STOCK MARKET BSE NSE

Tax payment site raises data privacy concerns

Random search throws up personal details, corpn claims bulk data theft not possible

Published: 12th October 2021 07:03 AM  |   Last Updated: 12th October 2021 07:03 AM   |  A+A-

Hacking, Cyber Crime, Spyware

Representational Image

Express News Service

CHENNAI: Residents have raised concerns over the city corporation’s online property tax payment portal that throws up details of property owners without an identity verification step. While the portal has made online payments easy for several residents, once the zone and division numbers are entered, keying in any four-digit number throws up the property owner’s details such as name, mobile number, and address. Besides, details of the property such as its usage, occupancy (by owner or tenant), and the extent of the property, tax dues and arrears may also be viewed.

EXPRESS ILLUSTRATION

Nizamudeen Razeen, a software professional and a resident of Choolaimedu, said, “I noticed there was no verification process and I tried entering random bill numbers. I could view details of all property owners. The concern is that private information of how big your house is, what property you own, and your personal details are out in the open.”

“Displaying names, mobile numbers, and addresses, accessible by anyone may pave the way for misuse of data,” he added. Mohan Das, a resident of Madipakkam, said the fact that his mobile number was on display, made him uncomfortable. “You would not want your private contact information to be on display,” he said.

Prasanth Sudararajan, a security researcher said while this format might have been designed for ease of use, it also leaves room for exploitation. “Even basic codes will be able to extract details from the site which has happened even with giant corporations that boast of advanced security infrastructure,” he said.
“As an alternative, officials may send verification codes if a user hits more than three bill number searches even if they are valid numbers. By doing this, the ease of use is also retained for several residents and those owning over three properties may use the simple one-step verification process,” he added.

When brought to the notice of the civic body, officials concerned were open to discussion. They said security audits have been done and it has been ensured that bulk extraction of data cannot be done. “We can issue one-time passwords but if there are issues with the mobile service provider, residents in three out of 10 cases in my experience do not receive them and may be unable to pay on time,” said a senior corporation official.

If only registered mobile numbers are given access, senior citizens who may have relatives from different locations paying their taxes may have trouble doing so, he added. “So, we will talk with officials concerned and discuss the possibility of removing mobile numbers from display,” the official said.



Comments

Disclaimer : We respect your thoughts and views! But we need to be judicious while moderating your comments. All the comments will be moderated by the newindianexpress.com editorial. Abstain from posting comments that are obscene, defamatory or inflammatory, and do not indulge in personal attacks. Try to avoid outside hyperlinks inside the comment. Help us delete comments that do not follow these guidelines.

The views expressed in comments published on newindianexpress.com are those of the comment writers alone. They do not represent the views or opinions of newindianexpress.com or its staff, nor do they represent the views or opinions of The New Indian Express Group, or any entity of, or affiliated with, The New Indian Express Group. newindianexpress.com reserves the right to take any or all comments down at any time.

flipboard facebook twitter whatsapp