Security Improvements, fraud detection and prevention and online verification of identity: Home Affairs briefing

Home Affairs

18 September 2012
Chairperson: Ms M Maunye (ANC)
Share this page:

Meeting Summary

Three presentations were given by the Department of Home Affairs (DHA) on progress in matters relating to security in the department. These were security improvements; fraud detection and prevention and online verification of identity. Statistics were given for the various forms of security services used by the department including in-house and private security. These showed that private security is more highly utilised than in-house security. Progress included the installation of electronic security systems across 57 DHA offices. Challenges included the poor standards of security, lack of appropriate skills within the staff, a high staff turnover, insufficient resources and an over-dependence on private security officers. As the way forward, Home Affairs identified office manager security training, the procurement of better resources and creating a front company with the South African National Defence Force.

The second presentation gave the Committee an idea of the purpose of the Fraud Detection and Prevention Directorate. A baseline study on the causes and scope of corruption was undertaken in 2010 which assists DHA to prevent and eradicate corruption. Its Fraud Prevention Plan and Security Advisory Committee were discussed. The challenges here included too few analysts (generally only one or two for each area) and therefore a large backlog, a lack of IT specialisation, heavy reliance on manual records, a struggle to visit all DHA facilities, the non-standardisation of processes at front offices and limited expertise. DHA planned to move forward by expanding the Directorate and creating better training and providing more resources.

The final presentation explained the department’s Online Verification system which is in the early stages of implementation. The online verification system (HANIS) had the largest fingerprint database in the world with over 38 million unique fingerprints sets and allowed the department to identify identity fraud. It helped reduce the turnaround time for passport and ID re-issue. The online verification process was explained. Progress was noted with the five banks which joined the online verification system once the project was launched commercially. The online verification process had been made a pre-requisite of opening a new office. The department had rolled this out to all Civic Services offices, 117 mobile offices and it was being used for temporary ID certification, emergency passports, re-issues and passport applications.

In the discussion, the Committee asked for clarification of escort duties, enabling documents, an analysis tool, close protection services and the Cuban project. They expressed concern at the security behind HANIS and the idea of a ‘front’ security company. They asked for timeframes and budgets for rolling out the projects across the country.

The department expanded on the security measures taken with HANIS. The audit trail enabled the tracing of fraud. An audit trail programme was very strong and used three levels of verification. Not just a PIN but also the fingerprint of the Home Affairs operator and a smart card to minimise corruption and this deterred corrupt officials. The addressed questions on their plans to deal with staffing and under-resourcing issues as well as the over-dependency on manual records and private security companies – both of which had been a concern for the Committee. They also offered budgets and timeframes and clarified on procedure and the reasons for some chosen programmes or policy.

Meeting report

Mr A Gaum (ANC) acted as chair as the chair, Ms M Maunye (ANC) was delayed at another meeting.

The delegation of the Department of Home Affairs was led by Mr Vusi Mkhize, the DDG for Civic Services. The presentation was opened by Mr Castro Khwela, the DDG for Counter Corruption and Security Services and completed by Mr Sello Mmakau, the DDG for Information Services.

Security Improvements: Department of Home Affairs briefing
Mr Khwela outlined the purpose of security in the DHA as ‘to create and provide a safe and secure environment through the application of conscious measures and the effective and efficient utilisation of resources at our disposal.’ He explained that the department has 777 DHA facilities including Ministry and Head offices, provincial offices, district management operations’ offices, large, medium and small offices, port of entries and hospitals.

He outlined the various forms of security services used by the department. These include both in-house and private security companies including Mafoko, Sidas, Best Secure, Ulwazi and Eastern Guard. The total number of private guards is 605 and costs R6 918 667 annually. The number of in-house security officers appointed by the DHA is 85. These guards are responsible for threat and risk assessment, after- hour inspection, close protection services (for example, the Cuban Project), escort duties and general guarding services. He emphasized that some of the offices are national entry ports so cannot be appointed to private security but must be guarded by in-house security.

