ccording to Greek legend, the almighty Zeus, in revenge for Prometheus' kidnapping of fire, created a box containing all the world's evils and all its hopes. The order never to open the box did not last long. Pandora, lavishly endowed with gifts and beauty, soon marries Prometheus' brother and, shortly after their wedding, opens the box given to her. Whereupon all the evil imprisoned in the box escapes, apparently unable to be recaptured to this day.
Such or similar was the outcome of the questioning of a Wirecard IT director in the Munich-Stadelheim prison courtroom on May 17, 2023. Witness N. was until Wirecrd's insolvency responsible for technology issues at Wirecard Europe and Asia Pacific, working in a Vice-President role (VP). She was one of the first employees at Wirecard, hired in 2005 after a six-month internship there. It was also her first real job at the time. She initially worked as a software developer for Wirecard for a total of 5 years. Quite possible that at least during her initial Wirecard years she worked either with or under Jan Marsalek, who was initially responsible for software development. From 2010 on she worked as a business analyst, two years later as Head of Issuing in the SAP environment, another two years after that she became VP for Technology, from then on responsible for the oversight of Wirecard's IT architectures and systems in Europe and Asia-Pacific.
Witness N. states early on here at court that during her time as VP Technology she reported exclusively to managing director Susanne Steidl. She states she had never had any contact with Jan Marsalek or Dr. Braun, who sits a few meters to her left. Not even via Telegram, which was used as the main internal communication tool for messages and calls - WhatsApp was not allowed at Wirecard.
Things turn out to get interesting when witness N., under questioning by the presiding judge, begins to shed light on Wirecard's IT architectures. Wirecard had few computer servers of its own, the company instead outsourced its data and applications to external service providers. At its Munich headquarters, Nordisk Networks was one of the companies contracted to do this. There were also data centres in Austria and Dubai, some third-party partners in Singapore and Asia had either their own or outsourced data centres. Apparently coinciding with the launch of
Wirecard's own so-called 'Elastic Engine' in early 2019, there was an increase in the use of additional Cloud-Services - that is, outsourced computers that would store not only data but could also run program logic on Wirecard's behalf. Some of these clouds were set up at IT service provider giant Amazon (AWS) in no other location than Toronto, Canada.
However, at the beginning of 2019, Wirecard's then new 'Elastic Engine' platform was introduced, which finally enables a reliable end-to-end assessment of third-party transactions. Accordingly, the scope of the audit was expanded, but due to the high transaction volume of 200 million data lines for December 2019 alone, there was simply not enough time for KPMG to fully review this data set. The good news is that KPMG was still able to publish a preliminary assessment showing that the transaction volumes were consistent with the partner's accounting and were accurately reflected in the financial statements.
"Wirecard Bombs Again" article dated May 4, 2020.
Wirecard's key IT architecture piece, called the 'Elastic Engine', could be replicated to run on a large number of servers. Witness N. states there was at least one request to outsource the entire source code to a third party partner, it came from Jan Marsalek sometime in 2019. The project was abandoned shortly after. Interesting to note is also that after the project was commissioned, an employee named Manoj Sahu was transferred to Toronto at Wirecard's cloud service provider to manage these cloud instances from there. Sahu worked directly under Jan Marsalek and, for the most part, reported only to the fugitive Wirecard COO. This opens up a whole range of at least theoretical possibilities regarding
Wirecard's entanglements with Canada and PaySafe. Since the Elastic Engine can be seen as a software gateway that only distributed money transaction requests for further processing, Wirecard needed a number of additional credit card processing servers and instances, located initially in Dubai and later also in Munich.
Following the discussions about Wirecard's fundamental IT architectures, the court seems to fully open Pandora's box when it displays a few email conversations over the monitor. In a chain of messages from 2018,
Asked if the clearly recognisable FTP addresses and API password keys for retrieving data directly from networked computers would mean anything to her, she denies. The confidential access logins from a few years ago, recognisable for any halfway IT expert here, "don't mean anything" to her.
witness N. asks Toronto whether she could not have a precise overview of the IT architectures of the third-party partners, as well as a general overview of all cloud instances. She was given the following answer:
"White label instances are provided in the cloud, usually for PSPs. White label instances run independently in the cloud, we only provide the technical support".
