{"id":895,"date":"2024-10-18T06:58:55","date_gmt":"2024-10-18T04:58:55","guid":{"rendered":"https:\/\/pixleyindependent.co.za\/?p=895"},"modified":"2024-10-18T06:58:55","modified_gmt":"2024-10-18T04:58:55","slug":"sassa-confirms-that-there-has-been-no-data-breach-on-its-system","status":"publish","type":"post","link":"https:\/\/pixleyindependent.co.za\/?p=895","title":{"rendered":"SASSA confirms that there has been no data breach on its system"},"content":{"rendered":"

Kimberley <\/strong><\/p>\n

The South African Social Security Agency\u2019s (SASSA) Cyber Security Unit has confirmed that there was no data breach of SASSA system to manipulate the roll out of the Covid-19 Social Relief of Distress (SRD) Grant.<\/p>\n

 <\/p>\n

On Monday, 14 October 2024, GroundUp published an article titled, We discover massive fraud in SASSA\u2019s grant system\u201d, with a sub-heading, \u201cSASSA needs to disclose how this happened and the scale of the problem\u201d. The article was co-authored by two first year Computer Science students at Stellenbosch University who claimed they have been looking for vulnerabilities in government as well as private-sector systems.<\/p>\n

 <\/p>\n

SASSA is aware of various attempts by individuals who have attempted to take advantage of various efforts and initiatives by government to support the most vulnerable individuals in our communities. The fraud highlighted by the two students as published in GroundUp (in other words where fraudsters steal the identity of ordinary citizens and their contact details) is not something new and is well-known to SASSA and that it is not the only type of fraud perpetrated.<\/p>\n

 <\/p>\n

Over time, the risk landscape has evolved, necessitating SASSA to adapt accordingly. In response, SASSA has implemented several countermeasures, including algorithms based on data and metadata to identify potentially fraudulent applications that require further identity verification. These measures recognize that 60% of South African youth are unemployed and could qualify for the grant. However, SASSA continuously strives to consider how it minimises the impact of its fraud measures on legitimate applicants.<\/p>\n

SASSA is also already in the process of rolling out enhanced security measures for all SRD related functions as part of the rollout of a new mobile app. SASSA must deploy its security measures without causing inconvenience to its client base while taking into considering that a large part of our client base is not technology literate. It is thus a matter of vulnerability versus functionality that should be always balanced.<\/p>\n

In addition to the SASSA-developed risk identification model, SASSA collaborates with various other risk mitigation and fraud detection institutions in the financial services to identify fraud and implement measures to exclude clients who should not benefit from the grant.<\/p>\n

 <\/p>\n

Furthermore, SASSA has also piloted an electronic “know your client” (eKYC) program, utilizing facial recognition to verify the legitimacy of clients and their applications through comparison and matching their data with the population register or National ID Database at the Department of Home Affairs.<\/p>\n

SASSA has also been working with other institutions like the banks from the onset to ensure that the grant is paid to those that are eligible for the grant. In this regard, SASSA is also working closely with some banks to accelerate their biometric verification solutions for clients when opening bank accounts.<\/p>\n

 <\/p>\n

The reduction in fraudulent applications, is attributed to the success of the countermeasures implemented, which dissuade fraudsters from applying in the first place. As a result of these measures, more than 2 million applications have been blocked and placed in a \u201creferred status\u201d. This does then require these applicants to verify their identity through facial recognition software.<\/p>\n

 <\/p>\n

It is our notion that the students who raised their findings did so in a vacuum of having all relevant facts and consideration of the SASSA clientele profile, considering the system functionality versus vulnerability, the SASSA risk assessments performed and the fact that SASSA is working with various companies, as well as the authorities in prosecution of fraudulent client applications.<\/p>\n

 <\/p>\n

SASSA validates if the applicant has access to the mobile number they provide during the application process. In this regard the website sends an OTP to the mobile number provided, and the applicant then must provide that OTP on the website to proceed with the application.<\/p>\n

The Identity number is matched with the name and surname, during the application process. This validation is based on the information captured at Department of Home Affairs which SASSA obtains through the Integrated Justice System link (commonly referred to as the PIP service).<\/p>\n

 <\/p>\n

SASSA will continue to strengthen its processes and will work with universities, law enforcement agencies and other institutions to protect the most vulnerable individuals that it serves and ensure that its system security and functionality remains a fine balance, combined with ethical hacking and work practices.<\/p>\n","protected":false},"excerpt":{"rendered":"

Kimberley The South African Social Security Agency\u2019s (SASSA) Cyber Security Unit has confirmed that there<\/p>\n","protected":false},"author":2,"featured_media":829,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[12],"tags":[],"class_list":["post-895","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-crime"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/pixleyindependent.co.za\/index.php?rest_route=\/wp\/v2\/posts\/895","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pixleyindependent.co.za\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pixleyindependent.co.za\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pixleyindependent.co.za\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/pixleyindependent.co.za\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=895"}],"version-history":[{"count":1,"href":"https:\/\/pixleyindependent.co.za\/index.php?rest_route=\/wp\/v2\/posts\/895\/revisions"}],"predecessor-version":[{"id":896,"href":"https:\/\/pixleyindependent.co.za\/index.php?rest_route=\/wp\/v2\/posts\/895\/revisions\/896"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/pixleyindependent.co.za\/index.php?rest_route=\/wp\/v2\/media\/829"}],"wp:attachment":[{"href":"https:\/\/pixleyindependent.co.za\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=895"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pixleyindependent.co.za\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=895"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pixleyindependent.co.za\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=895"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}