back to article NatWest 'spam' email cockup got me slapped with late payment fee, says angry Reg reader

NatWest customers should watch out for lost credit card statements as an IT cockup has been blamed for one Register reader getting smacked with a late payment fee. A reader told The Reg how he was fined by NatWest for missing the regular payment on his credit card. The reader, who wishes to remain anonymous, receives his …

COMMENTS

This topic is closed for new posts.

Page:

Silver badge

Lessons learned

NatWest to ensure the send out mails correctly.

Reader to ensure that they set up minimum payment as default direct debit, that way you never miss a payment (unless you have no bank funds).

17
2
Anonymous Coward

Re: Lessons learned

and if you outsource all of your IT then no-one has a clue what is going on or why.

8
0
Bronze badge

Re: Lessons learned

and the other lesson learned:

"Setup a recurring reminder to pay every month" - it's YOUR responsibility to make the payment, regardless of whether/if you get a statement.

8
2
Silver badge

Re: Lessons learned

"Setup a recurring reminder to pay every month" - it's YOUR responsibility to make the payment, regardless of whether/if you get a statement.

This is why I refused to have electronic statements and insisted on a paper one each month when this first started. For some reason I trust the postal system to deliver something more than the electronic one. It can be hard to pay off a bill if you don't know how much it is,even if you know that it should be due.

Now my habits have changed and I have electronic statements, but then I also log in and check my accounts a lot more so it's obvious when the statement date has passed and the amount payable is clear.

7
0
Bronze badge

Re: Lessons learned

Re :- "Reader to ensure that they set up minimum payment as default direct debit, that way you never miss a payment (unless you have no bank funds)."

A standing order would be the better option in the potential "no bank funds" situation as NatWest charge you for a failed direct debit. Just saying like.

1
0

Re: Lessons learned

Halifax charge £10 for failed Standing orders too.

One month I knew the money was low so paid directly from another account. Halifax took, returned and charged for to SO anyway. I should have cancelled the whole order apparently.

1
1

Re: Lessons learned

The postal system is also unreliable, and i have had various things not turn up over the years...

But the fact is you know your bill is due every month, so if you don't receive a statement you should have noticed this and contacted the bank to find out why.

1
1
Silver badge

Re: Lessons learned

Dont you get a mark on your credit file for missing payments? Its all automated too.

1
0

SPF natwest.com

Following must have been set up by a big boy who ran away if they don't use SPF

v=spf1 ip4:155.136.0.0/16 ip4:209.202.164.3 ip4:209.202.164.124 ip4:209.202.164.125 ip4:209.202.164.127 ip4:209.202.164.128 ip4:64.28.91.221 ip4:62.105.122.12 ip4:83.100.142.14 ip4:194.150.182.18 ip4:194.150.182.25 -all

15
0
Silver badge

Re: SPF natwest.com

>set up by a big boy

No, they were lying. It is what businesses do now when caught out.

23
0
Silver badge
Meh

Re: No, they were lying.

Thanks for clearing that up. No really, well done.

0
7
Anonymous Coward

Re: SPF natwest.com

To be fair they may provide the DNS record but not actually use SPF on their own servers. This is how I roll after getting repeatedly bounced by one particular ISP.

That said, there are other questions. Like; do Natwest really send outbound mail from more than 65,000 IPs? Doesn't this make it so broad as to be essentially meaningless?

0
0
Silver badge

Re: SPF natwest.com

That said, there are other questions. Like; do Natwest really send outbound mail from more than 65,000 IPs? Doesn't this make it so broad as to be essentially meaningless?

Or someone didn't actually understand how SPF works... Or their network is disorganised enough that it really does have outbound mail servers spread all over the subnet.

0
0
Vic
Silver badge

Re: SPF natwest.com

> v=spf1 ip4:155.136.0.0/16

Ewwwww...

Vic.

1
0
Bronze badge

Re: SPF natwest.com

To be honest, given the number of spam emails sent out in banks names you would think they would be a bit more supportive of SPF and other such anti spam methods.

7
0
Anonymous Coward

Re: SPF natwest.com

> ip4:155.136.0.0/16

According to whois, that's RBS' entire block of IP addresses. It's also only IP addresses that are matched and not DNS records.

The upshot is that any of those ~65,000 IPs can spoof the netwest.com domain.

It could be inferred that this was set up to circumvent other people's SPF implementations...

0
0
Anonymous Coward

more lessons

1) you know you spent money on your Credit/Charge card.

