Social standing: Beneficiaries queue to collect grants in Alexandra. (File photo/MG)
The investigation into fraud in SASSA’s SRD grant application system has failed to answer critical questions.
A month ago, Stellenbosch University students Veer Gosai and Joel Cedras told Parliament that there are a massive number of fraudulent SRD grant applications.
They also explained that at least some of these fraudulent applications have been succeeding, though they didn’t have enough access to the SASSA system to know how many had succeeded. (They have explained what they found on GroundUp. See here and here.)
An application is fraudulent if it is made using someone else’s ID number. There are two dangers in this: (1) If a fraudulent application succeeds a grant is paid to someone not associated with the ID number; and (2) People who need the grant may find they can’t apply because their ID number has already been used to make a fraudulent application in the system.
The SRD grant is currently R370 per month. About eight million people receive it. The application system has severe security flaws. While we don’t know how many fraudulent applications have successfully received SRD grants, it is potentially a large number.
The Minister of Social Development committed to carrying out an investigation and reporting back to Parliament in 30 days. On Wednesday, the results of that investigation were presented.
The investigation was carried out by a company called Masegare & Associates Incorporated. GroundUP could find nothing on their website indicating that this company has sufficient expertise to carry out the investigation.
The results of the investigation as presented to Parliament fail to answer these questions:
How are fraudulent applications being made? How many of them are succeeding? How many grants have been paid out to ID numbers fraudulently?
How are fraudulent applicants managing to open accounts to receive those fraudulent payouts with companies such as Shoprite and Thyme Bank? What steps, if any, can be taken to recover fraudulent payouts? What steps, if any, can be taken to identify the forgers? What steps can be taken to stop these fraudulent applications? (This shouldn’t be difficult.)
Not a single one of these questions was answered by the investigation, at least not as it has been publicly presented. The investigators did not even meet with Gosai and Cedras.
Pleasingly, some Members of Parliament on Wednesday put penetrating questions to the Department of Social Development about the investigation.
Read the report to Parliament
Technically clueless?
My background is in computer science. I have been a developer on complex software projects at large companies and I have lectured at university level. I am amazed both by the incompetence of the SASSA SRD application system and by how far short the Masegare investigation is from what is needed.
For example, SRD application status inquiries can be made from myriad third-party websites, many of them dodgy and simply in the business of serving Google Ads.
This is because SASSA has an online portal that doesn’t require any authentication from third-party sites. Nor does it attempt to limit the number of applications that can be made per second (this is limited only by SASSA’s SRD system hardware and the network, nothing else).
This is astonishing. You should only be able to apply for and inquire about an SRD grant on the SASSA website and, perhaps, on a very select few authorised reputable third-party sites.
Most of what’s presented in the investigation is abstract and lacking in detail. It is replete with meaningless or unimportant software engineering jargon, the only purpose of which is to baffle a non-technical audience. The investigation’s recommendations will not solve the problems Gosai and Cedras have identified. A few examples:
- For some reason the website https://srd-sassa.org.za/ is included in the investigation. Why? This is not a government website. It is registered in Pakistan. It does not appear to be reputable. It should simply be blocked from offering SRD grant applications.
- The investigators appeared to use an online security analysis to do a perfunctory analysis of the SASSA website. These tests take a couple of minutes and offer very little that is useful, and fail to answer any of the questions raised by the findings of Gosai and Cedras.
- They used a WordPress security analysis tool to analyse the SASSA site even though it isn’t a WordPress site.
- They recommend a Captcha be implemented for grant applications. This will only serve to make the system unfriendly for users, many of whom have limited computer skills. There are better ways to rectify the problems uncovered by Gosai and Cedras, for example implementing the application system properly and securely.
It emerged in Parliament that the cost of this investigation was approximately R280,000. The South African public, especially people who genuinely need an SRD grant, deserved better than this.
Update on 2024-11-27 13.57: After publication this line was added: It emerged in Parliament that the cost of this investigation was approximately R280,000.
The author is editor of GroundUp, where this article first appeared.