The South African Social Security Agency (Sassa) denies that its Social Relief of Distress (SRD) grant system has been compromised. However, the agency acknowledges the presence of fraud and is taking steps to mitigate its impact.
Sassa expressed confidence in the integrity of the SRD grant system following revelations from two Stellenbosch University first-year computer science students, Joel Cedras and Veer Gosai. The students uncovered significant system vulnerabilities and instances of fraud.
Their findings revealed that fraudulent grant applications—including ones using their own ID numbers—had been approved, while legitimate applicants were denied. A survey they conducted on campus found that 56 out of 60 students had fraudulent grant applications made in their names, despite never applying for the benefit.
This suggests that criminals may be manipulating the system by altering beneficiaries’ contact details to divert funds.
Sassa acknowledges being aware of fraudulent activity and says it has already been taking steps to address it. Recently, the agency strengthened its security by introducing algorithms to detect suspicious applications and enhanced identity verification processes, including facial recognition and one-time password (OTP) checks.
As the threat landscape has evolved, Sassa has adapted by implementing various countermeasures. These include algorithms that analyse data and metadata to flag potentially fraudulent applications requiring additional verification.
Sassa also reports working closely with financial institutions and law enforcement to reduce fraud, while ensuring that security measures do not hinder access for the agency’s largely non-tech-savvy clientele.
Sassa has been collaborating with banks since the grant's inception to ensure payments go to eligible recipients. We are also working with banks to accelerate the rollout of biometric verification for clients opening new accounts
To date, more than 2 million applications have been flagged for further identity verification due to these security measures. Applicants whose grants are under review receive a "Referred SRD" status, requiring them to verify their identity through facial recognition.
Sassa acknowledged the students’ findings but argued that the students may not have fully considered the ongoing efforts to address system vulnerabilities.
Their findings were made without a comprehensive understanding of Sassa's client profile, system functionality, and the extensive risk assessments we’ve conducted. Additionally, Sassa is actively working with several institutions, including law enforcement, to prosecute fraudulent activity
SRD Grant System Under Scrutiny
Brenton van Vrede, a representative of Sassa, confirmed that the fraud exposed by the Stellenbosch university students is widespread, though the financial impact remains unclear. The fraud could potentially cost both Sassa and South African taxpayers millions.
The students’ legal vulnerability testing revealed a startling 91% approval rate for SRD applications from individuals born in February 2005, suggesting potential large-scale fraud. Their findings were initially reported by GroundUp.
Despite the students’ efforts to inform Sassa of these issues, they faced significant challenges in reaching the appropriate officials. According to the students, many of the contact numbers listed on Sassa’s website were either nonfunctional or went unanswered.
In their investigation, the students also found that numerous SRD applications for individuals born after 2002 had suspiciously high approval rates. Their survey results further revealed that grants had been disbursed using their ID numbers without their knowledge or consent.
Van Vrede urged members of the public who discover fraudulent applications in their name to contact the Sassa call centre, where they will be required to complete biometric verification.
However, the students argue that placing the burden on the public, especially vulnerable populations, to resolve fraud perpetrated by the system is unfair.
Sassa has faced criticism from civil society groups over its handling of the SRD grant, with some arguing that the agency’s policies are exclusionary. The introduction of facial recognition for identity verification has also sparked concern.
Sassa says the use of facial recognition checks are necessary step to prevent fraud. Criminals could exploit personal information to reroute grant payments by changing the registered cellphone numbers of beneficiaries. This could lead to funds intended for the poorest members of society being stolen.
Calls for a System Overhaul
The students argue that the SRD system requires either a complete overhaul or significant improvements to its verification processes. They also criticised Sassa’s reliance on biometric verification, calling it impractical and a burden on citizens with limited access to advanced technology.
The students further called for full transparency from Sassa, demanding an inquiry into the development, cost, and security of the SRD system, as well as the potential role of organised crime in the fraud.
There needs to be a full investigation. Who developed the Sassa SRD system? How much did it cost? Who maintains it? What security measures are in place? And who are the masterminds behind what appears to be a large-scale, organized fraud?
