FBR recently opened a whole floodgate of opportunity to salespersons, marketers, spammers, advertising agencies and whatnot through its online NTN verification system. Just with a CNIC, you can find out anything and everything about a person or organization that has an NTN number.
It was a simplified process. All you had to do was input CNIC number of any person and if he has an NTN number, it will be displayed on the screen. Using that number as an input on another page on FBR website, all the details registered with FBR would be displayed such as
- Home Address
- Business Address
- Bank Account and related details
- Attorneys …
And much more, depending upon the information registered by the individual or organization. No username or password was required and it was open for all.
Luckily, FBR took notice of its mistake and has rectified the problem. As it turns out, the FBR website can used by anyone to verify tax-paying status of any individual and company but for any further details, you need login details which shows only FBR personnel can access the data. However, the only problem here is that the login page is not SSL encrypted which means FBR personnel are using unsecure channel to access sensitive data which is liable to phishing and hacking.