The agency discovered that criminals had created more than 150 fake websites mimicking Sassa's official platforms.
The South African Social Security Agency (Sassa) revealed that it recovered hundreds of millions of rands through an intensive verification process that uncovered widespread fraud, including fake websites, identity theft, and thousands of ineligible beneficiaries receiving grants meant for the country’s most vulnerable citizens.
During a briefing to parliament’s portfolio committee on social development on Wednesday, 19 November, Sassa revealed that its anti-fraud measures have already generated monthly savings of R28.5 million, with projections showing the intervention could save taxpayers approximately R340 million annually once all fraudulent grants are removed from the system.
The fraud crackdown comes after two first-year students from Stellenbosch University exposed critical vulnerabilities in Sassa’s Social Relief of Distress grant (SRD) application system last year, prompting an independent investigation and sweeping reforms to the agency’s digital infrastructure.
The scale of the problem
Acting Sassa CEO Zodwa Mvulane outlined the extent of the fraud that had infiltrated the social grant system.
The agency discovered that criminals had created more than 150 fake websites mimicking Sassa’s official platforms to harvest beneficiary data, which was then used to submit fraudulent grant applications.
“What was happening is when somebody searches for Sassa, it comes across this particular website that looks like Sassa, and then you enter your information there, your ID number, your name, your account and your address,” said the agency’s acting CIO Jabulani Makondo.
“Now, those people will then have that information, and they can reuse that information to apply, for example, on your behalf.”
Makondo said the investigation revealed that approximately 70 of these fraudulent websites have been shut down through partnerships with the “.za” domain consortium and third-party service providers, though the battle continues as new fake sites emerge.
ALSO READ: Committee urges government to fix systemic failures in social development
Sassa system vulnerabilities exposed
The independent assessment conducted by Masegare & Associates Incorporated identified four critical areas where Sassa’s systems were vulnerable to cyberattacks.
These included weak encryption standards that enabled interception of personal information, unauthorised application programming interfaces, fraudulent websites mimicking official platforms, and vulnerabilities that could disrupt beneficiary payments.
According to the Minister of Social Development, Nokuzola Sisisi Tolashe, the agency has since implemented strict security measures, upgraded encryption protocols, and established a 24-hour cybersecurity operations centre to monitor threats in real time.
Tolashe said facial biometric verification has been rolled out across the SRD system and local offices, making it significantly harder for fraudsters to apply for grants using stolen identities.
Cleaning up the database
Beyond addressing technical vulnerabilities, Sassa launched an aggressive campaign to verify that only eligible beneficiaries continue receiving grants.
The process involved cross-checking applicant data against multiple government databases, including those maintained by:
- South African Revenue Service (Sars)
- Unemployment Insurance Fund (UIF)
- Government Employees Pension Fund (GEPF)
- Public Service and Administration department
Acting CEO of Sassa Brenton Van Vrede explained that the agency triangulated data from banks, credit bureaus, and government departments to identify high-risk beneficiaries.
“We want to target those reviews to identify clients who are most at highest risk of potentially missing, disengaging themselves,” he said. “Between the banks and the credit bureaus, we’ve identified 161 recipients that were found on both of those databases.”
According to Van Vrede, the results were striking. In the first two quarters of the financial year, Sassa initiated approximately 259 000 reviews across different grant types. Of these, 201 000 beneficiaries came forward to complete the review process, while around 60 000 received suspension letters for failing to respond.
The outcome of these reviews led to 34 000 grants being cancelled, with the child support grant accounting for 28 000 of these, followed by 4 000 disability grants and roughly 1 000 older persons grants.
An additional 8 600 beneficiaries had their grant values adjusted downward after income assessments revealed they qualified for reduced amounts rather than full grants.
ALSO READ: Call for SRD grant and Nsfas recipients to be banned from gambling – Here’s how
The cost of fraud
The financial implications of the fraud were substantial. Van Vrede revealed that the cancelled grants represented monthly savings of R28.5 million, translating to approximately R171 million for the remainder of the current financial year.
“If you also do an estimate of what the savings would be for a full financial year, which would be the savings in the next financial year, because these grants are no longer active in the system, that would be approximately R340 million,” he told the committee.
The data also exposed concerning patterns of how fraudsters exploited the system. One database check revealed more than 2 000 beneficiaries were simultaneously receiving grants while employed by the Department of Cooperative Governance and Traditional Affairs (Cogta), primarily through the Expanded Public Works Programme.
Another 6 000 beneficiaries were found on the Provincial Education Services and Labour database, raising questions about the foster care grant system.
Ongoing vulnerabilities
Sassa officials stressed that cybersecurity is an ongoing battle rather than a problem that can be permanently solved.
The agency now conducts quarterly vulnerability assessments to identify and address emerging threats.
Moses Mbedhli, head of internal audit at Sassa, confirmed that independent verification shows the security measures are working.
“Firstly, there are now strict security settings, which assist because they limit the risk of manipulation.”
Mbedhli also reported a slight reduction in identity theft cases, from approximately 1 100 in 2023 to around 500 between April and September this year.
Minister’s commitment
Tolashe assured the committee that the government remains committed to protecting social assistance while implementing reforms.
She announced that President Cyril Ramaphosa’s decision to extend the SRD grant until March 2027 provides adequate time to finalise policy proposals on introducing basic income support.
“The extension marks a critical shift in our government’s ongoing commitment to support vulnerable individuals, especially in the face of the current economic climate,” Tolashe said.
“With faster monthly biometric verification and enhanced digital tools, we will continue to ensure that the SRD only benefits those who need it most.”
NOW READ: Mark your calendar: Sassa announces December payment dates