Mr Khwela explained that a security risk assessment was made of DHA offices and many were found to be below the required minimum standards as per the requirements of Minimum Information Security Standard (MISS) and Minimum Physical Security Standards. An intervention strategy is being formulated and will include the training of office managers as force multiplies on security issues, the establishment of a working relationship between DHA and SANDF (reserve force) and resuscitation of installed electronic systems.

Mr Khwela explained that integrated Electronic Security Systems have been installed in 57 offices nationally but they are in varying stages of functionality and outlined some examples including Wynberg and Barrack Street in Cape Town and BVR Building in Pretoria. The remaining 20 offices for the current financial year have either been completed or are in an advanced stage in some provinces.

Mr Khwela showed a map of branch representation across the provinces which included two in Gauteng and one in Northern Cape, North West, Limpopo, Mpumalanga, and KwaZulu Natal. The remaining provinces have no supervisory representation of physical security officials, bar the security guards who were appointed in port of entries at Level 3.

Mr Khwela outlined the challenges faced in this area which include:
▪ appointing staff at the appropriate level. Level 12 is the deputy director level and is the level that they are struggling with. This is due to the high level of staff turnover. They are taken by other departments due to the high standards of training in the DHA.
▪ DHA is struggling with implementing the recommendations of the Threat and Risk Assessment due to competing priorities or perception of the severity of issues by security.
▪ DHA has insufficient resources, particularly vehicles and photographic equipment but this is being addressed: the department is distributing resources currently to their security practitioners.
▪ The over dependency on private security guards is a large problem as their loyalties are sometimes doubtful. In the case of break-ins; collusion between private security guards and criminals is an issue.
▪ DHA is attempting to develop its specialized technical security practitioners in order to alleviate the dependency on private security companies by installing electronic security systems.

Mr Khwela identified the plans for moving forward.
▪ Appointment of security managers at level 12 in respective provinces;
▪ Designing and formulation of implementation plans for corresponding recommendations of TRAs;
▪ Procurement of dedicated vehicles for security practitioners;
▪ Augmentation and capacitation of a technical team (one post has already been advertised);
▪ Possible registration of a front company to deal with security requirements, particularly on technical matters. These involve talks between the SA National Defence Force and DHA to provide a department force to decrease dependence on private security. This is a challenge however as the SANDF is focused more on protecting national borders and less on internal issues. However, legally this could be done by the development of a front company. The department hopes to have results by financial year-end;
▪ Training office managers to fulfil security matters to ensure the day-to-day security of their offices.

Fraud Detection and prevention
Mr Khwela outlined the purpose of the Directorate as being to manage counter corruption strategies, to develop and maintain an analytical counter corruption and security strategy, to gather and analyse information for investigative purposes and to ensure the identification and prevention of irregularities, unlawful conduct and breaches.

Mr Khwela explained that a baseline study was undertaken by DHA exploring the causes and scope of corruption within DHA in 2010. This document serves to inform efforts to prevent and eradicate corruption in DHA. The department is committed to an effective counter corruption strategy designed to encourage prevention, promote detection and identify a clear pathway for investigation.

The department uses the Fraud Prevention Plan approved by the former Director General of Home Affairs, Mr Barry Gilder, in September 2004. This was revised at a workshop in August 2012 due to the Chief Directorate being elevated to a branch in 2010 in order to decisively deal with corruption. The new plan recognizes Counter Corruption and Fraud Prevention measures which are already in place in DHA, as well as corruption and fraud measures which must be addressed. This plan will soon be circulated internally within DHA and externally for consultation.

A Security Advisory Committee has been established – drawn from all branches in 2011. It will assist with the grading of all posts and classification of meetings within DHA to the appropriate security level i.e. classified as confidential or will outline which documents could be taken from the meeting. It will advise on any problems related to security vetting in general. It will ensure that systems at all operational levels in DHA are security compliant and that all officials are in possession of appropriate clearances to be able to perform their responsibilities. The department is reliant on State Security for vetting security officials. They engage in fieldwork and then the State Security department will vet those files for final recommendations.

