Two first-year computer science students at Stellenbosch University appeared before Parliament today after they uncovered what they believe to be widespread fraud with the South African Social Security Agency’s (SASSA) Social Relief of Distress Grant.
According to research by Joel Cedras and Veer Gosai, the ID numbers of potentially thousands of unsuspecting people are being fraudulently used to apply for the SRD grant.
The two students, SASSA, and the Department of Social Development were hauled before the social development portfolio committee to explain.
In a presentation to the Committee, Cedras and Veer said it’s currently too easy to apply for an SRD grant.
They ran thousands of ID numbers through the system, using an algorithm, which they believe points to SASSA’s SRD computer system being insecure.
They believe the system allows anyone to rapidly read massive numbers of records without any authentication.
Veer and Cedras also assert there are far more grant applications recorded on the system than is plausible, indicating that a huge number of fraudulent grant applications have been made.
One of their more staggering assertions is that SASSA’s system shows that over 90% of people born in February 2005 have applied for the SRD grant.
A campus survey of 60 people they know revealed that 58 of them had active grant applications for the SRD grant on SASSA’s system; but that 56 of these individuals never actually applied for the grant themselves.
They also checked the first 500 male and 500 female IDs of people born on 1 January, from 1960 to 2006.
On average the SRD application rate was 52% for all of the years, but when looking at people born between 2002 and 2006, the application rate was about 90%.
“It’s simply not possible that this was done legitimately.”
Cedras and Veer believe that at least some of these fraudulent applications are succeeding.
They claim that they discovered that SRD grant payments are being paid for their ID numbers, into bank accounts they never opened, even though they have never received SRD grant payments.
The Minister of Social Development Nokuzola Tolashe however assured the Committee the grant system remains in tact, even though she admits it is vulnerable to fraud. She has also instructed SASSA to institute a full probe into the matter to ensure that the SRD grants are paid to the right people.
In a statement, SASSA says its Cyber Security Unit has confirmed that there was no data breach of the system to manipulate the rollout of the Covid-19 Social Relief of Distress (SRD) Grant.
They also say the fraud highlighted by the two students is “not something new and is well-known to SASSA and that it is not the only type of fraud perpetrated.”
In response, SASSA says it has implemented several countermeasures to identify potentially fraudulent applications that require further identity verification. It has also denied the claims by Veer and Cedras that the SRD system requires no facial recognition.
The Agency says it has piloted an electronic “know your client” (eKYC) program, utilizing facial recognition to verify the legitimacy of clients and their applications through comparison and matching their data with the population register or National ID Database at the Department of Home Affairs.
SASSA also validates if the applicant has access to the mobile number they provide during the application process. In this regard, the website sends an OTP to the mobile number provided, and the applicant then must provide that OTP on the website to proceed with the application.
READ: Month-end blues: Many salary earners in the red before payday
