The R280k investigation offered very little useful information, and its recommendations will not solve the problems identified. Image: Shutterstock

Investigation into social grant fraud is a flop

Sassa investigation into the SRD grant application system fails to answer crucial questions.

by · Moneyweb

The investigation into fraud in the South African Social Security Agency’s (Sassa) Social Relief of Distress (SRD) grant application system has failed to answer critical questions.

A month ago, Stellenbosch University students Veer Gosai and Joel Cedras explained to parliament that there are a massive number of fraudulent SRD grant applications. They also explained that at least some of these fraudulent applications have been succeeding, though they didn’t have enough access to the Sassa system to know how many had succeeded. (They have explained what they found on GroundUp. See here and here.)

ADVERTISEMENT CONTINUE READING BELOW

Read: Massive fraud in Sassa’s grant system

An application is fraudulent if it is made using someone else’s ID number.

There are two dangers in this: first, if a fraudulent application succeeds, a grant is paid to someone not associated with the ID number, and second, people who need the grant may find they can’t apply because their ID number has already been used to make a fraudulent application in the system.

The SRD grant is currently R370 per month, and about eight million people receive it. The application system has severe security flaws, and while we don’t know how many fraudulent applications have successfully received SRD grants, it’s potentially a large number.

Read: SRD R370 grant beneficiaries approved in October still waiting for payment

The Minister of Social Development committed to carrying out an investigation and reporting back to parliament in 30 days. On Wednesday, the results of that investigation were presented.

The investigation was carried out by a company called Masegare & Associates Incorporated. I can find nothing on their website indicating that this company has sufficient expertise to carry out the investigation.

The results of the investigation, as presented to parliament, fail to answer these questions:

  • How are fraudulent applications being made?
  • How many of them are succeeding?
  • How many grants have been paid out to ID numbers fraudulently?
  • How are fraudulent applicants managing to open accounts to receive those fraudulent payouts with companies such as Shoprite and TymeBank?
  • What steps, if any, can be taken to recover fraudulent payouts?
  • What steps, if any, can be taken to identify the forgers?
  • What steps can be taken to stop these fraudulent applications? (This shouldn’t be difficult.)

Not a single one of these questions was answered by the investigation, at least not as it has been publicly presented. The investigators did not even meet with Gosai and Cedras.

Pleasingly, some members of parliament on Wednesday put penetrating questions to the Department of Social Development about the investigation.

Technically clueless?

My background is in computer science. I have been a developer on complex software projects at large companies and have lectured at university level. I am amazed both by the incompetence of the Sassa SRD application system and by how far short the Masegare investigation is from what is needed.

ADVERTISEMENT: CONTINUE READING BELOW

For example, SRD application status inquiries can be made from a myriad of third-party websites, many of them dodgy and simply in the business of serving Google Ads. This is because Sassa has an online portal that doesn’t require any authentication from third-party sites. Nor does it attempt to limit the number of applications that can be made per second (this is limited only by Sassa’s SRD system hardware and the network, nothing else).

This is astonishing. You should only be able to apply for and inquire about an SRD grant on the Sassa website and, perhaps, on a very select few authorised reputable third-party sites.

Most of what’s presented in the investigation is abstract and lacking in detail. It is replete with meaningless or unimportant software engineering jargon, the only purpose of which is to baffle a non-technical audience. The investigation’s recommendations will not solve the problems Gosai and Cedras have identified.

A few examples:

  • For some reason, the website https://srd-sassa.org.za/ is included in the investigation. Why? This is not a government website. It is registered in Pakistan. It does not appear to be reputable. It should simply be blocked from offering SRD grant applications.
  • The investigators appeared to use an online security analysis to perform a perfunctory analysis of the Sassa website. These tests take a couple of minutes, offer very little useful information, and fail to answer any of the questions raised by the findings of Gosai and Cedras.
  • They used a WordPress security analysis tool to analyse the Sassa site even though it isn’t a WordPress site.
  • They recommend implementing a Captcha for grant applications. This will only make the system unfriendly for users, many of whom have limited computer skills. There are better ways to rectify the problems uncovered by Gosai and Cedras, for example, by implementing the application system properly and securely.

It emerged in parliament that the cost of this investigation was approximately R280 000.

The South African public, especially people who genuinely need an SRD grant, deserved better than this.

Nathan Geffen is GroundUp’s editor.

© 2024 GroundUp. This article was first published here.

Follow Moneyweb’s in-depth finance and business news on WhatsApp here.