FBR has deactivated the manual vehicle auction data entry module in its Web-Based One Customs (WEBOC) system following the discovery of serious irregularities involving unauthorized use of official credentials. The action was prompted by an internal investigation revealing that specific user IDs meant for Assistant Collector and Deputy Collector-level personnel had been misused to enter auction data without proper clearance.
The issue came to light after the Directorate General of Reforms and Automation (Digitization), Customs House Karachi, received alerts regarding unusual activities linked to these user accounts. Preliminary findings indicated that user credentials, created and managed by MIS officers at different customs formations, were exploited to feed auction vehicle data into the system, bypassing established procedural checks.
Among the identified cases, the Directorate of IOCO, Lahore reported that two accounts—Zeeshan (CUS-3540517) and Yousuf Khan (CUS-3135725)—were generated by AC/DC MIS on April 21, 2025, and remained active until July 8, 2025. These accounts were used to input auction details for 24 vehicles. In another case, an ID under the name Waqas Khattak (CUS-2914393) was created at the Collectorate of Customs, Air Freight Unit (AFU), Faisalabad on February 26, 2025. This account was used to enter data for 31 vehicles.
What raised further concern was that many of these entries were linked to MCC Appraisement West, Karachi, despite originating from separate jurisdictions such as Lahore and Faisalabad. This mismatch in geographical associations cast doubt on the compliance of auction procedures and highlighted a need for stricter system controls.
The scale of the issue suggests systemic vulnerabilities, with a total of 1,873 vehicle entries found to have been recorded through the now-deactivated manual data entry function. As an immediate containment measure, FBR has disabled the Auction Module in WEBOC to prevent any further unauthorized input while a comprehensive verification process is underway.
In response to the breach, the Directorate has recommended a formal transition for all Customs Collectorates and Directorates to the E-Auction Module. The new platform is built to reduce manual intervention, eliminate potential fraud, and ensure a digital audit trail for all auction activity. It introduces stricter access controls and real-time traceability to enforce transparency across customs operations.
Until the integrity of existing data is verified and a secure, standardized process is in place, the manual entry module will remain suspended. The move reflects FBR’s ongoing focus on digital accountability and the protection of sensitive government systems from internal misuse.
