
Lessons learned
NatWest to ensure the send out mails correctly.
Reader to ensure that they set up minimum payment as default direct debit, that way you never miss a payment (unless you have no bank funds).
NatWest customers should watch out for lost credit card statements as an IT cockup has been blamed for one Register reader getting smacked with a late payment fee. A reader told The Reg how he was fined by NatWest for missing the regular payment on his credit card. The reader, who wishes to remain anonymous, receives his …
Re :- "Reader to ensure that they set up minimum payment as default direct debit, that way you never miss a payment (unless you have no bank funds)."
A standing order would be the better option in the potential "no bank funds" situation as NatWest charge you for a failed direct debit. Just saying like.
"Setup a recurring reminder to pay every month" - it's YOUR responsibility to make the payment, regardless of whether/if you get a statement.
This is why I refused to have electronic statements and insisted on a paper one each month when this first started. For some reason I trust the postal system to deliver something more than the electronic one. It can be hard to pay off a bill if you don't know how much it is,even if you know that it should be due.
Now my habits have changed and I have electronic statements, but then I also log in and check my accounts a lot more so it's obvious when the statement date has passed and the amount payable is clear.
Following must have been set up by a big boy who ran away if they don't use SPF
v=spf1 ip4:155.136.0.0/16 ip4:209.202.164.3 ip4:209.202.164.124 ip4:209.202.164.125 ip4:209.202.164.127 ip4:209.202.164.128 ip4:64.28.91.221 ip4:62.105.122.12 ip4:83.100.142.14 ip4:194.150.182.18 ip4:194.150.182.25 -all
To be fair they may provide the DNS record but not actually use SPF on their own servers. This is how I roll after getting repeatedly bounced by one particular ISP.
That said, there are other questions. Like; do Natwest really send outbound mail from more than 65,000 IPs? Doesn't this make it so broad as to be essentially meaningless?
That said, there are other questions. Like; do Natwest really send outbound mail from more than 65,000 IPs? Doesn't this make it so broad as to be essentially meaningless?
Or someone didn't actually understand how SPF works... Or their network is disorganised enough that it really does have outbound mail servers spread all over the subnet.
> ip4:155.136.0.0/16
According to whois, that's RBS' entire block of IP addresses. It's also only IP addresses that are matched and not DNS records.
The upshot is that any of those ~65,000 IPs can spoof the netwest.com domain.
It could be inferred that this was set up to circumvent other people's SPF implementations...
1) you know you spent money on your Credit/Charge card.
2) You know when your bill is due(approx)
3) you probably have on-line access to the account so that you can see the balance
so there really is no excuse for not paying your bill. Take some responsibility for your own actions.
This will probably get down-voted to hell but the above is really only common sense.
NatWest also offer reminders and alerts by SMS, so even if you haven't had the email or postal statement it acts as a trigger to check your account. Resilience is a great thing when leveraged properly.
NatWest appear to have made a mistake, but as had been said people really need to take some responsibility for themselves (and in fairness to the victim in this case he appears to have accepted his part in the mistake and "The real annoyance was NatWest's refusal to deal with the problem.")
The bloke said:
“The fee itself was a comparatively minor annoyance, but irritating nonetheless as I normally pay off my credit card shortly after receiving the reminder from the online banking system. The real annoyance was NatWest's refusal to deal with the problem.”
So how exactly is he failing to take responsibility? He's holding his hand up to having cocked up by not paying the bill on time, he simply flagged up the problem and used his personal expertise to suggest a resolution for the benefit of similarly scatterbrained other customers. This is commonly known as "being helpful"
If I was this bloke however one thing I would check would be that they'd not flagged it as a late payment on my credit history - this sort of blemish can look bad on mortgage applications, and he'd have a reasonable justification on this occasion for asking them to remove it.
In most of business one receives an invoice and then one pays the bill - it's generally the responsibility of the person wanting the money to send out the invoice.
It would save us a lot of time and effort and bookkeepers if we didn't bother to send out invoices but simply assumed all our customers would remember to send us the money - especially if we were then allowed to charge them for late payment.
And why WOULDN'T they assume that you will send them the money?
If you're old enough to use a credit card you should be old enough to know that if you use it to pay for something you owe the money. Also not unreasonable to assume you're not so thick that you missed the fact that you have a deadline to pay it by every month. I despise banks as much as anyone but why this assumption that you shouldn't be required to think for yourself and take care of your own affairs? (not YOU in the literal sense of course)
And if I could automatically charge a late payment fee to my customers like the banks do. Well I can actually but would they do business with me again?
