14 December 2020 - NW2407
van der Merwe, Ms LL to ask the Minister of Social Development
(1)Whether, with reference to the recent statement of the spokesperson for the SA Social Security Agency (SASSA) that SASSA will no longer issue SASSA cards after the SA Reserve Bank issued a directive that the cards had been compromised and, therefore, the issuing of cards has been discontinued and the system must be replaced before 31 March 2021, she will furnish Ms L L van der Merwe with the relevant details as to (a) what the compromising of the SASSA cards entails and (b) how it was able to take place against the backdrop of multiple social security problems over the past few months; if not, why not, in each case; if so, what are the relevant details in each case; (2) whether she can guarantee that the next system whereby SASSA cards will be issued will be secure from similar threats to compromise the cards; if not, why not; if so, what are the relevant details?
1. The SASSA cards are actually bank cards issued by the South African Post Office on behalf of Postbank to approved applicants who choose to collect their social grants through the post office. The cards are not managed by SASSA at all.
In 2019, SASSA was alerted to the fact that the master keys for the cards had been compromised in the bank environment. The South African Reserve Bank as the responsible entity for the National Payment System then issued an instruction late in 2019 that all the current SASSA cards would have to be replaced as they are potentially compromised. However, the SARB also set conditions for the improvement of controls within the Postbank environment related to card manufacturing, storage and issuing. These have been addressed by Postbank.
Given the need to replace the cards in circulation, SASSA took a decision not to issue any more of the existing cards, as the need to replace them within a very short period would inconvenience social grant beneficiaries.
Discussions are underway with SAPO and Postbank to ensure that the replacement of the cards is done with the least disruption to the clients.
It must be noted that the potentially compromised cards did not result in any social grant beneficiary losing any social grant money. The fraud that has been experienced by social grant clients has been as a result of poor implementation of controls in the management of the cards within the post office environment, and not because of the security of the card itself.
b) The security lapse for the master keys of the SASSA cards is not something which happened within the past few months, but right at the start of the payment contract with SAPO. It took some time to surface and, once made public, was addressed by the South African Reserve Bank.
c) As explained, SASSA is not the custodian of the cards. These are banking instruments which are managed within a banking environment. Fighting crime and corruption, including the detection of fraud, is a key national priority and SASSA is committed to play its part.