🇵🇰
BISP 8171 Web Portal — Privacy Policy
Benazir Income Support Programme | Government of Pakistan
بے نظیر انکم
سپورٹ پروگرام
سپورٹ پروگرام
🔒 Official Privacy Notice
Your Data, Your Rights, Your Protection
This Privacy Policy explains how the BISP 8171 Web Portal collects, uses, protects, and shares your personal data — in plain language you can understand, available in both English and Urdu.
🏛️ Government of Pakistan
🔒 PECA Compliant
✅ NADRA Verified
📋 BISP Act 2010
🌐 bisp.gov.pk
Active Scam Alert — اسکام وارننگ
- BISP will NEVER ask for your OTP, password, or thumbprint over phone or WhatsApp
- Never pay any agent to "fast-track" your payment — BISP services are 100% FREE
- Only access the portal at 8171.bisp.gov.pk — fake websites steal your CNIC data
- BISP officials never demand cash, jewelry, or personal favors
- Unsolicited calls claiming to be from BISP offering bonus payments are FRAUD
① What Personal Data We Collect
ہم کون سا ذاتی ڈیٹا اکٹھا کرتے ہیں
In Simple Words
When you use the BISP 8171 portal, we collect your ID card number, thumbprint, mobile number, and information about your household — only what is needed to get money to the right person safely.
آسان الفاظ میں: جب آپ 8171 پورٹل استعمال کرتے ہیں تو ہم آپ کا شناختی کارڈ نمبر، انگوٹھے کا نشان، موبائل نمبر اور گھرانے کی معلومات لیتے ہیں۔ صرف وہ معلومات جو رقم صحیح شخص تک پہنچانے کے لیے ضروری ہے۔
| Data Category | Specific Elements | Purpose | Necessity |
|---|---|---|---|
| Identity Data | CNIC number, full name, date of birth, gender | Primary beneficiary identification via NADRA | Mandatory |
| Biometric Data | Fingerprint templates (thumb & index) | Authentication for cash disbursement at ATMs & campsites | Mandatory |
| Contact Data | Registered mobile number (IMSI), SIM operator | SMS alerts, payment notifications via 8171 | Mandatory |
| Household Data | Number of members, ages, education, employment, disability status | PMT score calculation for NSER targeting | Mandatory |
| Economic Data | Income sources, assets, land ownership, livestock | Proxy Means Test (PMT) poverty score verification | Mandatory |
| Location Data | Province, district, tehsil, geo-coordinates (survey) | Programme targeting, disbursement point assignment | Conditional |
| Portal Usage Data | IP address, browser type, session logs, access timestamps | Security monitoring, fraud detection, audit trails | Technical |
| Children's Data | B-Form numbers, school enrolment, attendance records | Taleemi Wazaif stipend calculation & disbursement | Program-specific |
| Health Data | Pregnancy status, child nutrition metrics (under-2) | Benazir Nashonuma programme eligibility | Program-specific |
② Legal Basis for Data Processing
ڈیٹا پروسیسنگ کی قانونی بنیاد
In Simple Words
BISP collects your data because Pakistani law requires it for social protection delivery. This is not optional — it is legally authorized under the Acts of Parliament that created BISP.
آسان الفاظ میں: BISP آپ کا ڈیٹا پاکستانی قانون کے تحت اکٹھا کرتا ہے۔ یہ پارلیمنٹ کے قوانین کے تحت اجازت یافتہ ہے۔
All data processing on the BISP 8171 portal is grounded in the following legal instruments:
Applicable Laws
📜 BISP Act 2010 — Establishes BISP's mandate to collect socio-economic data for poverty targeting and cash transfer delivery across Pakistan.
🆔 NADRA Ordinance 2000 — Authorizes biometric data collection and CNIC-based identity verification for all Pakistani citizens accessing government services.
🔐 Prevention of Electronic Crimes Act (PECA) 2016 — Governs lawful processing of digital data, prohibits unauthorized access, and prescribes penalties for data breaches and cybercrimes involving beneficiary information.
🏛️ Constitution of Pakistan — Article 14 — Guarantees the inviolability of dignity and privacy; all BISP data practices are designed to uphold constitutional protections.
🏦 State Bank of Pakistan Regulations — Govern financial data protection obligations for partner banks (HBL, Bank Alfalah) disbursing BISP payments.
📄 BISP-NADRA MOU — Formal Memorandum of Understanding defining the scope, frequency, and security requirements of data exchange between BISP and NADRA verification systems.