Or I could take their internet domain I host offline. Tried that once with a substantial long overdue bill and got told I'd acted illegally under some kind of "restraint of trade" legislation.
>> Or I could take their internet domain I host offline. Tried that once with a substantial long overdue bill and got told I'd acted illegally under some kind of "restraint of trade" legislation.
That's the sort of thing tightwads do when you stand up to them - try and frighten you with "the law". You haven't broken any law as long as you've given them reasonable notice and they've not paid for the service. Fairly simple, you provide a service, you send them a bill, they pay the bill. If they don't pay the bill then they are in breach of contract and you are entitled to not provide them with further services until they do.
IIRC What you can't do, and this is contractual rather than the law, is hold their domain name to ransom (if it's UK, dunno about others). Ie if they can find some other sucker to host it then they can transfer it and you can't refuse over the overdue bill.
The "big boys" don't pussy foot around - don't pay the bill and "poof" your domain and the contents of your website are gone. Yes, the domain isn't just suspended, the services will be deconfigured and the web site will be physically deleted from the servers quite quickly.
I've been saying at work that we really need to apply the law on statutory interest on late payments. But the PHB won't even though the ones not paying are, as you'll probably recognise, customers we wouldn't be upset about if they took the hump and took their non-payments elsewhere. Don't see why we should provide free loads to all and sundry.
Anon for obvious reasons.
PS - I'm with the others. You spend the money, you know it's due, and you should have a rough idea when it's due. Though it's easy to overlook such things.
It's a good idea, I learned the benefits of watching my money through (bad) experience.
It's the work of a few minutes to knock together a spreadsheet plotting regular in/out transactions for your account(s), add some estimates for the less regular expenses like food/transport and you can quickly see when/if you're going to end up in the red.
Another useful tip is to make sure you have a no-annual-fee credit card, that doesn't charge interest if you pay off the bills on time. Put as much of your spending as possible on it, and pay just before the due date - online banking makes this easy. Quite a lot of things you might not expect can be paid by credit card actually can be - things like council tax or small (<£1) transactions in larger shops, for example. The basic idea is keep as much balance earning interest in your current account (if it doesn't, change banks) as possible rather than getting spent on debit card or cash transactions.
Also occasionally helpful is buying something on the credit card and returning it, getting the refund on a debit card - I've done this, but only if I was going to be returning something anyway.
> Good advice: my only improvement on that is to get a cashback credit card if you can. You can easily make 3 figures a year just from funnelling payment for things you buy anyway through the card(s).
Oh dear, another one who thinks this money grows on trees.
What really happens is that the CC company screws the merchant via transaction fees, who then increases the price of goods you were buying in the first place to cover it. Nothing banks do is ever designed to actually give you money which they haven't managed to screw out of someone else first.
Personally I'd rather the world banned these "freebies" and actually forced banks to compete on their ability to deliver a banking service, and nothing else, in particular for credit cards where the actual cost is invisible to the punter (and therefore these not-so-freebies actually look "free", unless you understand how the model actually works).
I know how the credit card cashback fee system works, and yes ideally the payment processors wouldn't have us by the short and curlies and charge as much. But until the system changes I'm going to take every opportunity I can to claw back as much as possible from the banks. Better the money ends up back in our pockets than they just keep it!
I know how the credit card cashback fee system works, and yes ideally the payment processors wouldn't have us by the short and curlies and charge as much
Payment processors charge approximately 1p per transaction. You're confusing their fee structure with that of acquiring banks.
What really happens is that the CC company screws the merchant via transaction fees, who then increases the price of goods you were buying in the first place to cover it. Nothing banks do is ever designed to actually give you money which they haven't managed to screw out of someone else first.
Oh dear, another one who thinks that there are no costs to a merchant when handling cash.
Why do you think supermarkets give you cashback for free? It's because the costs they incur storing, auditing and transporting cash outweigh the fees they are charged by their acquiring bank.
As a result, it's in their interests to offload as much cash as they can onto their shoppers before the day ends.
"1) you know you spent money on your Credit/Charge card.
2) You know when your bill is due(approx)
3) you probably have on-line access to the account so that you can see the balance"
...AND if you set up a direct debit with your credit card provider, then if you fail to or decide not to make a manual payment yourself then they will automatically collect the minimum monthly payment.
If he was getting his bill by post and the post was lost he would still be liable to pay a late payment fee, email is not a guaranteed method of delivery and the person should take responsibility for paying their debt on time no matter. A feeble excuse for an obviously feeble person.