2) You know when your bill is due(approx)

3) you probably have on-line access to the account so that you can see the balance

so there really is no excuse for not paying your bill. Take some responsibility for your own actions.

This will probably get down-voted to hell but the above is really only common sense.

65
9
Anonymous Coward

Re: more lessons

"common sense" so true, have an upvote.

8
5
Silver badge

Re: more lessons

NatWest also offer reminders and alerts by SMS, so even if you haven't had the email or postal statement it acts as a trigger to check your account. Resilience is a great thing when leveraged properly.

NatWest appear to have made a mistake, but as had been said people really need to take some responsibility for themselves (and in fairness to the victim in this case he appears to have accepted his part in the mistake and "The real annoyance was NatWest's refusal to deal with the problem.")

5
4
Silver badge

Re: Resilience is a great thing when leveraged properly.

Resilience is a great thing when used properly. FTFY.

4
0

Re: more lessons

It's a good idea, I learned the benefits of watching my money through (bad) experience.

It's the work of a few minutes to knock together a spreadsheet plotting regular in/out transactions for your account(s), add some estimates for the less regular expenses like food/transport and you can quickly see when/if you're going to end up in the red.

Another useful tip is to make sure you have a no-annual-fee credit card, that doesn't charge interest if you pay off the bills on time. Put as much of your spending as possible on it, and pay just before the due date - online banking makes this easy. Quite a lot of things you might not expect can be paid by credit card actually can be - things like council tax or small (<£1) transactions in larger shops, for example. The basic idea is keep as much balance earning interest in your current account (if it doesn't, change banks) as possible rather than getting spent on debit card or cash transactions.

Also occasionally helpful is buying something on the credit card and returning it, getting the refund on a debit card - I've done this, but only if I was going to be returning something anyway.

1
1
Thumb Down

Re: more lessons

The bloke said:

“The fee itself was a comparatively minor annoyance, but irritating nonetheless as I normally pay off my credit card shortly after receiving the reminder from the online banking system. The real annoyance was NatWest's refusal to deal with the problem.”

So how exactly is he failing to take responsibility? He's holding his hand up to having cocked up by not paying the bill on time, he simply flagged up the problem and used his personal expertise to suggest a resolution for the benefit of similarly scatterbrained other customers. This is commonly known as "being helpful"

If I was this bloke however one thing I would check would be that they'd not flagged it as a late payment on my credit history - this sort of blemish can look bad on mortgage applications, and he'd have a reasonable justification on this occasion for asking them to remove it.

17
2
Bronze badge
FAIL

Re: more lessons

Or (or possibly and?) set up a reminder in your electronic calendar of choice (Outlook, Gmail, iPhone, etc). I have.

0
0
Anonymous Coward

Re: more lessons

"1) you know you spent money on your Credit/Charge card.

2) You know when your bill is due(approx)

3) you probably have on-line access to the account so that you can see the balance"

...AND if you set up a direct debit with your credit card provider, then if you fail to or decide not to make a manual payment yourself then they will automatically collect the minimum monthly payment.

1
1
Anonymous Coward

Re: more lessons

Good advice: my only improvement on that is to get a cashback credit card if you can. You can easily make 3 figures a year just from funnelling payment for things you buy anyway through the card(s).

1
1
Silver badge

Re: more lessons

In most of business one receives an invoice and then one pays the bill - it's generally the responsibility of the person wanting the money to send out the invoice.

It would save us a lot of time and effort and bookkeepers if we didn't bother to send out invoices but simply assumed all our customers would remember to send us the money - especially if we were then allowed to charge them for late payment.

9
4

Re: more lessons

> Good advice: my only improvement on that is to get a cashback credit card if you can. You can easily make 3 figures a year just from funnelling payment for things you buy anyway through the card(s).

Oh dear, another one who thinks this money grows on trees.

What really happens is that the CC company screws the merchant via transaction fees, who then increases the price of goods you were buying in the first place to cover it. Nothing banks do is ever designed to actually give you money which they haven't managed to screw out of someone else first.

Personally I'd rather the world banned these "freebies" and actually forced banks to compete on their ability to deliver a banking service, and nothing else, in particular for credit cards where the actual cost is invisible to the punter (and therefore these not-so-freebies actually look "free", unless you understand how the model actually works).

3
1
Anonymous Coward

Re: more lessons

I know how the credit card cashback fee system works, and yes ideally the payment processors wouldn't have us by the short and curlies and charge as much. But until the system changes I'm going to take every opportunity I can to claw back as much as possible from the banks. Better the money ends up back in our pockets than they just keep it!

