The Social Aid of Misery (SRD) grant was launched in the course of the Covid pandemic to help individuals in dire want. About 9 million of those R370 grants are paid out month-to-month now. It’s probably the idea for a common primary earnings grant.
Activist Israel Nkuna has for years been warning of fraudulent purposes for the SRD grant, and that these fraudulent purposes have been squeezing out respectable candidates through the use of their ID numbers with out permission. GroundUp, too, has reported this drawback. Then in October, we revealed an article by Stellenbosch College college students who found an enormous variety of fraudulent purposes for the SRD grant, and proof that a minimum of a few of these fraudulent purposes have been succeeding.
Since then, it has turn out to be clearer how the SRD grant system has been defrauded at scale. It includes six steps:
- First, get hold of ID numbers and their related names from one of many varied giant leaks of South African knowledge.
- Second, open improperly verified accounts with Shoprite or TymeBank, or presumably another banks as effectively. This could possibly be performed on a laptop computer or telephone with out leaving one’s residence. Shoprite and TymeBank have in current months tightened up their checking account software processes, so fraudsters can now not proceed to do that.
- Third, get hold of improperly verified Sim playing cards. That is simply performed by merely going to a neighborhood dodgy cellphone store. However till not too long ago it might even be performed totally on-line by registering free digital Sim playing cards by means of Me&You Cellular. This, too, has since been stopped.
- Fourth, use the ID quantity, phone quantity and checking account obtained within the first three steps to use for an SRD grant.
- Fifth, await the grant to be paid into the account opened in step two. Plainly each month, Sassa sends ID numbers of candidates to the banks, Sars and Nsfas to verify if candidates cross the means take a look at. If the applicant isn’t paying earnings tax, doesn’t obtain cash from Nsfas and has earnings to their checking account of lower than R625/month, the grant is paid.
- Sixth, launder the SRD cash by transferring it out of the checking account. There are numerous methods to do that, which we don’t describe right here.
Doing the above for one SRD grant will not be definitely worth the effort. However a decided fraudster or group of fraudsters might make dozens and even tons of of purposes a day. At one level it was doable to hold out the whole course of described above utilizing solely a laptop computer. It will even be doable to write down a pc program to automate the method, however such sophistication can be pointless: going to a store to purchase Sim playing cards and manually making a lot of purposes can be very worthwhile.
So far as we are able to inform, it’s now not doable – or a minimum of now not simple – to make new fraudulent purposes. Nevertheless it’s seemingly that many fraudulent purposes made for years after the grant was launched are nonetheless passing the month-to-month means take a look at and receiving SRD grants.
Sassa must act
Sassa, along with corporations which have obtained giant numbers of SRD grants like TymeBank and Shoprite, can take a minimum of these steps to forestall this fraud:
- Insist banks solely settle for SRD grants for biometrically verified individuals who have been validated with a fingerprint or facial scan.
- Take away third-party entry to the Sassa grant software system, besides to authorised establishments which have a respectable must entry the system. (Sassa says it has now performed so.)
- Restrict the variety of requests a single laptop system could make to the Sassa web site in order that applications making tens, tons of or hundreds of requests to it per second fail. (Sassa says it has now performed so.)
- Audit all present SRD grant purposes to determine the dimensions of the fraud, take away fraudulent purposes – figuring out these could be troublesome — and demand that suspicious purposes endure verification. (Sassa says an audit “wouldn’t help”. However TymeBank says it’s “conducting an evaluation of transacting behaviour on accounts opened previous to August 2024 that obtain grant funds to determine these which might be non-legitimate grant beneficiaries”.)
Whereas we don’t have sufficient info to quantify it, we suspect the dimensions of SRD fraud could be very giant. Not solely does this bleed cash from the social grant system, however each fraudulent software utilizing another person’s ID probably denies a respectable SRD grant recipient the potential for getting the grant as a result of their ID quantity is being utilized by another person. At greatest, somebody who’s a sufferer of ID fraud has to navigate their means by means of a horrible bureaucratic course of to undo the fraudulent software.
Response by Sassa
Sassa is conscious of fraud danger inside the social grants house and works intently with varied stakeholders inside the monetary sector in addition to legislation enforcement to mitigate this danger and apprehend these accountable for this prison exercise.