Their ISP has most to blame as SPF is just a way to score an email as possible spam, and should not be used by default to block / delete emails, as someone who runs a hosting company myself we never block emails, we only provide spam scores to allow our customers to filter and block emails if they wish based on those scores.
But presumably you do use SPF in this score, so if it fell way below the default for being identified as spam (as in the case of most email providers, there is a default threshold) because the SPF does not match (now, if the SPF record was not there thats one thing, but not matching is a very serious indication something is wrong) then you should block it. I would agree it is a milder problem there being no SPF, but if the domain is setup to have SPF and the mail doesn't come from those IP's then its pretty shoddy to let it through as thats the owner of the domain telling you this isn't a valid email.
Using SPF to block is a no no in my book as as has been shown it often gets broken (especially with complex systems using many sending MTAs) and if you do block then the responsibility lies with you for blocking not with the sender for messing up their spf. SPF should be used to give an indicator of spammy-ness or hammy-ness not an excuse to block emails outright by an ISP and it is then the responsibility of the person receiving to decide if to block or filter or whatever and as such also their responsibility if they block legitimate emails.. Its like saying I sent you a letter, you don't like the look of the envelope and so you binned it without opening it first to read the contents, but it is still my fault.
The whole point of SPF is that the *sender* is declaring what are legit sources for email for the domain they're sending as. Anything else should then be treated as suspicious. I'd say if a party uses SPF then the onus is on them to keep it accurate, not for the recipients to make further speculation in case it might be innacurate in the first place!
And given the high propensity for malware to try to impersonate banks, I'd say binning it was a perfectly sensible action.
I publish an SPF for my domain, but don't use SPF to block incoming mail. My only use for SPF is to fend off backscatter. It lets other domains recognise that the sending address is forged and so can discard undeliverable spam rather than bouncing it. This has benefits for both the target domain and myself and no downsides.
I run Spamassassin, which does a good enough job of spotting spam with the aid of some custom rules that SPF blocking is unnecessary.
In SPF there are two flags ~all or -all The first says, this is soft fail and the latter says BLOCK all mail except from those listed here. Since the SPF record is published by Natwest, it was highly reasonable of us to adhere to their SPF records, especially since so much fraud is done these days pretending to be from banks. In fact, to ignore the records would probably be the worst thing to do because of fraud as this would mean phishing emails would get through even though Natwest are publishing a record..
Jonathan Gilpin
Director
Fluent Ltd
> In SPF there are two flags ~all or -all
There's also ?all, meaning "everything else should be treated as if we hadn't said anything at all". There's also "+all", which is there for orthogonality, but entirely harmful in practice[1].
> it was highly reasonable of us to adhere to their SPF records
Yes. If the domain owner says "this is forged", it's correct to believe it be forged...
Vic.
> Their ISP has most to blame
Not so.
> as SPF is just a way to score an email as possible spam
No it isn't.
SPF has no intentions of being anything to do with spam. SPF is a way for domain owners to make statements about how their mail servers will behave.
If a domain owner says "those servers *there* send mail for me; anything else is a forgery", it is appropriate for any receiving MTA to believe that domain owner, and deal with such stated forgeries as if they were - well, forgeries.
> as someone who runs a hosting company myself
Please tell us which one. I always like to know how much any prospective supplier knows about their field of endeavour.
Vic.
"If he was getting his bill by post and the post was lost he would still be liable to pay a late payment fee, email is not a guaranteed method of delivery and the person should take responsibility for paying their debt on time no matter. A feeble excuse for an obviously feeble person."
Erm no, not really. In business you generally find that if you want payment it is up to you to send an invoice and to make sure that the billed entity gets that invoice. It seems that if you are large enough you can offer a shite service, charge late fees and generally bully your customers because you are in a jolly club of arseholes who all act the same. It is their fault because their actions caused the problem. I'd be asking for an exemption in this case.
>If he was getting his bill by post and the post was lost
But this is the equivalent of them sending out a bill disguised as a leaflet for free dog walking with an official statement on the envelope saying "not from Natwest - we promise" - you might be reasonably expected to throw it in the bin unopened.
"It might help if the staff were trained."
Don't forget Gnatwest are part of Royal Bank of Scotland, so the most likely training would just be three part group wide training in Greed, Dishonesty, and IT incompetence.