③ How Your Data Flows — Inside the NADRA-BISP Pipeline
آپ کا ڈیٹا کہاں کہاں جاتا ہے
In Simple Words
Your CNIC and thumbprint go to NADRA for verification. Your payment information goes to your bank or disbursement agent. Your household data is used to calculate your eligibility score. We do NOT sell your data to anyone.
آسان الفاظ میں: آپ کا شناختی کارڈ نمبر اور انگوٹھے کا نشان تصدیق کے لیے نادرا کو جاتا ہے۔ ادائیگی کی معلومات آپ کے بینک کو جاتی ہے۔ ہم آپ کا ڈیٹا کسی کو نہیں بیچتے۔
1
You Enter Your Data on 8171 Portal / BISP Survey
CNIC, biometric, household data captured via secure HTTPS connection. Your session is encrypted end-to-end from the moment you log in.
📱 8171.bisp.gov.pk🏕️ BISP Surveyor
2
NADRA Instant Biometric Verification
Your CNIC and fingerprint are matched against NADRA's National Identity Database in real-time. BISP receives only a "match/no-match" confirmation — not your raw biometric template.
🆔 NADRA🔐 Encrypted API
3
PMT Score Calculation — NSER Database
Household socio-economic data is processed through the Proxy Means Test algorithm. Your score determines eligibility for Kafaalat, Taleemi Wazaif, and Nashonuma programs.
📊 NSER Database🧮 PMT Algorithm
4
Partner Bank Disbursement Authorization
Eligible beneficiary payment records are securely transmitted to authorized banking partners for cash disbursement. Banks receive only payment-relevant data — not full socio-economic profiles.
🏦 HBL🏦 Bank Alfalah📱 Mobile Wallets
5
Provincial Social Protection Coordination (Aggregate Only)
Province-level aggregated statistics are shared with provincial social protection authorities for programme planning. No individual beneficiary records are shared without lawful authorization.
🏛️ Punjab SELD🏛️ Sindh SAU🏛️ KPK / Balochistan
6
SMS Notification to Registered Mobile Number
Payment-ready alerts and status updates are sent exclusively to the CNIC-registered mobile number. We do not send marketing communications.
📲 SMS Gateway🔔 8171 Alerts
We Do NOT Share Your Data With
Prohibited Data Sharing
❌ Commercial advertisers or marketers
❌ Private money lenders or microfinance agents
❌ Foreign governments without court order
❌ Unauthorized third-party apps or websites
❌ Political parties or campaign organizations
❌ Anyone who contacts you claiming they "work with BISP"
❌ Private money lenders or microfinance agents
❌ Foreign governments without court order
❌ Unauthorized third-party apps or websites
❌ Political parties or campaign organizations
❌ Anyone who contacts you claiming they "work with BISP"
④ Security Infrastructure & Encryption
سیکیورٹی انفراسٹرکچر اور خفیہ کاری
In Simple Words
Your data on the BISP portal is locked with strong encryption — like a bank vault. Only authorized BISP officials can access specific parts of your record, and every access is logged and tracked.
آسان الفاظ میں: آپ کا ڈیٹا بینک والٹ کی طرح محفوظ ہے۔ صرف مجاز BISP اہلکار آپ کے ریکارڈ تک رسائی حاصل کر سکتے ہیں اور ہر رسائی کا ریکارڈ رکھا جاتا ہے۔
TLS 1.3 / SSL Encryption
All data transmitted between your device and the 8171 portal is encrypted using TLS 1.3 protocol. Always verify the padlock icon and https:// in your browser.
Database Encryption at Rest
Stored personal data is encrypted using AES-256 standards in BISP's secure data centres. Biometric templates are stored in one-way hash format — they cannot be reversed.
Role-Based Access Control
BISP staff access only the data their specific role requires. A Tehsil-level officer cannot access beneficiary records from another district.
Audit Logging
Every database access, record modification, and administrative action is logged with timestamps, user IDs, and IP addresses. Logs are retained for 7 years for accountability.
Intrusion Detection System
Automated systems monitor for unusual access patterns, brute-force attempts, and data exfiltration indicators 24/7. Suspected breaches trigger immediate lockdowns.
Third-Party Security Audits
The 8171 portal undergoes independent security penetration testing annually. Results are reviewed by BISP's IT Security Committee and findings are actioned within 30 days.
⑤ Your Rights as a Beneficiary
آپ کے حقوق بطور مستفید
In Simple Words
You have the right to see your own data, correct mistakes, and ask BISP how your information is being used. Asking about your data will NEVER lead to your disqualification.
آسان الفاظ میں: آپ کو اپنا ڈیٹا دیکھنے، غلطیاں درست کرنے اور پوچھنے کا حق ہے۔ ڈیٹا کے بارے میں پوچھنے سے آپ کبھی نا اہل نہیں ہوں گے۔
Right of Access
Request a copy of the personal data BISP holds about you. Submit a written request to your nearest BISP Tehsil Office with your CNIC.
Right to Rectification
If your data contains errors (wrong mobile number, incorrect household count), you have the right to request corrections through the BISP complaint system.
Right to Explanation
You can ask BISP to explain why you received a specific PMT score, why payment was withheld, or what data was used in an eligibility decision.
Right to Object
You may object to specific uses of your data (such as sharing with non-essential third parties) without this affecting your eligibility for core BISP transfers.
Right to Restriction
You may request that processing of your data be temporarily restricted while a complaint or data accuracy dispute is under review.
Right to Complain
If you believe your privacy rights have been violated, you may file a complaint with BISP's Data Protection Focal Person or escalate to the FIA Cyber Crime Wing (NR3C).
⑥ Female Beneficiary Data Sovereignty
خواتین مستفیدین کی ڈیٹا خود مختاری
👩 Women First
In Simple Words
BISP registers women as the primary beneficiary. Your husband, in-laws, or any male family member cannot access your payment information or change your account without your explicit consent and biometric verification.
آسان الفاظ میں: BISP میں خاتون مرکزی مستفید ہے۔ شوہر یا کوئی بھی مرد رشتہ دار آپ کی اجازت اور انگوٹھے کے نشان کے بغیر آپ کا اکاؤنٹ استعمال نہیں کر سکتا۔
👩 Female Beneficiary Digital Protections
- The female CNIC holder is the sole authorized account owner — no proxy access is permitted without her physical biometric presence
- Male family members, husbands, or agents cannot change your registered mobile number or payment collection point without your biometric consent
- Biometric ATMs and BISP campsites are required to offer female staff for thumb verification upon request
- Your financial data (payment amounts, frequency, eligibility status) cannot be disclosed to a male family member without your explicit written consent
- Widow, divorced, and separated women maintain full independent data sovereignty with no proxy access rights for former spouses
- If you suspect an unauthorized person has accessed your BISP account, call 0800-26477 immediately — your account can be locked within 30 minutes
🏛️ Proxy Access — Limited Exceptions
- A proxy may act only if the beneficiary has a verified physical disability preventing in-person attendance — authorized by a BISP district officer in writing
- Proxy access requires a legal Power of Attorney (POA) notarized and submitted to the BISP Tehsil Office with both parties' CNICs
- All proxy transactions are flagged in the system and reviewed by the District Monitoring Officer quarterly
- Proxy authorization can be revoked at any time by the beneficiary via a walk-in visit or helpline call
⑦ How Long We Keep Your Data
ہم آپ کا ڈیٹا کتنے عرصے رکھتے ہیں
In Simple Words
We keep your active data as long as you are in the BISP program. After you exit, most data is deleted or anonymized — but audit records stay for 7 years as required by law.
آسان الفاظ میں: جب تک آپ BISP میں ہیں آپ کا ڈیٹا موجود رہتا ہے۔ پروگرام چھوڑنے کے بعد زیادہ تر ڈیٹا حذف یا گمنام ہو جاتا ہے لیکن آڈٹ ریکارڈ 7 سال تک رہتا ہے۔
| Data Type | Retention Period | Action After Period |
|---|---|---|
| Active beneficiary identity & household data | Duration of enrolment + 2 years | Anonymized for statistical use |
| Biometric templates | Duration of enrolment only | Permanently deleted from BISP servers (NADRA retains per their policy) |
| Payment transaction records | 7 years (financial audit requirement) | Archived in read-only secure storage |
| Complaint & grievance records | 5 years after closure | Deleted after review period |
| Portal session logs & IP records | 12 months | Deleted automatically |
| SMS notification logs | 24 months | Deleted automatically |
| Deceased beneficiary records | 3 years after reported death | Archived then permanently deleted |
| Taleemi Wazaif attendance data | Duration of child's enrolment + 3 years | Anonymized aggregate education statistics |
⑧ Grievance Mechanisms & How to Report
شکایات کا طریقہ کار
In Simple Words
If something goes wrong with your data or payments — you were hacked, someone stole your payment, or your data is wrong — here is exactly who to call and what to do, step by step.
آسان الفاظ میں: اگر آپ کا ڈیٹا غلط ہے، ادائیگی میں مسئلہ ہے یا کسی نے دھوکہ دیا ہے تو درج ذیل اقدامات اٹھائیں۔
1
Call BISP Free Helpline 0800-26477 (Mon–Fri, 9am–5pm). Report your issue. Request a complaint reference number. Keep it safe.
