Karachi, February 10, 2025 – The Karachi Tax Bar Association (KTBA) has strongly recommended that the Federal Board of Revenue (FBR) confine its newly implemented password change policy to sales tax filers alone.
In a formal letter addressed to Dr. Najeeb Ahmad, Member (Inland Revenue – Policy) at the FBR, the KTBA underscored the impracticalities of the policy, which mandates taxpayers to alter their passwords every 60 days.
Under the new “Password Protection Policy,” taxpayers are compelled to change their passwords six times a year to maintain access to their accounts, a process that can only be executed through the “Forgot Password” or “Change Password” options. KTBA President Ali A. Rahim criticized the abrupt enforcement of this policy, stating that it was introduced without prior notification, consultation, or a practical justification.
The KTBA highlighted that this policy appears to be a reactive measure following a series of sales tax frauds involving the misuse of passwords linked to dormant or nil-filing accounts. Fraudsters had exploited these accounts to generate fake sales tax invoices, leading to significant financial losses. However, the KTBA emphasized that instead of imposing a blanket requirement on all 5.8 million taxpayers, the FBR should focus on targeted security enhancements to prevent the recurrence of such fraudulent activities.
In a prior meeting with the FBR on January 15, 2024, the KTBA had already expressed concerns over this policy’s potential ramifications. It argued that imposing such a frequent password change requirement on all taxpayers, regardless of category—whether salaried individuals, business owners, or corporate entities—would likely result in widespread confusion, increased non-compliance, and technical mishaps. The KTBA pointed out that even banks, which prioritize account security, do not impose such stringent password change requirements on their customers every two months.
The association further asserted that applying the same security measures to income tax and sales tax payers is unwarranted, given the fundamental differences in their filing obligations. Income tax returns are filed annually, withholding tax statements are submitted quarterly, whereas sales tax returns are lodged monthly. Subjecting all taxpayers to an identical password reset timeline is not only unnecessary but also creates undue inconvenience.
The KTBA proposed that income taxpayers be required to change their passwords annually rather than every 60 days. Additionally, any modifications to the password policy should be executed through formal amendments to the IRIS web portal’s governing regulations, ensuring transparency and deliberation before enforcement.
To strengthen fraud prevention, the KTBA recommended a more strategic approach, including blocking or suspending Sales Tax Registration Numbers (STRNs) for entities failing to file returns for three consecutive months. The association also suggested that any STRN under deregistration review for more than three months should be automatically blocked to prevent potential misuse. Such measures, KTBA argued, are already practiced by provincial tax regulators and have proven effective in curbing tax evasion.
By implementing these recommendations, the KTBA believes the FBR can safeguard against fraudulent tax claims while ensuring that law-abiding taxpayers are not subjected to unnecessary procedural burdens. The association remains committed to working with the FBR to refine policies that enhance security without compromising ease of compliance.