Security Issue with Kuwait E-Gov Website

One of the things I enjoy most about Kuwait is the automation of certain previously extremely tedious and time consuming errands such as phone bill payment, electricity bill payment and of course, the extremely arduous task of traffic fine payment.

Through the implementation of Kuwait e-gov website (link) all those hassles have now become as simple as the click of a button. K-NET is interfaced as the preferred method of payment, which means if you have a bank account, you can immediately click all your troubles away.

The website also offers advice on where to go for what etc. it is very useful indeed.

However, there is a fatal, fatal flaw in the e-gov website.

My driver’s licence was up for renewal and I needed to clear my slate with the government in terms of outstanding traffic fines. I moseyed along to the website, and as I was entering my details I paid attention to the title bar:

The payment method was not being directed through a SECURE portal. Meaning, if any hacker were attempting to penetrate your security or the website, they would be able to have access to your credit card info, which you enter in this window.

The strange thing is, if you open your browser and head on over to the Ministry of Interior’s website (link) to pay your fines, the payment window looks like this:

i.e. in this case, your payment is secure.

Most people might think, well what is the worst that can happen. The problem with paying with K-Net and exposing that account to risk is that it is your main account (i.e. salary) and hence, if a hacker were to get to that info, they could siphon your entire salary. Paying with credit cards exposes the credit card to theft only up to the point of your credit limit. If you are smart and use internet shopping cards, it further minimizes the loss to only that which is in your Shopping card at the time.

Hence, please exercise caution when paying online.

Hopefully this error will be rectified post-haste.

August 2011 ( View complete archive page )

September 2011 ( View complete archive page )

error: Sorry, Ctrl+C/V disabled; if you wish to use this content please contact us :)
%d bloggers like this: