back to article Wisepay 'outage' is actually the school meal payments biz trying to stop an intruder from stealing customer card details

UK cashless school payments firm Wisepay has pulled its website offline after spotting a miscreant trying to spoof its card payment page. The Hampshire-based company, which bills itself as "allowing parents and guardians to make cashless payments to their [children's] school or college", said its website was "down for …

  1. Pascal Monett Silver badge
    FAIL

    "a URL manipulation attempt"

    . . . is only a danger if you coded your URLs stupidly enough that they can be manipulated.

    Alternate payment methods ? After reading of your incompetence I will surely look for that.

    1. Ben Tasker

      Re: "a URL manipulation attempt"

      Alternates?

      Much like School uniform, you're generally having a laugh - there's one supplier chosen by the school (or more likely, the LEA) and you need to use that.

      1. Zuccster

        Re: "a URL manipulation attempt"

        LEA? Not likely. It'll be the MAT. A 'business' decision by people accountable to no-one?

      2. hoola Silver badge

        Re: "a URL manipulation attempt"

        The LEA has almost nothing to do with schools now that so many have changed to academies. The fact that overall it is costing more to run education whilst not actually giving any tangible improvements is typical of everything to do with there "Academy Trusts".

        There are armies of highly paid executives, executive heads, business managers and all the accoutrements that go to support them doing little for education.

        The high school my kids went to moved from an ID card that also contained the cashless payment token to a bonkers biometric system that made things worse. It was slower because the readers did not work and everything was held in some dodgy cloud service.

        1. Yet Another Anonymous coward Silver badge

          Re: "a URL manipulation attempt"

          But academies are above average - so if we make all schools academies then all will be above average.

          Brought to you from the dept of: "cabinet members aren't idiots so if we put Chris Grayling in the cabinet he will cease to be an idiot"

    2. Roland6 Silver badge

      Re: "a URL manipulation attempt"

      >Alternate payment methods ?

      Cash...

      Interesting to see that El BBC references El Reg but also indicate that this might be another Magecart

      hack.

      https://www.bbc.co.uk/news/technology-54465359

  2. Zuccster
    FAIL

    Plain text passwords

    Can't say I'm surprised. Their approach to security has always been... laissez faire. Until recently they were sending account passwords via email.

    1. The Boojum

      Re: Plain text passwords

      I think this is a problem with a good number of Education Software / Service providers. I've sent more than a couple of emails querying their security after I received emails confirming my ID and password. Funnily enough they are all 'just about to upgrade their security systems'. So I just take even more precautions than normal in setting up the account.

  3. Graham 32

    "investigating alternative payment methods" I suggest using the nationwide token-based system bearing pictures of the Queen.

    I hope kids aren't forced to use cashless these days. It sounds like a sneaky attempt to shut down the local sweet shop.

    Oh, and they probably cry "you can't use contaminated cash in these uncertain/challenging/difficult times".

    1. Ken Hagan Gold badge

      Kids *are* forced to use cashless these days and have been for many years.

      On the plus side, it means the money gets spent on what the parents dished it out for, and gets spent by the child it was given to. On the minus side, kids are taught from a young age that biometrics are both secure enough for financial purposes *and* something that you should just hand over to anyone who asks.

      Regarding cash, I have cash in my wallet that pre-dates Covid and I suspect I'd get accusatory looks if I tried to use it, so "yes" to that one.

      1. Yet Another Anonymous coward Silver badge

        And it means that cyber bulliesin North Korea can steal your lunch money

    2. agurney

      One advantage of the cashless system is that all youngsters use the same method - there is no distinction between subsidised/free/paid which (in theory) removes the stigma associated with being seen to have free school meals.

    3. tfewster
      Childcatcher

      Wisepay should top up any empty accounts and recover the money later. It's their fuckup, parents* are the victims, and "find alternative methods" is just adding insult to injury.

      * Oh yeah, and their kids.

    4. joner847

      The usage of these school payment systems pre-dates the current Pandemic by some years (the schools my children go to, started using these systems 3 years ago)! So there isn't really any conspiracy regarding cashless being a method of "control" during the pandemic (starting to get tiring now!) or a means to close local business (why would a school do that anyway??); on the contrary the local sweet shop here is still alive and well!!

      Even though parents no longer give their little darlings any dinner money it doesn't stop children from spending their pocket money in the local area.

      As a parent it is convenient means to admin and monitor all school activity (I get notices, progress and other relevant teacher/parent comms)...plus pay for stuff like school trips (not there's been much of that recently) and lunches; meaning that these are pre-ordered and paid for in advance, so my kiddies can eat without the arse ache of forgetting their dinner money, the catering company can also effectively plan ahead to reduce food wastage.

      1. Anonymous Coward
        Anonymous Coward

        I did not suggest they switched to card because of the pandemic. I was saying the obvious alternative is currently frowned upon because of the pandemic. So I reject your "tiring" comment.

        Re last paragraph: what happens if the child forgets their card? Or the parents forget to top it up? I used to work somewhere that had a fancy card system for paying in the work canteen. It seemed all futuristic at the time and cool... until they stopped accepting cash. Trying to buy lunch and finding the card was 10p short was a major pain. Leave your lunch getting cold at the till, go out to the corridor, wait in a queue to get to one of the machines, feed cash or a bank card into the machine to top up the canteen card, go back and pay for a now cold lunch. A major ball ache. I'm trying to imagine the equivalent where I don't even have the ability to top up because I'm a kid without my own money. It would really suck. And asking a friend to lend me a pound ain't gonna work either.

        1. Was-a-tech-now-a-manager

          The School have a duty of care to feed children. If the account isn't topped up (the same as a parent not giving the kids cash or the kid loosing cash) the School will feed the child regardless. As an aside kids can enter coins/notes onto their accounts at a box on the wall.

          The only downside I see to this system is the smaller kids may get fatter as they are not running away from bigger kids trying to steal their coins. Man I did a lot of running at School

        2. Anonymous Coward
          Anonymous Coward

          Having free meals on the card also ensures that students have the opportunity to buy food. In the days of EMA (for 16+ kids), before we went cashless, some parents would come in to escort their child to a cashpoint, leaving them without money for food (we fed the child but told them not to say).

          There are many options to ensure students don't run out of money, including a weekly direct debit. We allow a small negative balance for children and the manual adjustment by canteen manager for staff (so 10p we would wave unless the person was annoying ... not saying that's why you were asked to find the money).

          A card also allows us to flag any medical problems, so a learner buying something with nuts that has an allergy will be flagged, rare as this may be.

          It also allows us to monitor learners with eating disorders and report to parents if we get complaints learners are not eating properly. You need to remember breakfast and lunch in school may well be the main (indeed only) meals a child may get for the day, so the ability to check nutrition is important, a day of junk is fine but 2 weeks solid is a sign.

          Another reason for not having cash payments is it's cheaper, no need to get security firm in to collect the cash, not to mention the counting to make the tills balance (even after the cut from the card companies). Those without ability to pay online, can have payments made in cash at the school that will top up the system.

          Fortunately most children and parents seem to be able to manage having enough money on their cards, even if it was a struggle for you.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like