Social status: Beneficiaries are lining up to receive subsidies in Alexandra. (File photo/MG)
An investigation into fraud in SASSA's SRD grant application system leaves important questions unanswered.
A month ago, Stellenbosch University students Via Gosai and Joel Sedras told parliament that there were a huge number of fraudulent SRD grant applications.
They also explained that while at least some of these fraudulent applications were successful, they were unable to know how many were successful because they did not have sufficient access to the SASSA system. did. (They explain what they found on GroundUp; see here and here.)
Applying using someone else's ID number is considered fraud. There are two dangers in this. (1) A successful fraudulent application would result in the grant being paid to a person not associated with the ID number. (2) People who need a subsidy may not be able to apply because their ID number is being used in a fraudulent application within the system.
The SRD grant is currently R370 per month. Approximately 8 million people have received it. The application system has a serious security flaw. The number of fraudulent applicants who successfully received SRD grants is unknown, but the number is potentially large.
The Minister of Social Development has promised to conduct an investigation and report to Parliament within 30 days. The findings of that investigation were announced on Wednesday.
The research was conducted by a company called Masegare & Associates Incorporated. I couldn't find anything on GroundUP's website to indicate that the company had sufficient expertise to conduct an investigation.
The findings submitted to Congress cannot answer the following questions:
How are fraudulent applications carried out? How many of them are successful? How many grants have been fraudulently paid to ID numbers?
How do fraudulent applicants open accounts with companies like Shoprite and Thyme Bank to receive fraudulent payments? What steps can you take to recover fraudulent payments? What steps can we take to identify counterfeiters? What steps can we take to stop these fraudulent applications? )
None of these questions were resolved by the investigation, at least as presented publicly. Investigators also did not interview Mr. Gosai or Mr. Cedrus.
Pleasingly, some MPs on Wednesday asked pointed questions of the Ministry of Social Development about this investigation.
Read the report to Congress
Are you technically ignorant?
My background is in computer science. I have worked as a developer on complex software projects for a large company and have lectured at the university level. I am amazed both at the incompetence of the SASSA SRD application system and how short the masegale investigation is from what is needed.
For example, querying the status of an SRD application can be done through countless third-party websites, many of which are risky and simply serve Google ads.
This is because SASSA has an online portal that does not require authentication from third-party sites. It also does not limit the number of applications that can be created per second (this is limited only by SASSA's SRD system hardware and network, and nothing else).
This is amazing. Applications and inquiries for SRD grants can only be made on the SASSA website and perhaps a small number of approved and trusted third party sites.
Much of what the research reveals is abstract and lacks detail. It's full of meaningless or unimportant software engineering jargon, and its only purpose is to confuse non-technical readers. The inquiry's recommendations do not resolve the problems identified by Mr. Gosai and Mr. Cedras. Some examples:
- For some reason, the website https://srd-sassa.org.za/ is included in the survey. why? This is not a government website. Registered in Pakistan. It doesn't seem to have a good reputation. You should simply block the provision of SRD grant applications.
- Researchers appear to have conducted a cursory analysis of the SASSA website using online security analysis. Although these tests take several minutes, they yield little useful information and cannot answer any of the questions raised by Gosai and Cedras' findings.
- They used the WordPress security analysis tool to analyze the SASSA site, even though it was not a WordPress site.
- They recommend implementing captcha in grant applications. This just makes the system unfriendly for many users with limited computer skills. There are better ways to fix the problems identified by Gosai and Cedras, such as by implementing application systems properly and securely.
The cost of the investigation was approximately R280,000, it was revealed in Parliament. South Africans, especially those who truly need the SRD subsidy, deserve better than this.
Updated November 27, 2024 13.57: The following line was added after publication: It was revealed to Parliament that the cost of the study was approximately R280,000.
The author is the editor of GroundUp, where this article first appeared.
