Close Menu
TechCentralTechCentral

    Subscribe to the newsletter

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    Facebook X (Twitter) YouTube LinkedIn
    WhatsApp Facebook X (Twitter) LinkedIn YouTube
    TechCentralTechCentral
    • News
      Malatsi comes out swinging in Starlink lobbying row - Solly Malatsi

      Malatsi comes out swinging in Starlink lobbying row

      6 July 2026
      'Functioning but limping': PSC lays bare the rot at Sita - State IT Agency

      ‘Functioning but limping’: PSC lays bare the rot at Sita

      6 July 2026
      Bookmakers to ISPs: stop debating, start blocking

      Bookmakers to ISPs: stop debating, start blocking

      6 July 2026
      MTN's Ralph Mupita named to new UN AI commission - Ralph Mupita

      MTN’s Ralph Mupita named to new UN AI commission

      6 July 2026
      British TV giants merge to take on Netflix

      British TV giants merge to take on Netflix

      6 July 2026
    • World
      Swingeing jobs cuts at Microsoft's Xbox unit

      Swingeing jobs cuts at Microsoft’s Xbox unit

      6 July 2026

      SK Hynix ends Samsung’s 26-year reign at the top

      22 June 2026
      Google on the hook for what its AI tells users, court rules

      Google on the hook for what its AI tells users, court rules

      15 June 2026
      How Russians juggle VPNs to outwit the Kremlin

      How Russians juggle VPNs to outwit the Kremlin

      15 June 2026
      Amazon CEO flagged Anthropic AI risks to Washington - Andy Jassy

      Amazon CEO flagged Anthropic AI risks to Washington

      14 June 2026
    • In-depth
      AI boom sparks rally, frenzy and fear

      AI boom sparks rally, frenzy and fear

      11 June 2026
      Every plug-in hybrid on sale in South Africa, ranked by price - Lamborghini Temerario

      Every plug-in hybrid on sale in South Africa, ranked by price

      7 June 2026
      What Wi-Fi 8 will mean for wireless networks

      What Wi-Fi 8 will mean for wireless networks

      1 June 2026
      Alfa's electric rebel - Alfa Romeo Junior Elettrica Veloce

      Alfa’s electric rebel

      29 April 2026
      Africa switches on as Europe dims the lights

      Africa switches on as Europe dims the lights

      9 April 2026
    • TCS
      TCS+ | How Tracker is turning vehicle data into business strategy - Silvia Schollenberger

      TCS+ | How Tracker is turning vehicle data into business strategy

      1 July 2026
      TCS+ | IBM Bob: an AI-powered 'development partner' for the enterprise - David Spurway

      TCS+ | IBM Bob: an AI-powered development partner for the enterprise

      30 June 2026
      Watts & Wheels S1E6: 'A flawless Alfa and a bakkie that divides'

      Watts & Wheels S1E6: ‘A flawless Alfa and a bakkie that divides’

      17 June 2026
      Watts & Wheels S1E6: 'A flawless Alfa and a bakkie that divides'

      Watts & Wheels S1E5: ‘A Bentley of the bush and a car that swims’

