Tax payers are having a tough time remitting the Bruhat Bengaluru Mahanagara Palike (BBMP) property tax as the Palike's website lacks security for online transactions.
The Palike is yet to renew the site's security certificate which expired on April 2, putting the citizen's property details and banking data at risk.
Less than a week after the BBMP claimed there were no bugs in the online system, citizens have been facing problems.
The website 'bbmptax.karnataka.gov.in' is not secure according to Google, which sends out a waring which reads: "You should not enter any sensitive information on this site (for example passwords, or credit cards), because it could be stolen by attackers."
P T Bopanna, a city-based writer who tried to pay tax online, received a message saying the transaction has failed. Though money was debited from his account, he got no receipt from the BBMP.
"After reading in the papers about BBMP officials saying there were no technical glitches in the tax payment software this year, I preferred to pay tax online. But to my shock, after the website took all the details of my credit card and the money got deducted, I got a message saying, 'your payment is processed, but the transaction not completed'. The bank sent a message saying money has been spent to pay property tax," Bopanna, explained.
"I complained to my bank but got no proper response," he added.
City resident Sandeep Acharya tweeted, "I tried paying BBMP property tax online, payment failed for some reason and is debited also to my card. The worst payment gateway the site has."
Many have complained about the snag to the BBMP Commissioner on Twitter.
On April 2, BBMP joint commissioner (revenue) Venkata Chalapathy claimed the online system was glitch-free. "Property ax collection for the financial year of 2018-19 has begun and citizens can make payments via both online and offline modes. There are no technical glitches associated with tax payment website this year. Hence there will be no extension of the rebate," he had said.
BBMP special commissioner (IT) Manoj Rajan, said: "The website is maintained by the National Informatics Centre (NIC). We have received 82,601 online applications and collected Rs 58.76 crore this year through the website."
Meanwhile, Venkatesh, technical director of NIC agrees that the website's security certificate has expired. "Our team will work on it. By Monday, the certificate will be renewed by the security provider Verisign."
"Since the payment gateway PayUMoney is secure, banking details may be safe," he added.
However, cyberlaw and international information security expert Na Vijayshankar says that even if the payment gateway is secure, hackers can breach data if the property tax site is not secure. "Any government organisation collecting people's personal data should also secure their data."
"Hyper Text Transfer Protocol Secure (HTTPS) is the secure version of HTTP, the protocol over which data is sent between your browser and the website that you are connected to. The 'S' stands for 'Secure'. It means all communication between your browser and the website is encrypted. No hackers can access details."
Shubhamangala Sunil, an cyberlaw expert and US ambassador for Asian Countries in Cybersecurity said, "Four years ago, the whole BBMP online system was hacked and we had advised them to have a cybersecurity expert in the BBMP to tackle this problem. However, this has not been done. Forgetting to renew the security certificate reflects on BBMP's callousness."
"It takes just five minutes for the BBMP to apply for the security certificate. While the BBMP collects taxes worth crores from people, why can't it spend money to secure citizens' data?" Shubhamangala questioned.
DH News Service