The Axact mega scam about online sale of fake educational degrees and diploma has astounded many people. They are questioning how a company that claimed to develop software for exports and earned huge tax-free income was successful in deceiving the law enforcers, regulators and its competitors for almost a decade, and whether the law-enforcing authorities, including the Federal Investigation Agency (FIA), is capable of solving such crimes.

Ammar Jaffri, former Additional Director General FIA, believes the different government institutions and law enforcing authorities have failed to detect irregularities in online transactions and businesses. Even when they get tips, he says, they are slow and clueless about what legal course to take.

He adds online frauds are just like other frauds; the only difference is the medium, which helps people involved to hide their identity and locations. Besides, he says, it is easy to direct ill-gotten money to Dubai and then get it transferred back home through formal channels.

Jaffri, who founded the National Response Centre for Cyber Crime (NR3C) in FIA, says that preventive measures to stop cyber crime from happening are not possible anywhere in the world -- "Law enforcers react to complaints, tips and news items carried by the media".

He says "crime stoppers" that comprise media, civil society and law enforcers, must be made effective.

Jaffri has full confidence in the skills of forensic specialists in FIA and says they can recover deleted data from hard disks, access data lying in computers used by criminals in other countries, follow money trail, unveil identity of impersonators etc. -- but only once the culprits have been identified.

Sajjad Kirmani, CEO, Infogistic (pvt) Ltd, a leading software company of the country, says a deceitful IT based company can easily be identified because the genuine ones list and describe their products/services on their websites and also make a mention of the key customers as well as customer testimonials.

Such companies, he says, mostly make an announcement of new customer acquisitions and contract signings on their websites and social media platforms. Besides, the companies that deal in software products often get the trademarks/copyrights registered with the competent authorities to protect their Intellectual Property Rights (IPR) from being compromised.

Kirmani adds that IT companies bring the export proceeds into Pakistan through regular banking channels and such proceeds are reported to the State Bank of Pakistan (SBP).

He says IT companies normally pay their employees according to the market compensation benchmarks, hence, any IT company that does not follow these benchmarks must be suspected.

So, why did the Pakistan Software Houses Association (P@SHA) not question Axact about its business operations?

Salim Ghauri, CEO of Netsol Technologies and former P@SHA president, says, first, the company in question was not registered with the association as it was doing e-commerce -- selling degrees online -- and not developing software for export; secondly, when they were inquired by the sitting P@SHA President Jehan Ara about their "dubious" activities they sued her for Rs 1 billion for allegedly tarnishing their reputation. "Their high-handedness upset her and she did not follow up the case," he adds.

Ghauri says the FBR should have inquired about the tax details of this company when its CEO claimed it was the biggest IT company of the country, targeting $20 billion in software exports in the near future. Despite this tall claim, he says, the company’s CEO could not come with the names of any softwares it had produced or foreign software buyers in its clients’ list. No doubt the company benefited from this oversight by the state institutions, he concludes.

For, Mubashar Mirza, a chartered accountant based in Lahore, there is a system in place to check money-laundering where bank branches are supposed to release Suspicious Transaction Reports (STRs) about suspicious accounts. For example, he says, a bank account where average balance remains low but huge amounts are withdrawn soon after their transfer from abroad are checked. They are put under observation and reported to the finance ministry. "How strictly this procedure is followed is another question," he adds.

A senior FIA official says oversight is possible as their technical staff is overburdened and has to deal with hundreds of cases of cyber stalking and harassment on Facebook etc. Similarly, any case where Internet is used for crime is forwarded to FIA. For example, if blasphemous content is uploaded on Internet the local police forwards the case to FIA. "My point is that police must be trained to tackle cyber crime," he says.

According to him, the non-existence of the cyber crime law is a hurdle. He adds, cyber crime cases are registered under Sections 36 and 37 of the Electronic Transactions Ordinance (2002) which deal with violation of privacy of information, damage to information systems, storage and distribution of information that one is not supposed to access and so on.

The official says they can book people even if they commit crime in any other country using their systems under Section 3 of Pakistan Penal Code. It states: "Any person liable, by any Pakistani Law, to be tried for an offence committed beyond Pakistan shall be dealt with according to the provision of this Code for any act committed beyond Pakistan in the same manner as if such act had been committed within Pakistan."