On the subject of the banks talked about, Sassa works with all banks which might be prepared to cooperate with us. Nonetheless, it might not be applicable for us to touch upon fraud inside a person financial institution’s atmosphere.
Ought to you might have any extra info concerning fraud, we might encourage you to both share this knowledge with our fraud division, or instantly with the SAPS. Particulars of opened circumstances might be supplied to it is best to you want to go on to the SAPS.
Response particular to suggestions proposed by GoundUp
Insist banks solely settle for SRD grants to biometrically verified individuals who have been validated with a fingerprint or facial scan.
Sassa sadly can’t handle a financial institution’s operations, or direct how they select to have interaction with their purchasers. Nonetheless, we do think about a financial institution’s danger profile into our fraud danger mitigation measures.
Take away third-party entry to the Sassa grant software system, besides to authorised establishments which have a respectable must entry the system.
Sassa implements strict firewall and entry insurance policies for any third get together or authorised establishments with which it interfaces for the needs of knowledge sharing or entry to its atmosphere and databases.
Restrict the variety of requests a single laptop system could make to the Sassa web site in order that applications making tens, tons of or hundreds of requests to it per second fail.
Sassa has carried out content material safety coverage (CSP) as an added layer of safety that helps to detect and mitigate sure forms of assaults and knowledge injection assaults. This gives controls that enable solely permitted sources of content material that browsers needs to be allowed to load on the web page in addition to blocking unauthorised requests, together with:
- Excessive-frequency requests that exceed regular consumer behaviour;
- Requests with invalid or partial knowledge (for instance, incorrect mixtures of ID numbers and telephone numbers); and
- Requests from suspicious or recognized malicious IP addresses.
Audit all present SRD grant purposes to determine the dimensions of the fraud, take away fraudulent purposes — figuring out these could be troublesome — and demand that suspicious purposes endure verification.
An audit wouldn’t help in figuring out fraudulent purposes if the fraud in case is identification theft, as all data of the applicant would match that of the alleged sufferer. The method that Sassa at present follows is to flag any suspected fraudulent software, after which require biometric affirmation if the applicant is the actual individual. The biometric identification does, nevertheless, pose a problem to many candidates (which is the primary cause we aren’t utilizing it for all candidates). Thus, at this stage it’s too early to report on whether or not these purposes which might be suspected of fraud and never responded to are real fraud circumstances or if they’re merely entry challenges. The method has already commenced.
Sadly, fraud has a unfavorable affect on victims, and as such extra verification steps are required. Sassa has additionally reprioritised vital assets to have the ability to equip its native places of work with self-help kiosks by the brand new monetary 12 months. This can allow us to help candidates who don’t have entry to the mandatory expertise.
Response by Shoprite
Fraudulent SRD grant purposes are now not doable by way of a cash market account. All new accounts at the moment are biometrically onboarded.
To safeguard our clients’ cash, all suspicious transactions are reported, and accounts are instantly blocked. An account can solely be unblocked pending the profitable submission of extra verification paperwork.
Sassa has eliminated third-party entry to the grant software system. We’d welcome any extra security measures and checks carried out by Sassa to additional fight any fraudulent actions pertaining to SRD grants.
Response by TymeBank
From August 2024, TymeBank now not permits Sassa grant recipients to obtain grant funds into non-biometrically verified TymeBank accounts. In the event that they wish to use their TymeBank account to obtain a grant, they need to improve their account and full the biometric verification course of and KYC (“know your shopper”).
Over the previous few months, we’ve been reaching out to account holders who nonetheless have non-biometric accounts to get them to improve their accounts biometrically. On the similar time, we’re conducting an evaluation of transacting behaviour on accounts opened previous to August 2024 that obtain grant funds to determine these which might be non-legitimate grant beneficiaries. This undertaking is anticipated to be accomplished shortly. By the tip of January 2025, these accounts which might be non-biometrically verified shall be suspended, pending profitable biometric verification.
We proceed to work intently with Sassa to fight fraud inside the social grant system.
Get breaking information from TechCentral on WhatsApp. Join right here.
Don’t miss:
Letter | Alleged Sassa fraud underscores urgency for higher knowledge administration