CHENNAI: Residents have raised concerns over the city corporation’s online property tax payment portal that throws up details of property owners without an identity verification step. While the portal has made online payments easy for several residents, once the zone and division numbers are entered, keying in any four-digit number throws up the property owner’s details such as name, mobile number, and address. Besides, details of the property such as its usage, occupancy (by owner or tenant), and the extent of the property, tax dues and arrears may also be viewed.
Nizamudeen Razeen, a software professional and a resident of Choolaimedu, said, “I noticed there was no verification process and I tried entering random bill numbers. I could view details of all property owners. The concern is that private information of how big your house is, what property you own, and your personal details are out in the open.”
“Displaying names, mobile numbers, and addresses, accessible by anyone may pave the way for misuse of data,” he added. Mohan Das, a resident of Madipakkam, said the fact that his mobile number was on display, made him uncomfortable. “You would not want your private contact information to be on display,” he said.
Prasanth Sudararajan, a security researcher said while this format might have been designed for ease of use, it also leaves room for exploitation. “Even basic codes will be able to extract details from the site which has happened even with giant corporations that boast of advanced security infrastructure,” he said.
“As an alternative, officials may send verification codes if a user hits more than three bill number searches even if they are valid numbers. By doing this, the ease of use is also retained for several residents and those owning over three properties may use the simple one-step verification process,” he added.
When brought to the notice of the civic body, officials concerned were open to discussion. They said security audits have been done and it has been ensured that bulk extraction of data cannot be done. “We can issue one-time passwords but if there are issues with the mobile service provider, residents in three out of 10 cases in my experience do not receive them and may be unable to pay on time,” said a senior corporation official.
If only registered mobile numbers are given access, senior citizens who may have relatives from different locations paying their taxes may have trouble doing so, he added. “So, we will talk with officials concerned and discuss the possibility of removing mobile numbers from display,” the official said.