The Federal Board of Revenue (FBR) has introduced a mandatory policy requiring taxpayers to frequently change their passwords on the online tax portal, IRIS, as part of enhanced security measures.
While the intent is to protect sensitive taxpayer information and ensure secure online transactions, the policy has sparked criticism from the Lahore Chamber of Commerce and Industry (LCCI).
The LCCI, in a letter addressed to FBR Chairman Rashid Mahmood Langrial, expressed concerns over the potential ramifications of this new requirement. LCCI President Mian Abuzar Shad highlighted that the policy, which mandates password changes every two months, could impose significant challenges on taxpayers, particularly small and medium-sized enterprises (SMEs). He noted that many small businesses already struggle with navigating the complexities of the IRIS system and lack the technical expertise or resources to manage frequent password changes effectively.
The FBR’s policy, though well-intentioned, has been deemed disruptive by the LCCI, as it could add to the operational burdens of SMEs, which form the backbone of Pakistan’s economy. With the country facing ongoing economic difficulties, small businesses are under immense pressure to sustain their operations. The frequent password change requirement could further strain their ability to meet tax filing deadlines, potentially leading to inadvertent non-compliance.
Another significant concern raised by the LCCI pertains to the IRIS system’s capacity to handle an anticipated surge in password reset requests and account recovery processes. Mian Abuzar Shad pointed out that such an influx could overwhelm the system, causing delays and disruptions in the tax filing process. This scenario would likely frustrate taxpayers and may even result in compliance issues due to technical obstacles beyond their control.
To address these challenges, the LCCI has urged the FBR to reconsider its policy and explore alternative security measures. The Chamber has suggested the implementation of two-factor authentication (2FA) or the enhancement of monitoring systems to detect suspicious activities on the IRIS portal. These measures, they argue, would bolster security without imposing undue burdens on taxpayers.
While the LCCI supports the FBR’s efforts to strengthen the integrity of the tax filing system, it emphasizes that policies should not penalize the business community. Mian Abuzar Shad reiterated that collaborative solutions, such as 2FA, could achieve the desired security outcomes without creating additional stress for businesses.
In conclusion, the FBR’s commitment to safeguarding taxpayer information is commendable, but it must strike a balance between robust security measures and the operational realities faced by taxpayers. By addressing the concerns raised by the LCCI, the FBR can ensure that the IRIS portal remains both secure and user-friendly.