The latest set of RBS group writedowns show that they were still lying in the previous set of results about their dodgy lending, we know they were part of the cabal that rigged LIBOR, there's good reason to suspect their Global Restructuring Group is as bent as 3 bob note, they've just set aside ANOTHER £3bn to fund PPI mis-selling, there's half a billion of provisions for mis-selling interest rate swaps to SMEs, £100m for miselading US investors on sub-prime investment products. Then there's the mis-selling of identity theft insurance. Going back further we had the 1980's pension miselling, endowment mortgages....Philip Hampton has already said he'll be asking the shareholders (the poodles at UKFI, presumably) to rubber stamp 200% bonuses for some staff. A cynic might think the only question to ask is "What form of mis-selling or fraud is their bonus for?"
Anybody who has anything to do with RBS or Natwest is voting with their wallet for the crooks who run this operation to be rewarded. If they haven't investigated the new fast account switching service with a view to banking elsewhere then they deserve this kind of service.
Yo Jedit! We've a couple of downvotes apiece. Do you think our comments were too complex to be understood, or is it that there's a couple of banker-huggers around these parts?
If it's the latter we need a witch hunt to catch some bankers, and then treat them to original Spanish Inquisition treatments. Of course, it may be simply that RBS have taken a leaf out of the Young Liberals' Book of Lost Causes, and have got their social media team registering to down vote anti-RBS posts.
Ah, modern technology.
I still continue to ask for, and receive, paper bills whenever possible. Although some companies charge it has saved me a number of similar embarrassment when an email has not arrived. It is also useful to have a recent paper bill when asked for proof of address (as organizations verifying identify have also not yet heard of the paperless office).
My most recent smug moment was when I received a paper bill from Orange informing me that they owed me a couple of quid after I had closed my account. Because I'd closed the account I had no on-line account to access yet apparently the final 'bill' is not determined until a couple of months after the account is closed.
Luddite? No, I call it personal business continuity planning!
If he always pays his account, setup a Direct Debit with the credit card company to take the full amount.
Whitelist the email address of the sender of bill reminders.
Apply a score system to SPF rules, don't block outright, you will loose email.
If your anti-spam service can't provide an interface for you to do the above on your email account, move to one who does.
The only way to tell the difference between a phishing email and a legitimate email from a bank is whether or not the SPF record matches, and whether or not the url in the message is correct. As there is no practical way to get a list of valid urls for each bank, the only way is to look at SPF records.
Am I the only one who thinks this is odd?
On January 10 he received an email response from NatWest’s GIS Technology Services saying they could not act on the DNS problem because he’s an outsider.
So, a well meaning techie spots a problem with their network, and they can't do anything about it because it hasn't gone through the proper channels? I know there are procedures to follow (if only to protect ones own posterior), but he tried to help and you are telling him to do more work to fix your system?!
No, he reports it to you through whatever channel, and it is up to you to ensure the problem is fixed!
"On January 10 he received an email response from NatWest’s GIS Technology Services saying they could not act on the DNS problem because he’s an outsider."
1. Although Natwest technically exists as a legal entity, in reality its only a 'brand' inside RBS's systems.
2. RBS's GIS Technology Services are largely based in India these days.
Nuff said.
Let's guess that any reporting of such incidents is a fax sent to somewhere with the words "there is an error in X". And the hope someone reads the fax. The companies are so large and separate, how does anyone on the inside report a problem to be fed up to the appropriate department, let alone an outsider?
This stands for most companies I've dealt with, and why I stick to an ISP with 5 people in now, so I know I'll not get past around the 250 person call center with "excuses". I'll get through to Dave/Bob/Sue and they will say "yep, I can see that, on to it right away" or "Well, yes it's down, but we've been trying to get our supplier to pull the part out of their... for a week now, sorry". It's not that they can fix the problem, it's that they are honest at the first instance that makes a big difference.
In thirty years of being with Barclaycard I'd never missed a payment and always settled in full. Then one month I recieved a bill with interest on it, the previous statement hadn't arrived. I couldn't prove whether they'd posted it or not and given my payment history I suppose I could have argued the toss with them but I decided to take it on the chin and paid in full. Next month there was more interest, one pound to be exact. I called Barclaycard and apparently it was interest due on the amount between them sending the previous statement and me paying it off. You can see that this will be a never ending circle, it's impossible to pay the bill until you recieve it but they charge interest until you do. Solution, cancel the credit card. To their credit (sorry couldn't help myself) they did offer to waive the pound to get me to stay, not had a credit card since.
No, that makes perfect sense.
You didn't pay your previous bill on time, so you were charged interest from the date of each purchase on your last bill until the payment was made.
