Stellenbosch University Students Expose SASSA SRD Grant Fraud and Vulnerabilities

Two first-year computer science students at Stellenbosch University have uncovered significant vulnerabilities and potential fraud within the South African Social Security Agency‘s (SASSA) Social Relief of Distress (SRD) grant application system. Joel Cedras and Veer Gosai, the students involved, revealed their findings in a recent investigation, raising concerns about massive fraud and the agency’s potential incompetence.

The students initially began their exploration by examining government and private sector systems for vulnerabilities, utilizing publicly accessible internet resources. “We inform all relevant institutions of any vulnerabilities we find,” stated Cedras, emphasizing their legal and ethical approach. However, they uncovered issues with such severity in SASSA’s SRD system that led them to go public after failing to get a response from the agency.

Through their research, the students were able to query 300,000 ID numbers from February 2005 on SASSA’s public portal, revealing that this should not have been possible with a securely designed system. They found a concerning number of SRD grant applications—74,931—related to individuals born in February 2005. Considering February 2005 births totaled 82,097 as of 2020, this constitutes an unlikely 91% application rate, suggesting fraudulent activities.

The students further scrutinized ID numbers of people born on January 1st for various years, discovering inflated application rates, particularly post-2002, which corresponds with individuals becoming eligible for the grant starting from 2020. This scenario raises suspicions of systemic fraud given the disproportionate application statistics.

An on-campus survey involving 60 participants found that 58 individuals had active SRD applications linked to their identities, yet 56 claimed to have never applied themselves. This implies significant fraudulent applications under false pretenses. Gosai stated, “We managed to do a small survey of about 60 people on campus, and we found that 56 people had fraudulent SASSA applications.”

In response, Brenton van Vrede, head of grant operations at SASSA, acknowledged the issue during an interview on Heart FM. “We do unfortunately have quite a lot of these cases,” admitted Van Vrede, indicating widespread fraud within the system. He urged individuals who discover fraudulent applications under their names to contact SASSA’s call center for biometric verification, although the practicality and burden of this measure are in question.

The students have criticized the ongoing vulnerability of the SRD system, questioning whether the weaknesses are intentional. They recommend a comprehensive reevaluation of the system, suggesting reverification of all applications or a complete system overhaul to prevent further exploitation. In the interim, they propose utilizing additional verification details, such as Smart ID issue dates, to enhance security.

GroundUp has partnered with Heart FM to bring this issue to light. SASSA is now under pressure to address the system failings and provide transparent communication regarding the findings and the measures being implemented to rectify the situation.