Mr Khwela outlined the challenges faced by the directorate.
In terms of Tactical Analysis: DHA only has one analyst to assist with tactical analysis for the whole branch. That analyst must deal with investigation targets of 800 cases and 4 projects per annum and special directives from the DG or Ministry or urgent investigations. Subsequently there is a backlog.
                       
In terms of Strategic Analysis: There are only two analysts in this area for the whole branch. They must deal with processes within the DHA, millions of transactions on the systems of DHA and urgent requests from the Ministry. Other challenges include lack of systems integrity, no IT specialization within the branch (reliance on the Immigration Services branch to extract data), a heavy reliance on manual records which makes it a slow process, a lack of an analysis tool (although in the process of acquiring one) and lack of training for specialization in analysis.

In terms of Detection: There are three officials who perform the detection function. They deal with processes that are performed within the DHA and urgent requests from the Ministry. Other challenges include: the struggle to visit the over 400 DHA facilities, the non-standardisation of processes at the front office, a reliance on manual records and a poor number of samples evaluated due to the high number of records maintained by DHA.

In terms of Awareness: There is only one official who deals with corruption awareness within DHA. This person handles induction programmes, corruption awareness products and represents DHA at inter-departmental forums that deal with corruption issues. Other challenges include limited expertise in current awareness raising methodologies and the corruption awareness official being at a very low level. The department is looking at elevating the position to improve efficiency.

The way forward is elevating the Directorate to a Chief Directorate and separating the two functions of Prevention and Analysis. They plan on formulating and approving the policies and Fraud Prevention Plan and ensuing that the necessary working tools such as computers and cell phones, are available.

Online Verification system
Mr Sello Mmakau gave the background to the online verification system. The project was approved in 1996 and launched in 2000. In 2005, manual records were converted into online copies. A disaster recovery system was launched in 2005 to back-up the main system. In 2008, the immigration branch was converted from manual to online records. 2008 saw the pilot of the online verification system and in 2011 the commercial online verification system was launched and offered to external organizations. HANIS is the Home Affairs National Identification System. It has over 38 million unique fingerprints sets. Photos are being converted to match with the fingerprints; over 13 million photos are stored for identification and verification.

It has allowed DHA to identify fraud associated with ID books. This is a problem which occurs with people swapping photos in ID books and in assuming others’ identity. Banks and other companies could check Home Affairs records and see the correct owner of that ID book. It also helps reduce the turnaround time of passport or ID re-issue. Now an emergency book could be received within in a day as long as the fingerprints are already on HANIS.

Mr Mmakau explained how the online verification works using the example of applying for an ID. The person’s fingerprint is loaded onto the database. In future a person will enter the ID number and check the fingerprint via an online database. The aim is to be able to identify every individual in the country on a single database whether a South African or a foreigner. It will give details as to where they entered the country and on which date. The results will come in three colours: green, amber and red. Green says the fingerprint and the ID number match. Amber means the ID number exists but HANIS could not match the fingerprint to the ID number; this is often a problem with those who work in mines or use their hands on a daily basis and so the fingerprint is not strong. Red means ID check has failed. It could show red for three reasons. It could mean either the scanned fingerprint is not the owner of the ID, the fingerprint of the rightful owner of the ID has been fraudulently changed on HANIS or the quality of the stored fingerprint is not good so making a match is difficult. If red shows then DHA official would revert to the manual system to verify a person’s identification.

Mr Mmakau explained that once the project was launched commercially, five banks joined the online verification system with Home Affairs. These banks were the African Bank Investments Limited, ABSA, FNB, NEDBANK, Standard Bank SA. In banks, customers are asked to put their fingers on a scanner for identification. FNB has been leading the banks with 259 660 transactions so far using this method. The banks have reported that the system has been very beneficial and prevented fraudulent transactions. The department believes this will help the economy generally. The department is in the process of negotiating with other organizations such as Old Mutual. All organizations could connect with the Home Affairs system through their interface. Home Affairs will put firewalls in place but the organization will also need to configure their system in order to connect with DHA. The challenge DHA faces is the slowness of the IT departments on the side of these organisations in putting these things in place.