You received your bill at a time between the purchases being made, and you paying your bill. All this time interest was being charged.
How was the bill to know when you would pay it? Once it's printed, it's printed. It can't update with what your current interest amount is.
So, the interest on your next bill was the interest accrued between the bill being printed and you paying it off. Had you paid that in full, by the due date, you'd have no further interest on your next bill.
>If you have interest accruing, then it's accruing all the time, not just up until the point that the bill is printed.
Exactly. So the interest is calculated to the statement date (printing of the bill if you like) but until you make a payment further interest is being calculated. You can't catch up, which is why credit card companies love people who don't pay off their bill. If they calculated the interest up to the pay by date there'd be a big scandal about how we're being diddled by them charging interest on the outstanding amount between funds being cleared and the pay by date. People who do pay off the full amount every time really are considered bad customers.
>You received your bill at a time between the purchases being made, and you paying your bill. All this time interest was being charged.
No, I hadn't made any additional purchases. The bill I received was for what I'd paid for on the previous statement plus the interest. The second statement was only interest, I hadn't used the card since before the missing statement.
The interest is charged from the statement date until you make the payment and you can never catch up. The Barclaycard person I spoke to confirmed this. Granted, if you didn't use the card the amount would diminish to zero if you kept paying as soon as you received the bill, but I'm not into playing games.
You had paid the interest up until the date the bill was issued on your last statement. The interest from then until you paid the bill hadn't yet been calculated. The remainder is what you saw on your next bill.
Trust me, I used to work in this sector and I know how it's all calculated. It's all part of your terms and conditions, which is the get-out clause the banks use when what the customer expects doesn't match reality.
Happened to me here in the US as well. In fact, I received a late notice post-marked two weeks before the actual bill. I sent the total balance on the card - less the late payment amount, xeroxes of the cancellation stamps on the envelopes, which included their internal stamp when mailed, the card in pieces, and changed banks. They tried to collect the late payment for six months. I simply sent them copies of the envelopes with cancellations and no money.
Finally a real human called. Our discussion ended when the person admitted that if the customer is lead to expect a regular billing, and does not receive it - and the company insists on the bill stub being returned with the check before they will credit the payment - that if they, for some reason, delay mailing the billing, then despite my agreement to pay on time, I cannot, since THEY set the the "acceptable" conditions for receiving the payment, and they failed to be timely themselves. In this case they told me I was late before they actually sent out the bill. So they forgave the late payment then spent several years trying to lure me back.
Lesson learned: read the fine print. If they insist on conditions that cannot be met unless they fulfill their own responsibilities, as set out by their very own lawyers, before you can make a payment, then it is their problem.
You do understand that NatWest published an SPF record that tells other mail servers that e-mail that is sent from an address that isn't in the SPF record should be considered fake?
NatWest publicly stated that "These are the only addresses that we send e-mail from", and then sent credit card statement from an address that isn't on the list.
Note that SPF records aren't mandatory - NatWest doesn't have to publish one. But of they do publish one, then they are responsible for any problems that are caused by errors in that SPF record.
I've been getting so pissed off at NatWest recently for refusing to take "no" for an answer, instead repeatedly asking me "would you like to turn off paper statements?" every bloody time I log into online banking. This little episode has made me very glad I inconvenienced myself each and every time by clicking no in the sure knowledge the idiots would waste my time with exactly the same question at next login.
HEY NATWEST: I WANT PAPER STATEMENTS IN THE POST. I HAVE MY REASONS, AND THEY'RE NONE OF YOUR BUSINESS. IT'S ONE THING TO TRY TO PUSH EVERYONE ONTO EMAIL STATEMENTS TO SAVE YOUR SHAREHOLDERS MONEY (YES, WE DO KNOW THAT'S WHAT IT'S REALLY ALL ABOUT, NOT SAVING TREES), BUT ANOTHER THING ENTIRELY WHEN YOU CAN'T THEN GET THAT RIGHT AND IT ENDS UP COSTING YOUR CUSTOMERS MONEY AS A CONSEQUENCE.
"the problem could only be fixed if he contacted the business and they would then escalate it." I did back-office tech support for many years, and I would never have left things like this - I would contact the business myself and make sure I'd found the right person. But yes, sadly I did come across this attitude.
