A UK childcare voucher scheme has admitted that confidential customer data was briefly left exposed to other users during an upgrade last week, but denied suggestions that any sensitive information leaked as a result. Busy Bees' childcare voucher site has been taken offline following an upgrade that went awry, according to a …
Never been particularly secure
This site has never been much good. I have complained to Busy Bees on numerous occaisions. Before the recent introduction of PINS, it was possible to access anyones account if you could guess their login name (not difficult) and DOB.
Really a shocking application in terms of usabililty, the service it offers, and security. They have been on about upgrading / replacing it for years.
Not remotely surprised
I started using Busy Bees three and a half years ago, and this grotesque abomination of a "website" was in place at that time. It was virtually impossible to use, the delays were such that sessions timed out before you could actually complete a transaction, and the functionality was virtually useless - to make a standing order, for example, one had to give up on the website and phone one of their customer service operators.
As far as I could see, they were a bunch of chavtastic cowboys who'd suddenly spotted an opportunity to make loads of cash by creaming off a percentage of the money passing through thanks to some spectacularly badly thought-out government legislation.
(If I'm not careful, this'll turn into FoTW).
If the government wants to provide tax relief on childcare, then surely even someone as fundamentally divorced from the real world as a civil servant could see that at least one of the ways to administer it is to let me pay the childcare, and to let me claim the tax back at the end of the year in my return. But no, let's invent a whole system of NI reductions and vouchers and middlemen taking a percentage, and while we're at it let's make life harder for the childcare providers by making them have to redeem the bloody vouchers again. Oh, and also while we're at it, let's make the whole system so cumbersome that you have to make long-term contractual commitments to employer, voucher provider and to nursery in order to use these bloody vouchers, thus rendering them utterly useless for ad-hoc childcare.
And Busy Bees make a profit from this disaster while not even bothering to provide a decent interface for me to to manage what is, actually, *my* money.
This is what happens when this nanny-state safety-nazi control-freak government oversteps the mark yet again away from deciding what should happen towards telling us how it should happen...
"We've never had problems before"
Oh yes you have. The Citrix plugin doesn't work at all under Ubuntu, for example. Since I changed my OS at home, I now have to email them with any payment requests, since there's no web based interface available for me. There's nothing technically challenging about the Windows 2000 application that couldn't be translated into a straightforward (but secure) standard web form.
I'll have to agree with Nick Gibbins - the Busy Bees website is by far and away the most badly crafted site I have seen in the fourteen years I've been browsing the web.
I'm an IT professional and quite simply gave up on ever getting their site to work on my home computer. Every single person I know at work who's had to use the site had fought to get it working.
It seems that rather than create a standard secure website, some bright spark figured it would be easier to create a citrix account for every single user, and expect people to manage to traverse the obstacle course of permissions, activex controls and downloads to get the site working properly.
Even when you do have it working, it seems it was never tested on multiple monitors, so you wind up with an application forcibly taking over both screens, with a log in box split across the pair of them.
They've been promising a new version ever since we started using it, and considering our little girl is 2 now, it's been a while...
How this piece of crap wound up as the default voucher scheme around here I'll never know.
They gave all their members remote desktop access to the server? Whoever thought that would be OK should be dragged outside and have their knuckles broken. The bug was not "the result of an update", even if the particular means of getting an open explorer window might have been, it was inherent in the design from day one.
Which Nick was that?
"according to email seen by Griffin"
Oh dear Reg, not every data security hole with someone called "Nick" is about Nasty Nick
I've just grepped the BNP address list and there's no Gibbins in there (couple of gibbons and a few apes maybe)
A really insecure mickey mouse payment system
I agree completely with Nick; the Busy Bees voucher system is a complete mess. It feels like it was put together by some 6th form wannabee systems programmer, when using it. It wasn't very long ago that they introduced a PIN in addition to the convoluted username/password multiple logons, so I suspect it wasn't very secure in the first instance... and currently either!
A while ago, I had trouble paying my childminder using their system, and called up support. After explaining my problem, the support person asked me for my password so she could log on and check if the problem was real! They certainly have procedural security issues there, nevermind about their mickey mouse payment system!
Convoluted doesn't even cover it
We used Busy Bees for a while, I can't believe how anyone was sold the idea that an essentially simple site required some sort of Citrix Metaframe implementation. It's the shoddiest site I've ever had the misfortune of using and presumably someone got paid handsomely to write it.
Eventually had enough of the system, the shoddy support and high management charge (8%+) and moved to Fideliti who offer a better service for a 2.5% management fee and they have a lovely simple PHP app for managing your payments. It's how the world should be. You even get an email confirming your payment was made to the childcare provider. Presumably the Bees system was too complicated to allow this to happen.
So badger your HR departments to switch to Fideliti, you'll pull less hair and and the company will save money.
And if you cynically think I work for Fideliti, think again - I just like to trumpet good service when I get it.
typical government rubbish idea, my previous employer wasn't interested in implementing it when I bought it to their attention, as it seemed like too much hassle and they didn't think there would be that many people who would be interested in it (employed about 200 people). So effectively I couldn't participate, even better my wife who worked for a NHS Trust (at the sharp end) asked them about it and they were 'looking into' the scheme and may introduce it eventually.
I'm now in Canada and here I just add it to my tax claim as others have said a much simpler and cheaper for all alternative.
You have to wonder who paid off the government to introduce this scheme as it seems it's main purpose is to introduce a new form of business that creams money off as it moves around the system.
They promised that the website would be usable
I couldn't believe my eyes at the state of what they had implemented when I first logged on to use my vouchers. After much messing about using Opera and then IE it still didnt work. They suggested I called them so they could process the vouchers manually.
Err my coats got something in the pocket.....
AC so you dont guess my account details!!
The new Busy Bees website is now live
The 'new' site, says:
Welcome to the Employee
Secure Access SSL VPN
Alert: The number of concurrent users signed in to the system has exceeded the system limit. Please inform your system administrator. You can try again in a few minutes.
This site has now been upgraded to work with Microsoft Internet Explorer 7. Please remember to insert an underscore character between your forename and surname in the username field on this screen and to type them in separately on the System Login screen. If prompted to change your password please note that the length should be six characters or more. Please sign in to begin your secure session. Once you have signed in: Parents Can * Review your account * Pay carer * Contact Busy Bees Carers Can * View remittance advice details * Redeem paper vouchers
It looks like the same old convoluted login crap :( (but can't login to comment on the other same crap system :( :( )
Parent Login Area
Please re-enter your User ID and Password/PIN.
The site is up and gives you a login screen now, but they've changed the login method, with no instruction on how to do so! Arrrrgghhhh!
I need to pay my childminder, and they've taken away all the telephone contact numbers if you want to call them to do so instead! Amateurs!