close
close
awsum

Investigation into Sassa SRD grant fraud fails to answer critical questions

Neon
Investigation into Sassa SRD grant fraud fails to answer critical questions

The investigation into fraud in Sassa’s SRD grant application system failed to answer critical questions.

A month ago, Stellenbosch University students Veer Gosai and Joel Cedras revealed to Parliament that there were a large number of fake SRD grant applications. They also explained that at least some of these fraudulent practices were successful, but they did not have sufficient access to the Sassa system to know how many were successful. (They explained what they found on GroundUp. See. Here And Here.)

Application made using someone else’s ID number is fraud. There are two dangers in this: (1) If a fraudulent application is successful, a grant will be paid to someone unrelated to the identification number; and (2) Individuals in need of grants may not be able to apply because their identification numbers have been used to submit fraudulent applications in the system.

ALSO READ: CYBER ATTACKS: Sassa SRD grant beneficiaries’ identities, permits and bank details may not be secure

The SRD grant is currently R370 per month. Approximately eight million people receive this assistance. There are serious security flaws in the application system. While we don’t know how many fake applicants successfully received SRD grants, it’s likely a large number.

Sassa investigation

The Minister of Social Development has undertaken to conduct an investigation and report to Parliament within 30 days. The results of that investigation were announced Wednesday.

ALSO READ: ‘We were found wanting’: Sassa aware of welfare ‘fraud breaches’ since at least 2023

The investigation was conducted by a company called Masegare & Associates Incorporated. I could not find anything on their website to indicate that this company had sufficient expertise to conduct the investigation. The results of the investigation presented to Parliament do not answer the following questions:

How are fraudulent applications made?

How many of them are successful?

How many grants were paid fraudulently to ID numbers?

How do fraudulent applicants manage to open accounts with companies like Shoprite and Thyme Bank to receive these fraudulent payments?

What steps (if any) can be taken to recover fraudulent payments?

What steps can be taken to detect counterfeiters?

What steps can be taken to stop these fake apps? (This shouldn’t be difficult.)

Not a single one of these questions was answered in the investigation, at least not as presented to the public. Investigators did not even interview Gosai and Cedras.

Pleasingly, on Wednesday some Members of Parliament posed telling questions to the Ministry of Social Development about the investigation.

Read the report to Parliament

Not technically savvy?

My background is in computer science. I have worked as a developer on complex software projects at large companies and taught at the university level. I am amazed at both the incompetence of the Sassa SRD application system and how much shorter the Masegare investigation was than needed.

For example, SRD application status queries can be made from numerous third-party websites, many of which are dodgy and only in the business of serving Google Ads. This is because Sassa has an online portal that does not require any authentication from third-party sites. Nor does it attempt to limit the number of applications that can be done per second (this is limited only by Sassa’s SRD system hardware and network, nothing else).

ALSO READ: Sassa social donation security breach: Minister demands answers

This is very surprising. You can only apply for and obtain information about an SRD grant from the Sassa website and perhaps a very select few authoritative reputable third party sites.

Much of what is presented in the investigation is abstract and lacking in detail. It is full of meaningless or trivial software engineering jargon whose sole purpose is to confuse the non-technical audience. The investigation’s recommendations will not solve the problems Gosai and Cedras identified.

few examples

  • For some reason the website https://srd-sassa.org.za/ is included in the investigation. From where? This is not a government site. like that registered in Pakistan. Doesn’t look very respectable. He should simply be prevented from submitting SRD grant applications.
  • It turns out that researchers used an online security analysis to perform a perfunctory analysis on the SASSA website. These tests take a few minutes and offer little that is useful, and they do not answer any of the questions raised by Gosai and Cedras’ findings.
  • They used a WordPress security analysis tool to analyze the Sassa site, even though it is not a WordPress site.
  • They recommend implementing Captcha for grant applications. This will only serve to make the system unfriendly to users, many of whom have limited computer skills. There are better ways to fix the problems posed by Gosai and Cedras; for example, implementing the application system properly and securely.

It was revealed in Parliament that the cost of this investigation was approximately R280,000.

The people of South Africa deserved better than this, especially the people who really needed the SRD grant.

The author is the editor of GroundUp.

Originally published on: Basis

Related Posts

The deep pain of losing a pet
The deep pain of losing a pet

Four-year-old Japanese Spitz boy Gon was buried on Friday, November 1, after battling a liver infection since June. JOWN MANALO…