The Federal Board of Revenue (FBR) recently introduced a key update to the login system of its tax filing platform, IRIS. Under the new policy, user passwords will now expire every 60 days, requiring a reset. While this change is aimed at enhancing security, it has created practical challenges, particularly for individual taxpayers and tax consultants.

At Vintage Global Consulting, we recognize the importance of cybersecurity in today’s digital landscape but also understand the need to address the operational impact this policy has on stakeholders.

Why the Change?

The primary objective of this update is to strengthen the security of taxpayers’ accounts and protect sensitive information from unauthorized access. However, like any major policy change, it has posed new challenges for users.

Challenges We’ve Observed

1. Time Consuming Resets
For individual taxpayers, resetting passwords every 60 days can be inconvenient and time consuming. If a registered email or mobile number is inactive, this process becomes even more complex.
2. Increased Workload for Tax Consultants
Tax consultants managing accounts for multiple clients are particularly affected. Resetting passwords across a large portfolio of accounts is a manual and labour intensive task.
3. Risk of Data Mismanagement
Improper handling of login credentials, whether by users or consultants, increases the risk of data breaches or unauthorized access, potentially compromising sensitive financial information.
4. Higher Costs
The additional workload on tax consultants may lead to increased service charges, placing a financial strain on clients.

Proposed Solutions

To mitigate these challenges, we recommend the following steps:
1. Keep Contact Details Updated
Ensure that all registered mobile numbers and email addresses are current to streamline the password reset process.
2. Adopt Digital Solutions
Tax consultants should consider using automation tools to organize and manage client credentials more efficiently.
3. Advocate for Policy Flexibility
Stakeholders could collectively request the FBR to extend the password expiry period to 90 days or more, reducing the frequency of resets without compromising security.
4. Enhance Awareness
The FBR should launch educational campaigns to help users understand the new policy and its implementation, ensuring they are prepared to comply without unnecessary frustration.

At Vintage Global Consulting, we are committed to helping businesses and individuals navigate such regulatory changes seamlessly. If you’re facing challenges due to this policy, our team is here to guide you with tailored solutions.