Today, the UK-based National Westminster (NatWest) Bank is emailing multiple customers, asking them to check their debit transactions over the last year.

The email alerts state that due to a system error, many more payments may have been debited from customer accounts than the originally agreed-upon frequency.

In emails sent by NatWest and seen by BleepingComputer, the system malfunction meant that the standing orders (similar to Bill Pay instruction) set up by banking customers over a period of 11 months did not correctly record the number of automated payments that were to be debited, or on what dates should the debits stop.

This means automated payments could have continued to be made from the customer accounts, even after a standing order had expired, costing customers money.

More money could’ve left your bank account

Today, NatWest has emailed multiple customers and urged them to check their bank account for payments debited since 23rd March 2020.

This issue primarily impacts NatWest banking customers who had set up standing orders via Online Banking for making automated payments.

Similar to Bill Pay (in the US), standing orders are used by UK banking customers to set up automated recurring payments for bills, rent, and other debit transactions.

Whereas a Direct Debit can be requested for a customer bank account by any organization (with customer approval), standing orders can only be initiated by the customer themselves.

A standing order typically contains the amount of payment to be debited, the frequency of payments (i.e. weekly, monthly, quarterly, etc.), and when should the payments end.

In emails sent by NatWest today, as seen by BleepingComputer, the bank states that due to a system error that lasted over 11 months, the total number of payments that should be debited or the date when these payments should end was not correctly recorded for standing orders. 

“We’d like to apologise for a mistake we’ve made with standing orders. We can reassure you that it’s now been put right and we’d also like to explain what to do if you’ve been affected.”

“This error affects any standing orders you set up between 23rd March 2020 and 24th February 2021 using Online Banking,” reads the email alert seen by BleepingComputer.

For standing orders initiated between these two dates, the bank failed to properly capture the end date for the order or the total number of (outgoing) payments the customer had requested.

“This means any payments will have continued to be debited from your account unless you cancelled it,” continues the email alert, shown below:

Emails being sent to NatWest banking customers impacted by the flaw
Source: BleepingComputer

Customers urged to check their bank accounts

Although the bank has now fixed the issue, customers who had set up standing orders between the aforementioned dates are urged to check their transactions to see if they have paid someone in excess.

Any standing orders set up after 24th February 2021 should be fine, according to the bank.

“However, it’s worth checking any standing orders you’ve set up before then in case they’ve been paying out for longer than you wanted them to,” advises NatWest.

NatWest Online Banking customers can log in to their account on a computer, and click on the “Cora” chat assistant icon located in the bottom right area of the screen.

The customers can then type the reference code “SO21” in the chat box to connect to a bank representative who can specifically advise on this matter:

natwest cora chat
Customers can log in to their account and quote reference code ‘SO21’ in chat
Source: BleepingComputer

It is unclear how many customers have been impacted by this flaw.

A NatWest support representative confirmed to BleepingComputer that “multiple customers” were affected.

BleepingComputer has reached out to NatWest with some questions and we are awaiting their response.