FBR tax profiling system is not foolproof and people are sharing their concerns

Written by Shaheryar Ehsan ·  2 min read >

Despite the claim of FBR’s Chairman that the online tax portal for around 53 million citizens is secured, some users have confirmed that the website’s registration process is way too simple and one can easily hack someone’s account provided they know their simple biodata.

We have personally checked the registration process for a particular CNIC which you can see below step by step. Step 1 involves entering your CNIC and clearing the CAPTCHA code:

Step 2 is again fairly simple, asking for an email address and a mobile number to associate with your profile on the website:

Step 3 involves verification which can be done through email or mobile:

Till now, it is fairly plain, anyone knowing your CNIC can basically create your account. Now to make things a “little” tricky, the next step involves asking some personal questions:

Technically speaking, my cousins can make my account as even they would know the answers to questions listed above. After the above is processed, the registrant’s account is successfully created and they are required to pay the Rs. 500 fee which is required every time you want to view your tax information online. Currently, the portal offers only 2 methods: Debit/Credit card or e-sahulat.

The Twitter user below got registered on the website without providing a phone number and answering the same simple questions regarding his family:

Can citizens data be placed on online portals?

Someone has also raised a question on Twitter whether citizen’s personal info can be placed on online portals like this. We are not talking about car registrations and stuff like that anymore, the data actually pertains to personal assets of each individual and with such a basic level of security, the citizens data can be easily compromised. The question arises, whether this move was approved by the Senate or Parliament as a whole because sharing of such information requires the consent of the person involved:

Various security breaches have occurred in the West and throughout the world due to lack of regard to user privacy and when we are talking about interfacing between two servers with such crucial info, there should be no compromise on security standards at all.

Interface is just too basic and doesn’t look trustworthy

The interface of the website doesn’t look appealing at all and forces users to question themselves regarding the integrity of the website. Many people have declined to enter their Debit/Credit card details on the website due to this very reason as the website feels really insecure. One person has mentioned that the website has been hacked in the past:

The website also lacks content and fails to explain the terms given in the FAQ section leaving almost everything in ambiguity.

The portal in its current version poses a big risk to the data of the citizens and considering that the data retrieval spans two servers, first from the FBR for tax information and the 2nd from the NADRA database for the user’s personal bio data, there is no telling whether the data transactions are encrypted or not. For the latter case, any hacker would be able to compromise personal info of tax filers easily. The Government should takedown the website and reanalyze it thoroughly to make amendments. Otherwise, data of 53 million people is out in the open.

What are your thoughts regarding the security of the newly launched tax portal? Do you think it is adequate?

Written by Shaheryar Ehsan
Content Team Lead. Blogger, Content Developer, Social Media, and SEO Expert. Reach out: Profile