The Passport, Immigration & Citizenship Agency (PICA) has acquired the ‘.gov.jm’ website domain to become a part of the previously launched enterjamaica.com, which sparked public criticisms and security concerns in September.
An information and communications technology (ICT) expert at PICA informed The Gleaner on Monday that the use of the domain was already active.
“When you type it ( enterjamaica.gov.jm) [in], it goes to the ‘.com’ [domain], but it’s [still] there; we have control of that,” the employee said, noting that users would still be redirected to the ‘.com’ site because it was already created and in use.
The ICT employee said that it was eventually realised that certain security policies needed to be implemented, but that they were unable to provide further insight regarding the exact date of when this adjustment was made.
The enterjamaica.com website was designed to make it easier for visitors to submit their C5 declaration forms online to immigration and customs authorities in Jamaica.
It came under scrutiny after National Security Minister Dr Horace Chang, during a tour of the Norman Manley International Airport in Kingston on September 5, revealed that fraudulent individuals had taken over the system and were selling unsuspecting persons the forms for US$35 (approximately J$5,400) on unauthorised websites.
A slew of angered individuals later said they had been defrauded.
Speaking about the difficulties brought about by the deceptive behaviour, Chang made an effort to warn visitors of the need to verify the authenticity of sites and noted that the form was exclusively accessible through the Jamaica Customs website or at www.enterjamaica.com, which attracted no fees.
PICA later stated that its site was not hacked and that no outside organisation or agent had been hired to supply the online immigration/passenger declaration form.
In a post on the social media platform X (formerly Twitter), the agency warned persons to be careful of sites that were mirroring its services. “Do not be lured to other sites that attract a cost and will put your information at risk,” the advisory stated.
Gavin Dennis, a cybersecurity expert, informed The Gleaner that the value of using the ‘.gov.jm’ domain for Jamaican government websites shows official status.
“The ‘.jm’ country code top-level domain (CC TLD) is the country code for Jamaica and is generally reserved for government entities, which helps people know they are visiting an authentic government site, not a fake or commercial site,” he said.
A CC TLD represents a specific geographical location and is the most efficient way to show search engines and users which country or region you’re based in for example ‘.uk’ is for the United Kingdom and ‘.eu’ is for the European Union.
Dennis continued that all government agencies must use the ‘.gov.jm’ domain as it aids in making people feel more secure when providing personal information. This, he said, was because such domains are usually strictly controlled and signify an official, trustworthy source.
He deemed the Government’s non-use of the ‘.gov.jm’ domain in the initial instance as “misguided”.
“It makes the Government’s job harder to reassure people that the website they are interacting with is legitimate, especially considering the number of local entities being hacked, the new Data Protection Act, NIDS (National Identification System), and the fragile public trust,” Dennis said.
He said that without this certainty that a site is legitimately owned by the Government, people could inadvertently end up using sites mimicking official websites, while exposing themselves to scams and phishers who steal their data.
Rory Ebanks, director of cyber and information security at Symptai Consulting, admitted that when the enterjamaica.com site was first launched, he was “very sceptical” about it, noting knowing if it was an official site.
Ebanks described the cloning incident of the website as a “social engineering attack”, and noted that it was perhaps successful because of the reputation of the attackers’ longer-running domain which caused the fraudulent websites to rank higher than the PICA’s newly obtained domain owing to search engine optimisation (SEO).
He noted, however, that ‘enterjamaica.gov.jm,’ could have been used as a subdomain, meaning that ‘enterjamaica’ would be under the ‘.gov.jm’ domain rather than solely having the ‘enterjamaica.com’ as the primary domain.
Ebanks said that Internet users must also do their due diligence in ensuring that the sites they click on are legitimate.
Kauna McKenzie, director of business development at PICA, told The Gleaner that she was unable to comment on whether the domain issue, saying that she wished to avoid confusing those who were just learning how to use the agency’s online services.
“The system has been working very well,” she said, citing an increase in the public’s ease of use of the online platform.
McKenzie further noted that the NMIA, Sangster International Airport and the Ian Fleming International Airport were equipped with quick response (QR) codes for persons to gain access to the form.
“We also have immigration officers and immigration officer assistants to assist you with getting on. We’ve even set up a customer centre where if you send information, there is somebody to respond to you immediately with your queries [which have been posted on social media],” she said.
View the discussion thread.