Reply to post: implications for normal people

Indian Railways suffers unspecified security 'breaches in various IT applications'

Sitaram Chamarty

implications for normal people

Implications for normal people are likely to be

- non-financial data: name, age, train travel history, phone number, email address

- financial data: minimal or not at all (IMO)

It's been ages since I booked a ticket on IRCTC, but purchases in India are almost never of the "merchant knows your credit card number and has to keep it safe" type. Most people use "Net Banking", where the merchant does not know anything. It's somewhat like how the initial authentication flow of OAuth works -- you get directed from the merchant to your bank, you login there, accept the payment, and you are then sent back to the merchant, except in this case the merchant does not even know your account number in the bank, though he does know *which* bank you went to.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021