Mr Mmakau summarised its Progress Report: The online verification process has been made a pre-requisite for opening a new office. There will be no office that opens without online verification, as an ID cannot be processed without online verification. The department has rolled this out to all Civic Services offices, 117 Mobile offices and it is being use for temporary ID certification (1 day turnaround), emergency passports (1 day turnaround), re-issue application and passport applications. It is also used as commercial verification by five banks as of November 2011.

Ms M Maunye (ANC) arrived and took the seat of chair and asked for questions.

Discussion
Mr G McIntosh (COPE) commented on the recommendation of developing a front company and suggested calling it a special purpose vehicle as the term ‘front’ is most often used for fraud. He noted that the private security company is not exploiting DHA; it works out at R15 000 a guard.

Mr McIntosh asked if face value and enabling documents were ID documents, permit and passports. The department confirmed this.

Mr McIntosh noted that DHA said there was ‘no analysis tool in place - we are currently in the process of acquiring an analysis tool’. He asked what an analysis tool was. There is no standardised procedure for front office and DHA is still very reliant on manual processes and he expressed concern at this. He asked for a response about these concerns. He asked when DHA believed they will stop being reliant on manual records.

Mr McIntosh asked when the HANIS system would be at full capacity, as 38 million fingerprints are already captured on its system. He asked if the HANIS online verification system is open to the public online. He expressed concern that someone could fraudulently change his online fingerprint.

Ms D Mathebe (ANC) asked how soon officers who were responsible for security matters were going to be trained. She asked for a timeframe for completion of security systems in offices. She observed that in many areas, there were only one or two analysts handling many cases and this might cause a large backlog as this was not enough people. She enquired how soon the smart card would be rolled out.

Mr M De Freitas (DA) asked for clarification about how DHA used in house and private security companies and how they chose which ones to use. She asked if a cost analysis been done to compare the costs of the two from a cost and security aspect. He asked about releasing private security companies such as Mafoko and how the contracts with those companies worked.

Mr De Freitas asked DHA to expand on what ‘close protection services’, ‘Cuban project’ and ‘escort duties’ were. He asked if ‘training of office managers’ meant office managers in the security department. He observed that the phrasing ‘Resuscitation’ of installed electronic systems implied that these systems already existed. Why did they need resuscitation and why were they shut down in the first place? He asked for clarification on the meaning of ‘migrating guards to full time security officers’. He asked why they had not been already. He asked DHA to unpack the challenge of over-dependency on private security and why this was a problem.

Mr De Freitas asked for a definition of a Chief Directorate and a Branch and why the Counter-corruption elevation from directive to branch was an issue. He asked for a copy of the Fraud Prevention Plan to be circulated once it was finalised. About the 800 fraud cases, he asked what types of cases DHA had had and what the most common were. For urgent cases from the Ministry or DG, he asked what the criteria were to make an investigation special, urgent or a priority. On the ‘way forward’, could DHA show a budget for this and expand on its timeframe? He asked DHA who were the external parties were besides banks. Was DHA ensuring that all banks were interfacing with it and was there any legislation that compelled them to do that?

On the transaction figures for banks, Mr De Freitas asked when the dates for the banks were from and observed that they seem small. He asked what FNB was doing which makes their transaction numbers so much higher. He asked if there were measures in place which ensures that the banks have security measures which guarantees the safety of the Home Affairs system.
Finally, Mr De Freitas asked if DHA has looked at international experiences as an example model for the security system to avoid ‘reinventing the wheel’.

DHA’s response
Deputy Director-General: Civic Services, Mr Vusumuzi Mkhize, opened DHA’s responses to the Committee questions by outlining DHA’s responsibility to ensure the security of a citizen’s identity for everyone in South Africa and emphasised it as a priority. As a government, their responsibility was to ensure all citizens feel safe. They must ensure that they were protecting people pro-actively and the question of how to deal in proactive not reactive was a serious one. Another serious priority for DHA was the problems which impacted the whole economy. These ranged from ID theft to fraudulent acquisition of SA citizenship.