      8 June 2026
      TCS | Charge's R1.8-billion bet on an off-grid EV future - Charge chairman Joubert Roux

      TCS | Charge’s R1.8-billion bet on an off-grid EV future

      18 May 2026
    • Opinion
      The author, Jannie van Zyl

      South Africa’s broadband future is being decided in orbit, not in Pretoria

      30 June 2026
      The author, Pambos Soteriades

      The pivot South Africa’s MVNOs cannot afford to miss

      23 June 2026
      Brazil's online gambling crackdown is a lesson for South Africa

      Brazil’s online gambling crackdown is a lesson for South Africa

      22 June 2026
      Finish the job Mandela started - Farzam Ehsani

      Finish the job Mandela started

      18 June 2026
      The author, Fanie van Rooyen

      The US just showed it can switch off our AI

      17 June 2026
    • Company Hubs
      • 1Stream
      • Africa Data Centres
      • AfriGIS
      • Altron Digital Business
      • Altron Document Solutions
      • Altron Group
      • Arctic Wolf
      • Ascent Technology
      • AvertITD
      • BBD
      • Braintree
      • CallMiner
      • CambriLearn
      • CM Telecom
      • Contactable
      • CYBER1 Solutions
      • Digicloud Africa
      • Digimune
      • Domains.co.za
      • ESET
      • Euphoria Telecom
      • HOSTAFRICA
      • Incredible Business
      • iONLINE
      • IQbusiness
      • Iris Network Systems
      • Kaspersky
      • LSD Open
      • Mitel
      • NEC XON
      • Netstar
      • Network Platforms
      • Next DLP
      • Ovations
      • Paracon
      • Paratus
      • Q-KON
      • SevenC
      • SkyWire
      • Solid8 Technologies
      • Telit Cinterion
      • Telviva
      • Tenable
      • Vertiv
      • Videri Digital
      • Vodacom Business
      • Wipro
      • Workday
      • XLink
    • Sections
      • AI and machine learning
      • Banking
      • Broadcasting and Media
      • Cloud services
      • Contact centres and CX
      • Cryptocurrencies
      • Education and skills
      • Electronics and hardware
      • Energy and sustainability
      • Enterprise software
      • Financial services
      • HealthTech
      • Information security
      • Internet and connectivity
      • Internet of Things
      • Investment
      • IT services
      • Lifestyle
      • Motoring
      • Policy and regulation
      • Public sector
      • Retail and e-commerce
      • Satellite communications
      • Science
      • SMEs and start-ups
      • Social media
      • Talent and leadership
      • Telecoms
    • Events
    • Advertise
    TechCentralTechCentral
    Home » Sections » Public sector » Massive fraud in Sassa grant system uncovered

    Massive fraud in Sassa grant system uncovered

    Two students at Stellenbosch University describe how they discovered fraud in Sassa’s SRD grant application system.
    By GroundUp16 October 2024
    Twitter LinkedIn Facebook WhatsApp Email Telegram Copy Link
    News Alerts
    WhatsApp

    Massive fraud in Sassa grant system uncoveredWe are two first-year computer science students at Stellenbosch University. We have been looking for vulnerabilities in government and private-sector systems. We do this completely legally, by using publicly available internet resources, such as the backends of various government portals.

    We inform all relevant institutions of any vulnerabilities we find, and in most cases give them sufficient time to address the issues before we disclose them publicly. We never exploit the vulnerabilities for our own benefit.

    But sometimes a system bug is so bad that it brings to light fraud or gross incompetence. We believe it is right to then go public with what we find immediately. This is the case with Sassa’s Social Relief of Distress (SRD) grant system.

    We did try to alert Sassa but found it near-impossible to get hold of anyone

    When we uncovered the problems described here, we did try to alert Sassa but found it near-impossible to get hold of anyone. Most of the contact numbers listed on its website either do not exist, or ring indefinitely.

    Millions of people are receiving the SRD grant. Many have applied but their applications have been turned down. This grant, R370/month currently, is touted as a possible forerunner to a basic income grant.

    Findings from the Sassa SRD system

    We queried Sassa’s public portal with 300 000 ID numbers for February 2005 at a rate of 700/minute. The first problem is that this shouldn’t be possible. A competent system with basic security would have limited the rate at which we could query it.

    We would have considered this a mere bug, informed Sassa and given them an opportunity to fix the problem before disclosing it. Except we discovered a bigger problem.

    We found that 74 931 SRD grant applications were made for people born in February 2005. According to Statistics South Africa (as of 2020) there were 82 097 births in February 2005. This would mean that the application rate is roughly 91%. It is extremely unlikely that so many applications were made by people born in this month.

    We also processed the first 500 male and 500 female IDs of people born on 1 January, from 1960 to 2006. Our findings show that there was an average application rate of 52% for all of the years, but when looking at people born between 2002 and 2006, the application rate becomes roughly 90%. This is notable because it reflects the application rate of people who have turned 18 since the grant was first issued in 2020. A 90% application rate is extremely unlikely to have occurred naturally – it is disproportionately large and reeks of fraud.

    Vodacom fires hundreds of workers in crime crackdownCaption: Sassa SRD grant applications for first 500 male and 500 female ID numbers on 1 January of each year from 1960 to 2006.

    We also uncovered that Sassa has paid grants out on a number of occasions to applicants that used our ID numbers, even though we have never received the SRD grant. This suggests that not only are fraudulent applications being made; it is likely many of them are succeeding. Not only are ineligible people receiving the grant, but there are likely people who are eligible who are losing out because a fraudster is getting what should be their grant.

    Survey findings

    We conducted an on-campus survey of 60 people we know. Fifty-eight of them had active grant applications for the SRD grant on Sassa’s system. Fifty-six stated that they had never actually applied for the grant themselves, which means that 56 are fraudulent applications.

    The scale of this strongly points to an organised effort to take advantage of Sassa’s weak IT system. A question to ask is whether the system was intentionally implemented to be so weak. If not, then why has it taken Sassa so long to notice it? Why is it not properly fixed yet? And why has the public not been properly informed about what’s going on?