Another larger one of Pandora's boxes evils is released when the judge throws another email snippet from several years ago onto the court monitor. Asked if the clearly recognisable FTP addresses and API password keys for retrieving data directly from networked computers would mean anything to her, she denies. The confidential access logins from a few years ago, recognisable for any halfway IT expert here,
"don't mean anything" to her. Things turn out even more Pandoric when the judge displays a list of 45 global cloud servers onto the screen. Asked if she was familiar with these servers, she replies, quote,
"no, never heard of them".
Pandora's box still had some surprises at hand when the court asked about the actual transaction volumes on Wirecard's servers. That number was at around 40 million for a good month, the witness replied, a far cry from the forecasted figures for Wirecard's 'Vision 2025' project from 2019. Pullings from Pandora's box continued when statements like
"Bellenhaus is a money machine, he thought it is an effective system to save taxes" were procaimed here at court. Or that a number of Wirecard employees had known for quiet some time that there were literally zero people employed at Card Systems, and since had been asking themselves self-critically for some time already the question
"who is actually making all the money over there ?".
Also exciting were the matters surrounding the oftentimes way too unnoticed,
gigantic Softbank investment into Wirecard from April 2019. Susanne Steidl, management board member and elected as one of the
100 most influential women in the entire German economy in 2018 and 2019 - plus among the most influential top tech women in the same country at the same time - suddenly tumbled into the witness's office and demanded a complete database with all transaction data of the past years, including confidential ones. When the witness inquired that this was not so easy to do and what it was for, Ms. Steidl replied that
"Jan Marsalek needed it for Softbank". After a few weeks, he received the file of about 150 GB on a small hard drive. As if that was not enough, the witness confirmed that a second such data table for all financial transactions was requested from her some time later again by Steidl - with even more detailed information.
It was also stunning to hear the witness explain that at an offshore event in May 2019, the pressing questions of Wirecard's own employees as to who exactly was responsible for the many sales were countered with the Pandora's argument of 'major customers we are not allowed to mention'.
Here in the court room, emails which claim it was allegedly possible to partially extract complete credit card information from these data lists were also read out.
Apparently, the electronic list of some 200 million financial transaction records, handed over to KPMG for their special audit, was only a smaller subset of the two above mentioned Pandora lists. The KPMG data tables contained only 8 to 10 column fields, far too little information to fully track transactions. Because of the large lists and records, the witness called Toronto back then again to receive all the relevant transaction data from their cloud servers. However, a friendly gentleman immediately refused to provide detailed information. He told her she was not allowed to fetch data here and promptly clicked the red button to end the phone conversation.
It was also stunning to hear the witness explain that at an offshore event in May 2019, the pressing questions of Wirecard's own employees as to who exactly was responsible for the many sales were countered with the Pandora's argument of
"major customers we are not allowed to mention". Shortly after, Susanne Steidl, Wirecard's executive board member and formerly elected super-manager for all of Germany, called to restrain from follow-up questions and made it clear that any further discussions of this topic was henceforth forbidden.
The Wirecard VP witness further tells that she had rarely personally experienced any unusual behaviour by the supervisory and executive board members. Except for one time in 2019 or so, when she forgot to pay a parking violation ticket for a company car. CFO von Erffa immediately contacted the witness personally and warned her in a harsh tone to restrain from such behaviour in the future, since unneccessary costs of around 10 Euros had to be paid by Wirecard in her name.
Dr. Braun finished the day by asking a few questions, also about the low transaction figures, which were in fact net bookings related only to Europe and Asia-Pacific. Project Aslam was apparently not included in the transcations at all, which accounted for an additional 20 to 30 billion. Furthermore, the figures she presented were only for 4 of the 11 countries Wirecard was doing business in. When Dr. Braun asked how many acquirers were actually connected to the Payment Engine in 2019, the witness was unable to provide an answer.
One company name kept popping up in all the discussions and questions, including in those of Dr. Braun: One Stop Money Manager.
Apparently, one of the very last evils in Pandora's box.