The Department of Social Development will conduct a full-scale investigation into vulnerabilities in all types of social grants after irregularities were found by the investigation into the social relief of distress grant (SRD) applicants.
This was revealed by Social Development Minister Sisisi Tolashe on Wednesday when her department and the South African Social Security Agency (Sassa) briefed the social development portfolio committee on SRD grant application investigation.
The investigation was sparked by a survey by two Stellenbosch University computer science students, Veer Gosai and Joel Cedras, who identified weaknesses in the SRD grant payments late last year.
Tolashe said her department and Sassa took any allegation of fraud in the system very seriously.
“We take these challenges very seriously as integrity of system and protection of personal information is paramount,” she said.
“We are committed to addressing them with utmost urgency and diligence,” she said.
A presentation by Masegare and Associated Incorporated stated that the threat level for the SRD grant was medium, “meaning that while the system is not highly vulnerable, it is still susceptible to certain types of attacks that could compromise security if left unaddressed”.
The investigation found that there were websites that mimic Sassa’s SRD grant system that were actively harvesting personal information from unsuspecting grant beneficiaries.
It also stated that fraudulent beneficiaries could exploit weak verification processes and that limited use of biometrics could allow fraudulent claims to go undetected.
“These incidents underscore the urgent need for Sassa to enhance its cyber security measures, increase public awareness, and take legal action against unofficial (fraudulent) domains. If left unchecked, such scams will continue to compromise beneficiaries' financial security, erode trust in Sassa systems, and result in widespread fraud.”
Tolashe said they agreed with Masegare's findings and plans were developed to address the identified gaps.
“These will be included in the terms of reference for a full investigation of the social grant system as requested by your good selves. We are grateful this challenge activated alertness to have regular upgrades of our systems,” she said.
Tolashe thanked the students for bringing the SRD grant application weaknesses to their attention.
“Without them, we would not be aware of things we are now aware of. We would not embark on tightening our systems if it was not for them,” she said.
The department’s internal audit executive Alfred Mudau said the audit on vulnerability and penetration testing on SRD grant determined the extent to which the online system was exposed to fraud and corruption.
“The outcome of the final report of the vulnerability assessment and penetration testing on SRD online system is being utilised as an input to the terms of reference of the phase two investigation, which is to conduct an investigation into the alleged weaknesses and fraud in the application and payment system of social grants that resulted in ineligible beneficiaries receiving social grants, including the SRD grant,” Mudau said
He said Sassa has prepared an audit implementation plan to address the findings raised in the report.
Sassa acting CEO Themba Matlou noted that the SRD system took one month to develop in 2020 and processed up to eight million applications a month.
“To date, it processes 17 million every month,” Matlou said.
He said fraud has become sophisticated and challenged the integrity of the SRD system.
“The SRD system is handling high volumes and is exposed to risks,” Matlou said, adding that 1 795 identity theft cases were detected in the 2022/23 and 2023/24 financial years.
Sassa informed the committee of various interventions to be implemented to mitigate the risks.
This included rolling out biometric verification on all online applications in 2025/26 financial year.