are used to verify the authenticity of the chip card during point-of-sale and ATM transactions. The authorisation system may also refer to other systems to check that a client has suitable available funds/credit.
These logs are the crucial logs to understanding a dispute. When requesting these logs, one should ask for logs of sufficient detail to contain (at a minimum):
|
| Settlement system logs | These logs refer to the communication between the bank as an acquirer of merchant point-of-sale transactions, and are the records of the money transferred between merchant and bank at the end of each day or week in order to "settle" the account. These logs will contain "Transaction Certificate (TC) cryptograms" produced by EMV cards during point-of-sale transactions, which can be checked in addition to the ARQC and ARPC from the authorisation systems, to ensure the transaction really is legitimate, did actually take place, and that none of the details have been modified. |
| Customer account activity, including PIN readvice records, change of address records, telephone banking logs, and notes kept on the account | These records keep track of all the activity on the personal details of the customer and on the details of their account, which may change over time. It could show the existence (or lack of existence) of some critical events such as issuance of a PIN reminder (or PIN readvice). An old trick was to change a customer's home address, request a PIN reminder, then change the address back. The customer notices nothing, but their PIN has been revealed to a third party.
General notes (i.e short text notes typed by tellers) are also held on accounts, to serve as records of phone banking, special decisions, requests etc. These should be analysed for background information or to look for any clues to unravel the explanation for the dispute. |
| ATM roll logs
ATM electronic logs ATM settlement logs | For every individual ATM involved in the dispute, there should be either a paper roll log (like an old-fashioned till roll), or an electronic log which lists from the ATM's point of view all of the transactions made. This is important to view to ensure that the transactions did actually take place at the ATMs identified, and to give suitable clock time for their occurrences. The time records in the central authorisation systems may give a different story to the pattern of withdrawals to the clocks on the ATMs. Neither can be guaranteed accurate, but knowing both is important. |
| CCTV footage from ATM-cameras, and from bank lobby/overwatch cameras | Self explanatory. There is nothing more compelling to convince a court of a customers innocence than a video of a total stranger who the customer does not know, using a clearly fake card to make the dispute withdrawal. Likewise (for example) there is nothing more damning that a video of the customer's sibling, son or best friend making the withdrawals on his behalf. |
| Bank Statements | Bank statements are produced by processing the master transaction logs, and are sometimes then stored separately. If a customer does not already have copies of all the statements on his or her account going back to at least a few years before the dispute, these should be requested. Previous account history is invaluable to investigators in understanding the customer's habits and normal transaction pattern. |