    Sassa’s admission

    We went public with our findings on Thursday on Heart FM. Since then Brenton van Vrede, who heads up grant operations at Sassa, admitted, also on Heart FM, that fraud is widespread.

    “We do unfortunately have quite a lot of these cases,” he said, which is quite an understatement.

    Van Vrede asked people who discover that fraudulent applications have been made in their name to contact Sassa’s call centre, so that they can go through a biometric verification process. We are sceptical that this is practical. This is also a huge burden to place on members of the public, especially the poorest of the poor, to address a problem of Sassa’s making.

    Reboot required

    Unfortunately, the scale of this crisis means there is no easy solution to it. The entire Sassa SRD system needs to be re-envisioned. We recommend that Sassa not only reverify every single grant application, but that it also requests additional details to verify. Alternately, it needs to reimplement the system from scratch – though this would be a huge undertaking that would likely leave many SRD recipients out of pocket.

    Sassa’s commitment to biometric verification defeats the purpose of the SRD grant, which is supposed to be accessible, even to people using devices with the lowest specifications.

    Instead, verification can include details such as the smart ID issue date (found on the back of ID cards), which is what some banks and other institutions use. But more importantly, the system should be fixed so that it is harder to make applications in quick succession and impossible to commit fraud on a large scale.

    Sassa needs to fully disclose what has happened and the scale of it. There needs to be an inquiry into what has happened. Who developed the Sassa SRD system? How much did it cost? Who maintains it? What security checks have been put in place? And who are the kingpins responsible for what is almost certainly an organised massive fraud?  — Joel Cedras and Veer Gosai, (c) 2024 GroundUp 2024

    • This article was originally published by GroundUp. It is republished by TechCentral under a Creative Commons Attribution-NoDerivatives 4.0 International Licence. Read the original article

    Don’t miss:

    Sassa grants mess – Gungubele says ‘sorry’

    Follow TechCentral on Google News Add TechCentral as your preferred source on Google


    Sassa Sassa grant Sassa SRD SRD
    WhatsApp YouTube
    Share. Facebook Twitter LinkedIn WhatsApp Telegram Email Copy Link
    Previous ArticleTCS+ | Switchcom and Huawei forge a new alliance
    Next Article The extraordinary cost of bailing out South Africa’s SOEs

    Related Posts

    fingerprint

    Fingerprints, facial scans now mandatory for Sassa grants

    27 August 2025

    Compulsory biometric tests for some Sassa beneficiaries

    24 April 2025
    fraud

    How South Africa’s social grants system was defrauded on a massive scale

    6 January 2025
    Company News
    Finding focus: a strategic approach to cybersecurity for SMBs - Kaspersky

    Finding focus: a strategic approach to cybersecurity for SMBs

    6 July 2026
    Why voice-first communication matters more in the AI era - Mitel

    Why voice-first communication matters more in the AI era

    6 July 2026
    Friendship was the hard part of online school - until now - CambriLearn

    Friendship was the hard part of online school – until now

    6 July 2026
    Opinion
    The author, Jannie van Zyl

    South Africa’s broadband future is being decided in orbit, not in Pretoria

    30 June 2026
    The author, Pambos Soteriades

    The pivot South Africa’s MVNOs cannot afford to miss

    23 June 2026
    Brazil's online gambling crackdown is a lesson for South Africa

    Brazil’s online gambling crackdown is a lesson for South Africa

    22 June 2026

    Subscribe to Updates

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    Latest Posts
    Malatsi comes out swinging in Starlink lobbying row - Solly Malatsi

    Malatsi comes out swinging in Starlink lobbying row

    6 July 2026
    'Functioning but limping': PSC lays bare the rot at Sita - State IT Agency

    ‘Functioning but limping’: PSC lays bare the rot at Sita

    6 July 2026
    Bookmakers to ISPs: stop debating, start blocking

    Bookmakers to ISPs: stop debating, start blocking

    6 July 2026
    MTN's Ralph Mupita named to new UN AI commission - Ralph Mupita

    MTN’s Ralph Mupita named to new UN AI commission

    6 July 2026
    © 2009 - 2026 NewsCentral Media
    Built and maintained by Chronon
    • Cookie policy (ZA)
    • TechCentral – privacy and Popia

    Type above and press Enter to search. Press Esc to cancel.

    Manage consent

    TechCentral uses cookies to enhance its offerings. Consenting to these technologies allows us to serve you better. Not consenting or withdrawing consent may adversely affect certain features and functions of the website.

    Functional Always active
    The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
    Preferences
    The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
    Statistics
    The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
    Marketing
    The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
    • Manage options
    • Manage services
    • Manage {vendor_count} vendors
    • Read more about these purposes
    View preferences
    • {title}
    • {title}
    • {title}