3
0
Anonymous Coward

@ Yet Another Anonymous coward

And why WOULDN'T they assume that you will send them the money?

If you're old enough to use a credit card you should be old enough to know that if you use it to pay for something you owe the money. Also not unreasonable to assume you're not so thick that you missed the fact that you have a deadline to pay it by every month. I despise banks as much as anyone but why this assumption that you shouldn't be required to think for yourself and take care of your own affairs? (not YOU in the literal sense of course)

0
1
Anonymous Coward

Re: more lessons

And if I could automatically charge a late payment fee to my customers like the banks do. Well I can actually but would they do business with me again?

Or I could take their internet domain I host offline. Tried that once with a substantial long overdue bill and got told I'd acted illegally under some kind of "restraint of trade" legislation.

0
0

Re: more lessons

What really happens is that the CC company screws the merchant via transaction fees, who then increases the price of goods you were buying in the first place to cover it. Nothing banks do is ever designed to actually give you money which they haven't managed to screw out of someone else first.

Oh dear, another one who thinks that there are no costs to a merchant when handling cash.

Why do you think supermarkets give you cashback for free? It's because the costs they incur storing, auditing and transporting cash outweigh the fees they are charged by their acquiring bank.

As a result, it's in their interests to offload as much cash as they can onto their shoppers before the day ends.

0
0

Re: more lessons

I know how the credit card cashback fee system works, and yes ideally the payment processors wouldn't have us by the short and curlies and charge as much

Payment processors charge approximately 1p per transaction. You're confusing their fee structure with that of acquiring banks.

0
0

Re: more lessons

Just out of curiosity, what interest rate are you getting on your banked funds?

0
0
Anonymous Coward

Re: more lessons

>> Or I could take their internet domain I host offline. Tried that once with a substantial long overdue bill and got told I'd acted illegally under some kind of "restraint of trade" legislation.

That's the sort of thing tightwads do when you stand up to them - try and frighten you with "the law". You haven't broken any law as long as you've given them reasonable notice and they've not paid for the service. Fairly simple, you provide a service, you send them a bill, they pay the bill. If they don't pay the bill then they are in breach of contract and you are entitled to not provide them with further services until they do.

IIRC What you can't do, and this is contractual rather than the law, is hold their domain name to ransom (if it's UK, dunno about others). Ie if they can find some other sucker to host it then they can transfer it and you can't refuse over the overdue bill.

The "big boys" don't pussy foot around - don't pay the bill and "poof" your domain and the contents of your website are gone. Yes, the domain isn't just suspended, the services will be deconfigured and the web site will be physically deleted from the servers quite quickly.

I've been saying at work that we really need to apply the law on statutory interest on late payments. But the PHB won't even though the ones not paying are, as you'll probably recognise, customers we wouldn't be upset about if they took the hump and took their non-payments elsewhere. Don't see why we should provide free loads to all and sundry.

Anon for obvious reasons.

PS - I'm with the others. You spend the money, you know it's due, and you should have a rough idea when it's due. Though it's easy to overlook such things.

1
0
Anonymous Coward

>The real annoyance was NatWest's refusal to deal with the problem

What did he expect from a bank?

16
0
Bronze badge
Joke

Re:What did he expect from a bank?

Customer service?

4
0
Anonymous Coward

Re: Re:What did he expect from a bank?

Customer "service"

"Service" as with a bull to a cow...

12
0
Silver badge

Re: Re:What did he expect from a bank?

That would be nice, but this is Natwest we're talking about here. The one that the "cough in your face and tell the customer that the 'computer said no'" sketch was almost certainly based on.

0
0

The ISP is to blame not the sender

If he was getting his bill by post and the post was lost he would still be liable to pay a late payment fee, email is not a guaranteed method of delivery and the person should take responsibility for paying their debt on time no matter. A feeble excuse for an obviously feeble person.

Their ISP has most to blame as SPF is just a way to score an email as possible spam, and should not be used by default to block / delete emails, as someone who runs a hosting company myself we never block emails, we only provide spam scores to allow our customers to filter and block emails if they wish based on those scores.

11
18
Silver badge

Re: The ISP is to blame not the sender

It's fair enough to say that an ISP shouldn't block email if the purported sender's domain doesn't publish an SPF. But if they do publish an SPF, and the email's originating IP address doesn't match, then it's entirely reasonable to block it.

