Chennai

User registration, OTP, Captcha must for certificates through Chennai corporation portal

The decision comes in response to a report published by TNIE titled ‘Only date, gender enough for certificates through corporation portal’ on May 4.
A screengrab of the corporation page for downloading birth certificate.
A screengrab of the corporation page for downloading birth certificate.(Photo | Express)
Praveena S A
Updated on
2 min read

CHENNAI: The Greater Chennai Corporation (GCC) has introduced new security features on its official portal for downloading birth and death certificates, effective from Tuesday, following concerns over data privacy and potential misuse of these documents.

The decision comes in response to a report published by TNIE titled ‘Only date, gender enough for birth and death certificates from corporation portal’ on May 4.

The report highlighted the lack of any user authentication in GCC’s portal for downloading these certificates, which practically made it possible for anyone to download others’ certificates, raising serious concern about data privacy, misuse and vulnerability for targeted cyber attacks.

Users can access anyone’s birth and death certificates by simply providing a date of birth and gender, which then lists the certificates of every person matching the date and gender, which can be downloaded with no mechanism to track who is viewing or downloading which certificate.

Even the Captcha used in the portal, a first-level defence to prevent automated bots from using any online system, is also ineffective, as it is in a machine-readable text format that can be copied.

Addressing these concerns, the GCC has mandated user registration, OTP-enabled logins and secured Captcha verification on its portal. Under the new system, users must register by providing their name, mobile number and address. Once registered, they will be directed to log in using their registered mobile number and a one-time password (OTP) sent to their device.

After logging in, users are mandated to enter their date of birth and gender, along with entering a non-machine-readable Captcha.

The system will then display a list of certificates matching the date of birth and gender, from which the relevant document can be downloaded.

With the new changes, although it is still possible for someone to download another person’s certificate, “the system now enables GCC to identify the person responsible in case of any misuse of these documents by tracking the IP address,” GCC Commissioner J Kumaragurubaran said.

New security features

  • User registration

  • OTP-enabled login

  • Secured captcha

  • Log details for certificate downloads

  • GCC can now track downloads, identify the person responsible for potential misuse

Greater Chennai Corporation
certificates
portal

Related Stories

No stories found.

X
Open in App
The New Indian Express
www.newindianexpress.com