I have been going round and round with one of my credit card companies. It appears that they often schedule their statement emails at the same time that my ISP will go dark for maintenance/server moves, etc. When I notice that I am no longer receiving emails from them, I log into my account and try to reactivate email statements. Sometimes it takes a couple of go's to start receiving them again. BTW, spam continues to come in just fine. The company would do well to send out a paper back up copy if they have problems emailing, but then again, late fees are a nice source of income. I've contacted customer service to ask why they don't try to resend mail a few hours later, but my Hindi is non-existant and they can't do anything anyway.
Default debit card payments? That's fine if you work a regular job and receive your paycheck on a regular basis. If you are self-employed, it's often necessary to juggle payments as you receive payments from your customers. Somebody else pointed out that one may wish to make the payment from a different account. I've had the horrible experience of a "bounce cascade" where money didn't get credited to my account on the same day as my deposit and several automatic payments didn't go through and each generated a charge from the bank putting the account further behind. One extra day and everything would have been fine. As it was, I ended up paying out more than double what the payments would have been in fees. The bank was unsympathetic and also could not point to any reason why my deposit wasn't credited promptly as it had done in the past. They just pointed to some fine print and smiled. I settled up the account and closed it that week. A-holes. From that point on, I have not and will not sign up for automatic payments.
I receive statements via email, post and I keep a calendar with payment dates. A few lates and the next time I want an auto loan or a reduction on my credit card interest the answer will be no.
This article is an excellent example of why reactive filtering is something the spammers can live with.
Why don't ANY of the major email providers get serious about breaking the spammers' business models? Imagine an iterative tool that would let you help cut the spammers away from their money. On the automatic side, the system would break the spam into categories that you would confirm on the human side, and after two or three rounds the system would know EXACTLY what the spam was and how to most effectively target the responses. Remember the spammers can't obfuscate beyond the decoding capacity of their human victims, and those victims are certainly not the brightest light bulbs in the barrel of monkeys, so to speak.
If we disrupt ALL of the spammers' infrastructure, pursue ALL of the spammers' accomplices, and protect ALL of the spammer's victims (mostly from themselves), it will not turn the spammers into decent human beings or stop all of the spam. However, it will reduce their profits and cause many or most of them to crawl under less visible rocks.
SPF doesn't block spam... spam is technically "unsolicited commercial email".
If a company sends marketing material that you don't want but their DNS servers are configured with SPF records that correctly associate the originating server with the address that it purports to come from, then it will pass the SPF checks.
What correctly configured SPF does does do is to help to prevent the case where somebody sends mail that is made to look like it comes from a specific domain or email address where in reality it doesn't. This is usually phishing attempts but also helps to block the millions of compromised PCs out there from sending emails directly.
I'm not going to repeat what others above have previously stated is what it's for, and why a hard fail indicates that the mail should be junked automatically (as distinct from a soft fail where it indicates that it might not be valid mail).
Here's an example, from Microsoft even (http://support.microsoft.com/kb/2640313):
For example, a bank needs to control who can send email messages on behalf of the bank, and the email senders' IP addresses come from a narrow set of IP ranges. Because spoofing is common in phishing attacks, the organizations such as banks might use a hard fail in the SPF record.
And this is an example from the company that supplies a huge chunk of business mail exchange servers and for a long time pretended that SPF didn't exist... apparently because it wanted to foist it's own, Microsoft centric, solution on the Internet instead.
I too have a NW credit card. I have not had any missed statement and payment emails from them since I opened the account two years ago. None have been delivered to any SPAM folders.
Plus:
1. I know I have a NW credit card
2. I know there's an outstanding balance on the account because I remember buying stuff with it
3. I know I am responsible for paying that balance
4. A payment has to be made every month the account has such a balance
5. I can log in anytime to my card account and clearly see that balance and the payment due date
6. I have Outlook (or similar on phone/tablet/laptop etc) on my PC
7. I set a recurring reminder to do number 5 every month regardless of any emails from NW
8. I also have a direct debit set up to cover the minimum payment just in case.
if you think NatWest is and at sending (or, rather NOT sending) out paper or electronic bills you should try Virgin Media, they deny ever making a mistake and follow that up by cancelling all notification of aha you owe them and even screw up the website calculator, saying that as you have only just joined them there is no bill to see (when, in reality i have had an account for many, many years)
this conversation is beginning to show light on just why and how this could have happened
So . . . NatWest doesn't use SPF.
A mechanism which has been in use for years, which adds to a company's ability to expedite business while protecting their customers.
A business tactic which NatWest apparently feels is not needed, as they apparently believe their mistakes can be charged to their customers.
The real lesson to be learned here is that customers need to seek out and change to a company which does put the customer first.