He explained that the phases of development on this project was due to the need to transfer manual records into online records. This project was not just for Home Affairs but looked at how it could be done with different departments and then how it could be made commercial. South Africa was superior in this as it had the largest fingerprint database in the world; it won an award in 2008/9 from the UN Economic Commission for Africa and was leading the way in this respect.

Mr Khwela explained that some services need in-house security as in some areas you needed specialist services such as at Head Office. These could be more expensive if done privately and so DHA used in- house services. For entry points, legislation required that DHA use in-house security services. However, generally private security was cheaper than in-house security. He explained that the private security service contracts allow for the companies to give three months notice to terminate providing DHA with security.

’Close protection services’ meant VIP protection services. This required in-house security to handle VIP protection for visitors to DHA. Risk and threat assessment services would sometimes advise escort services for transporting people and close protection services would provide this. For example, when Cuban instructors were assisting with training at the OR Tambo airport, DHA had to provide them with full security and escort services. Training of office managers referred to front office managers who were not security officers but DHA wanted to provide them with the skills and expertise to provide security for their own offices. This ensured guards were on time and that all offices had enough guards and the building was secure at the end of the day. It was a two to three day training.

Mr Khwela explained that DHA was having to resuscitate systems as an assessment made in 2009 showed that systems were not meeting the requirements in terms of quantities for DHA. For example, some electronic systems had stopped functioning and therefore were in need of resuscitation to restore them back to their initial installation standards.

On the migration of guards at Ports of Entry, Immigration Services used to provide guards as security at ports of entry before the police were brought in. Once the police were brought in, the former guards were made redundant so DHA was assisting them to receive appropriate levels of education as some only had a basic education and did not have any proper security training. Now they would receive full training in order to be fully utilized as security officials in DHA facilities. Those with grade 10 had already undergone training and have been moved to the Mesina refugee centre.

Mr Khwela explained that DHA’s over dependence on private security guards was inevitable as the cost of maintaining an in-house security force was much higher than using private security. He agreed with Mr McIntosh that a‘front company’ was a loaded term but explained that it was often used in security companies and DHA was advised to use this term by their legal experts. The department was engaging with the SANDF reserve force to create a company which allowed the reserve force to provide DHA with security services instead of engaging private security. This had emerged from the threat of the role private security companies were playing. They could not use the reserve force as a reserve force as they were not meant to be playing a role internally but should be focused on external threats. The establishment of the front company was to allow them to be occupied somehow when they were not on active duty and could provide assistance to DHA, as many were unemployed when they were not on active duty.

Mr Khwela explained that in 2009, the unit that dealt with counter corruption was at a chief directorate level. It was elevated to a branch level as DHA was expanding and at Chief Directorate level, it was not coping with the amount of corruption and fraud activities within DHA. Now it had three chief directorates within the branch. These were a directorate for security, a directorate for investigations (internal and external cases) and a directorate for prevention.

Mr Khwela agreed that once complete the Fraud Prevention plan as well as the baseline study would be provided to all the Committee. He clarified ‘800 cases’ was per annum and was the average number so that was why it was used as the example in the presentation. ‘Special cases’ referred to those cases which were classified as top secret; those that were received from the Minister’s office. An ‘Analysis tool’ was an IT system which showed a whole a family unit from one ID number. It was used in intelligence and investigations and speeded up processes.

On the standardisation of processes, DHA was working on implementing standard operating procedures and this was one of the elements with which they assisted. He agreed that the manual records were heavy but documents were still completed by hand therefore manual documents were still vital for investigations.