25
0
Bronze badge

Re: The ISP is to blame not the sender

But presumably you do use SPF in this score, so if it fell way below the default for being identified as spam (as in the case of most email providers, there is a default threshold) because the SPF does not match (now, if the SPF record was not there thats one thing, but not matching is a very serious indication something is wrong) then you should block it. I would agree it is a milder problem there being no SPF, but if the domain is setup to have SPF and the mail doesn't come from those IP's then its pretty shoddy to let it through as thats the owner of the domain telling you this isn't a valid email.

5
0

Re: The ISP is to blame not the sender

Using SPF to block is a no no in my book as as has been shown it often gets broken (especially with complex systems using many sending MTAs) and if you do block then the responsibility lies with you for blocking not with the sender for messing up their spf. SPF should be used to give an indicator of spammy-ness or hammy-ness not an excuse to block emails outright by an ISP and it is then the responsibility of the person receiving to decide if to block or filter or whatever and as such also their responsibility if they block legitimate emails.. Its like saying I sent you a letter, you don't like the look of the envelope and so you binned it without opening it first to read the contents, but it is still my fault.

1
14
Silver badge

Re: The ISP is to blame not the sender

If Natwest has an SPF record for their domain, and an email arrives from outside the permitted range of addresses, then it is perfectly reasonable to assume it is a phishing email, of which there are many, and refuse to accept delivery of it.

13
0
Bronze badge
Thumb Down

Re: The ISP is to blame not the sender

The whole point of SPF is that the *sender* is declaring what are legit sources for email for the domain they're sending as. Anything else should then be treated as suspicious. I'd say if a party uses SPF then the onus is on them to keep it accurate, not for the recipients to make further speculation in case it might be innacurate in the first place!

And given the high propensity for malware to try to impersonate banks, I'd say binning it was a perfectly sensible action.

14
0

Re: The ISP is to blame not the sender

I publish an SPF for my domain, but don't use SPF to block incoming mail. My only use for SPF is to fend off backscatter. It lets other domains recognise that the sending address is forged and so can discard undeliverable spam rather than bouncing it. This has benefits for both the target domain and myself and no downsides.

I run Spamassassin, which does a good enough job of spotting spam with the aid of some custom rules that SPF blocking is unnecessary.

0
1
Vic
Silver badge

Re: The ISP is to blame not the sender

> Their ISP has most to blame

Not so.

> as SPF is just a way to score an email as possible spam

No it isn't.

SPF has no intentions of being anything to do with spam. SPF is a way for domain owners to make statements about how their mail servers will behave.

If a domain owner says "those servers *there* send mail for me; anything else is a forgery", it is appropriate for any receiving MTA to believe that domain owner, and deal with such stated forgeries as if they were - well, forgeries.

> as someone who runs a hosting company myself

Please tell us which one. I always like to know how much any prospective supplier knows about their field of endeavour.

Vic.

9
0
Anonymous Coward

Re: The ISP is to blame not the sender

"If he was getting his bill by post and the post was lost he would still be liable to pay a late payment fee, email is not a guaranteed method of delivery and the person should take responsibility for paying their debt on time no matter. A feeble excuse for an obviously feeble person."

Erm no, not really. In business you generally find that if you want payment it is up to you to send an invoice and to make sure that the billed entity gets that invoice. It seems that if you are large enough you can offer a shite service, charge late fees and generally bully your customers because you are in a jolly club of arseholes who all act the same. It is their fault because their actions caused the problem. I'd be asking for an exemption in this case.

4
0

Re: The ISP is to blame not the sender

In SPF there are two flags ~all or -all The first says, this is soft fail and the latter says BLOCK all mail except from those listed here. Since the SPF record is published by Natwest, it was highly reasonable of us to adhere to their SPF records, especially since so much fraud is done these days pretending to be from banks. In fact, to ignore the records would probably be the worst thing to do because of fraud as this would mean phishing emails would get through even though Natwest are publishing a record..

Jonathan Gilpin

Director

Fluent Ltd

13
0
Vic
Silver badge

Re: The ISP is to blame not the sender

> In SPF there are two flags ~all or -all

There's also ?all, meaning "everything else should be treated as if we hadn't said anything at all". There's also "+all", which is there for orthogonality, but entirely harmful in practice[1].

> it was highly reasonable of us to adhere to their SPF records

Yes. If the domain owner says "this is forged", it's correct to believe it be forged...

Vic.

2
0
Silver badge

Re: The ISP is to blame not the sender

>If he was getting his bill by post and the post was lost

But this is the equivalent of them sending out a bill disguised as a leaflet for free dog walking with an official statement on the envelope saying "not from Natwest - we promise" - you might be reasonably expected to throw it in the bin unopened.

6
0

Page:

This topic is closed for new posts.

Forums