Finance Services Bureau website includes several security flaws – Media

The Finance Services Bureau (DSF) website includes data privacy security flaws in the level of encryption that can put the information submitted by users, a cybersecurity expert told newspaper Hoje Macau.

According to the expert, there is an imminent danger for users’ personal data, especially on the website pages that present forms to fill out, since the DSF website does not present any encryption certificate (SSL), possibly allowing a hacker to intercept information during data transmission between the browser (browser) and the location (server) where the website is hosted.

When using the Google Chrome browser to enter the DSF website, in addition to the ‘Not Secure’ message appearing in the upper left corner throughout the entire use of the website, there are numerous pages where data is requested personal data to users to access certain services and that do not comply with that security requirement.

An example of this is the page dedicated to the “Professional Tax Return Program”, where, to consult information related to the subject, users must enter the complete number of the Macau Resident Identity Card (BIR).

“The consultation of the‘ Professional Tax Return Program ’is exactly one such case. It is exactly here, where we find a form and the page is not encrypted, that the transmission of the BIR number is exposed. Therefore, this site is not secure. This transmission of the BIR numbers when it is submitted to the server through the browser can be captured,” the specialist told the newspaper.

In addition to this, other pages that allow access to the areas of ‘Public Finance Management’, ‘Property Management” and ‘Deed Appointments’ are also exposed in the same way, asking for the username and password.

No comments on the proposed security breaches from the DSF and the Office for Personal Data Protection (GPDP) were received by the newspaper.

Back in August, the Secretary for Administration and Justice, André Cheong, stressed that the implementation of e-government is one of the priorities of the government’s governmental action and that the Chief Executive has been remembering over time the need to strengthen data sharing between public services.