Mr Khwela explained that in the area of the ‘way forward’ there was a budget for most of the elements indicated. In terms of time frame, the Chief Directorate for Prevention and Analysis was meant to be implemented this financial year but this had been postponed until the next financial year. Most Fraud Prevention Plan policies had been completed and were waiting for approval. The analysis tool had been approved and was waiting for the process to be implemented. The case management system was still in the pipeline and DHA was negotiating with other business units in departments to come up with a case flow. Computers were being distributed and almost all operatives had cell phones. About the remaining 20 offices which had not been completed, they would be complete by the end of the financial year and money had been allocated for those. The training of offices would be starting from the third quarter in October. This was being worked on by the Chief Director of Security. Installation of systems would be during this financial year and should be restored and resuscitated by the end of the financial year.

On there being only one tactical analyst, a post had been advertised for another analyst so as to ultimately have two analysts by the end of the year. He acknowledged that having only one person in Awareness was a problem. Arrangements with the Communications branch and their DDG as well as security officials on the ground had been made to assist DHA.

On the online identity verification system, Mr Mmakau responded that HANIS had a 70 million capacity. The department had created an interface that could be used by any organisation. HANIS was not infallible; people could collude with the internal ID people to change things on HANIS but this could all be traced so it was a deterrent. The department could trace if anything was changed within HANIS. With regards to the smart ID card, DHA had created a pilot ID card and was currently piloting the smart ID card with various stakeholders including Department of Health and others that would be using the smart ID card. The process was in order to incorporate their requirements into the smart ID cards. This would not be too long as they would not wait for all stakeholders to submit their requirements but space would be left on the ID cards so in future stakeholders could add their requirements onto the ID cards. The smart ID card was a priority and would start in the next financial year and DHA was working with other government departments to finalise this. ‘External stakeholders’ referred to anyone who was outside DHA including public and private such as departments, the banks, SA Social Security Agency (SASSA), Old Mutual, insurance companies.

Mr Mmakau explained that currently there was no legislation to force banks to adopt this system but the system assisted banks in preventing fraud so it was being adopted very quickly and there was no issue with banks not wanting to interface with DHA. The varying transaction figures for each bank were to do with skills within the bank, the priority of the project etc. FNB had rolled out the project in 150 branches and was leading the way. For them it was a priority as it dealt with the great problem of identity fraud and general fraud in bank. Another explanation for the varying transaction results of the banks was that each bank came on board at different times (FNB came first), that branches had varying numbers and the system was phased in – hence the different levels of results.

Mr Mmakau explained that a pre-requisite for the system to be implemented with the banks was that the security requirements were of the highest standards. They were piloted for a few months until the banks were sure of the level of security in the Home Affairs system. The department had been doing research into international experience. The results were that biometrics was the solution for identity verification as it was unique whether one used the iris or fingerprint. Therefore biometrics had been a priority for DHA.

Mr Mkhize concluded by explaining that DHA was trying to implement uniform standards. Documents were produced in DHA which identified uniform standards. Within this was: A Tool kit for office managers / FAQ handbooks / Process maps which would analyse security gaps. DHA had 300 million records. Now they were using an Electronic Document Management System as a tool to deal with manual records. As part of modernisation they were creating a live capture for not just passports but ID applications so no forms had to be filled in.

Biometric control management systems were being used to prevent fraud. The audit trail enabled the tracing of fraud. An audit trail programme was very strong and used three levels of verification. Not just a PIN but also the fingerprint of the operator and a smart card to minimise corruption and this deterred corrupt officials.

To ensure that DHA could recruit appropriate skills and expertise, the Chief Directorate was elevated to a branch. To recruit skills at a Chief Directorate level might not produce sufficient skills but by elevating this, they could recruit more appropriately and make the branch more effective. One person dealing with all three areas was a problem and now a specialized person could deal with each of the three.

Ms M Maunye offered her thanks to DHA, emphasized the importance of its work and the importance of the security of the IT systems as a priority. She highlighted the need to improve on IT systems in order to get clean reports.

The meeting was adjourned.

Present

  • We don't have attendance info for this committee meeting

Download as PDF

You can download this page as a PDF using your browser's print functionality. Click on the "Print" button below and select the "PDF" option under destinations/printers.

See detailed instructions for your browser here.

Share this page: