Growing concerns over systemic security problems at SASSA
Looting, corruption, and a lack of accountability are merely the beginning of the systemic security problems at SASSA. Here’s how these issues came to light…
Persistent security problems at SASSA are placing Minister Sisisi Tolashe’s leadership under scrutiny, despite the alleged violations taking place during the former minister’s tenure. Nevertheless, as reported by The South African recently, the Social Security Agency of South Africa is understood to have underspent to the tune of R4 billion, says by the Auditor-General of SA.
Even so, the agency says it has recouped R150-million in Social Relief of Distress (SRD) grants made to ineligible beneficiaries, reports GroundUp. This follows a damning revelation by two Stellenbosch University computer science students who had their ID numbers stolen to defraud the SASSA SRD R370 grant system.
ONGOING SASSA SECURITY ISSUES
Two first-year computer science students, Joel Cedras and Veer Gosai, have been checking for ‘vulnerabilities’ in government portals like SASSA SRD. Using perfectly ‘legal methods’, the students say they were able to check more than 300 000 ID numbers of people born between February 2005 to May 2006.
Their findings show that there’s a 90% application rate for SASSA SRD grants within the sample group. This is disproportionately high and unlikely to have occurred naturally, compared to the average application rate of 52% of other age groups.
INELIGIBLE PAYMENTS
Last week, Senior audit manager Puleng Molapo briefed the Portfolio Committee on Social Development in parliament of its findings. Allegedly, between May 2020 and August 2021 – at the start of the COVID-19 pandemic – SASSA made several ineligible SRD grant payments. “This is attributed to a lack of internal controls and adequate validations,” explained Molapo.
Therefore, the Auditor-General recommends SASSA takes disciplinary action against SASSA employees receiving social grants. Furthermore, it must develop a plan to verify the eligibility of grant beneficiaries on a regular basis. Possibly through the State Information Technology Agency (SITA). Similarly, parliamentary committee chair Bridget Masango criticised a lack of ‘consequence management’ within the Department of Social Development.
FULL REBOOT REQUIRED
In conclusion, the computer science students believe only a full reboot will resolve the systemic SASSA security issues. “The entire SASSA SRD system needs to be re-envisioned. We recommend that SASSA reverify every single grant application. But also that it requests additional details to verify accounts. Moreover, SASSA’s commitment to biometric verification defeats the purpose of the SRD grant, which is supposed to be accessible to people.
“Instead, verification should include details such as ID document issue date, as used by many banks and financial institutions. Moreover, authorities must come forward and fully disclose the scale of these systemic SASSA security issues. Who maintains the system, what security checks are in place? And, most importantly, who are the masterminds responsible for this organised mass fraud?” conclude Cedras and Gosai.