Urgent warning to parents after criminals hack remote payment service used by 300 schools

Wisepay managing director Richard Grazier told BBC News : "It's quite a small subset of users of the platform."

He explained that was because cashless payments covering things like exam fees and school meals are not made on a daily baisis.

The attack started on Friday night and was noticed on the following Monday morning at 10am.

Grazier said at that point Wisepay took its website down to protect parents until they could resolve the problem.

The hacker found a "backdoor" into the system and modified a page so when parents clicked to make a payment, they were redirected to a fake page instead.

This let hackers steal card details as they were entered. Wisepay doesn't store details on its site, so only people who made payments during the period it was vulnerable are at risk.

In a letter to schools, Wisepay recommended parents who thought they might have been affected pause or cancel their cards and change online banking passwords.

Attila Tomaschek, digital privacy expert at ProPrivacy, said: "These types of attacks can be incredibly difficult to detect, and therefore, avoid.

"Those entering their credit card information into a compromised payment page would really have no idea that they were handing their card details over to cybercriminals because these malicious payment pages are designed to appear perfectly legitimate.

"While the responsibility to maintain secure payment pages obviously resides with the merchant, consumers can protect themselves by keeping a close, continuous eye on their credit reports and bank account statements and refraining from clicking on dodgy links or entering sensitive information onto any online form that seems off or compromised in any way."