2
Visit your nearest BISP Tehsil Office with your original CNIC. Ask for the Complaint Registration Form (CRF). Submit in person for urgent cases.
3
File online via the BISP Integrated Complaint Management System (ICMS) at bisp.gov.pk. Upload supporting documents digitally.
4
For cybercrime, data theft, or identity fraud — report to FIA NR3C at nr3c.gov.pk or call 9911. Provide all screenshots and message logs.
5
For SIM fraud or CNIC-linked mobile issues — contact PTA DIRBS at dirbs.pta.gov.pk or visit any PTA facilitation center for biometric SIM verification.
6
For cyber harassment or digital rights violations (especially for female beneficiaries) — contact the Digital Rights Foundation Helpline: 0800-39393.
BISP Free Helpline
0800-26477
SMS Status Check
8171
Official Portal
8171.bisp.gov.pk
Cybercrime (FIA NR3C)
9911
⑨ Scam-Proof Your Benefits — Verify Before You Trust
اپنے وظیفے کو محفوظ بنائیں
🛡️ Official BISP Verification Protocol — Print & Keep
- Always verify the URL ends in .gov.pk before entering your CNIC — unofficial domains cause most data theft
- Use only official helpline 0800-26477 — save it now and verify any suspicious calls against it
- Check payment status monthly via SMS to 8171 — unexpected changes may signal unauthorized access
- Enable transaction alerts on your JazzCash, Easypaisa, or bank account to catch unauthorized withdrawals
- Update your NADRA-linked mobile number immediately after a SIM change
- At campsites, insist on an official token queue — never use "express services" from unofficial agents
- NEVER share your OTP, portal password, or biometric data with anyone on call or WhatsApp
- NEVER pay cash, give jewelry, or do personal favors to anyone claiming to process BISP payments
- NEVER let an agent log in to the 8171 portal on your behalf — they can steal your data
- NEVER respond to SMS messages claiming you have "won bonus BISP payment" — it is fraud
- NEVER use shared computers at internet cafés without logging out and clearing browser history
Expert Security Tips
- 1Report a lost or stolen CNIC to NADRA immediately — it is the master key to your entire BISP financial identity
- 2If someone has already taken unauthorized deductions from your BISP payment, file a police FIR and call 0800-26477 within 24 hours
- 3A genuine BISP surveyor will never ask for money or your phone — they carry official ID cards you can verify at the district office
- 4If you receive a suspicious WhatsApp from someone claiming to be BISP, take a screenshot and report it to 0800-26477 immediately
- 5After collecting payment, do not announce the amount publicly at the campsite — this makes you a target for local scammers
⑩ Official Resources & Partner Tools
سرکاری وسائل اور اوزار
🆔
NADRA Online Verification Portal
Verify your CNIC status, update details, and track identity document processing.
id.nadra.gov.pk →
📋
BISP Complaint Management System
File, track, and escalate complaints about data errors, payment issues, or fraud.
bisp.gov.pk/complaints →
🚔
FIA NR3C Cybercrime Portal
Report CNIC misuse, identity theft, phishing websites, and digital fraud to FIA.
nr3c.gov.pk →
📡
PTA DIRBS — SIM Verification
Check how many SIMs are registered on your CNIC and block unauthorized ones.
dirbs.pta.gov.pk →
🏦
State Bank Consumer Protection
Report unauthorized banking transactions or financial data misuse to SBP.
sbp.org.pk →
💜
Digital Rights Foundation (DRF)
Cyber harassment helpline for women beneficiaries: 0800-39393 (Free)
digitalrightsfoundation.pk →
Download Anti-Fraud Verification Card
Print this page to keep the official BISP contacts, scam warning signs, and verification protocol handy — even without internet access.
Policy Update History — Accountability Log
پالیسی تبدیلیوں کا ریکارڈ
June 2025 — Version 3.2
Added female beneficiary data sovereignty section; updated scam alert protocols for WhatsApp phishing.
January 2025 — Version 3.1
Updated NADRA biometric API integration disclosure; revised data retention schedule for deceased beneficiaries.
July 2024 — Version 3.0
Major revision aligning with PECA 2016 amendments; added Nashonuma health data section; new grievance escalation pathway to FIA NR3C.
March 2023 — Version 2.5
Added Taleemi Wazaif attendance data handling; updated partner bank list to include Bank Alfalah.
October 2022 — Version 2.0
Complete restructure with plain-language summaries; introduced Urdu translations for all sections.