Europe Fintech Paytech

School Payments Service WisePay Comes Under Cyber-Attack

Parents who have made payments to UK schools recently via the WisePay service have been told their card details have been compromised due to a hack of the WisePay website.

Around 300 schools have been affected by this scam, as the hacker was able to obtain payment details from between October 2 and 5 via a spoof page. According to the company, a page was modified during the attack so when users clicked to make a payment they were redirected to a legitimate-looking external page controlled by the hacker, from where card details were collected.

However according to WisePay only a small number of parents would have used the system before it was taken offline as the payments made through the site, such as for exam fees and school meals, are not made on a daily basis.

The attack occurred on a Friday night and was noticed the following Monday with the site taken down. It has since come back online with assurances it is now safe to use. WisePay have further advised it does not store any payment information and none of its records had been leaked. In a letter to schools, it has recommended that parents who may have been affected should pause or cancel their credit cards and change their online banking passwords.

Commenting on the news, David Emm, Principal Security Researcher at Kaspersky, said: “The news around school payment services being hit by a cyberattack is yet another reminder of how cybercriminals target all areas of our lives. With most schools now using these services for school meals, trips and other activities, it’s essential that providers conduct regular audits to identify and fix any security issues. Equally, parents using the service should take precautions to minimise the risk of falling victim to fraud on any site where they make purchases. Our advice for guardians would be as follows:

  • Protect any device you use for online transactions with a proven security product, ideally one that includes features to secure online transactions, such as Kaspersky Security Cloud
  • Apply updates to your operating system and applications as soon as they become available
  • Only use official apps for mobile banking
  • Only ever access sites by typing the address into your browser – never go to a website from a link in an email and then enter personal details
  • Always ensure when transacting business online that the URL starts HTTPS (rather than just HTTP) and has the padlock icon
  • Download Kaspersky Safe Kids to also protect your children online.”

WisePay is an online school payments service that allows parents and guardians to make cashless payments to schools and colleges. Beginning operations since 2007, payments for meals, sports activities, exams and any other student fees can be made through its site, facilitating over £500 million in payments by 2017.


  • Polly is a journalist, content creator and general opinion holder from North Wales. She has written for a number of publications, usually hovering around the topics of fintech, tech, lifestyle and body positivity.

Related posts

Third Party Enhancement is Key for PSPs Success Reveals GoCardless

Francis Bignell

SEON: Why Fraud-Fighting Needs To Be Accessible to All

The Fintech Times

Highlights in Fintech in Asia, Europe, the Middle East and Africa: Islamic Finance October 2020

Richie Santosdiaz