Corruption imposes additional barrier to digital identity in South Africa
This is a guest post by Tshepo Magoma, a Yoti Digital Identity Fellow.
The level of corruption is the biggest stumbling block that prevents many countries in Africa to move ahead and to realise their true potential as emerging markets despite their valuable key resources. For instance, even if South Africa can get a good revamped, incorruptible and unforgeable legal or digital ID, the key factor lies on the staff members of the department and the public at large, as corruption and bribery always leads to fraud. It is common in South Africa to hear in the news that a public official has two to three different IDs and passport, common to hear that someone has used a wrong identity to open a bank account or to defraud a well-known business entity for millions of Rands. The key challenge remains not if we have the best tools to fight fraud, but if we have the best tools to fight the roots of corruption, and how to tackle social engineering with the best technology that can prevent this immorality and fraud from re-occurring. For instance, Experian, a consumer credit reporting company, said on 19 August that it experienced a breach of data which has exposed some personal information of as many as 24 million South Africans, and 793,749 business entities, to a suspected fraudster.
In the Experian data breach case, South Africa’s Information Regulator says it has received information from a whistle-blower that the personal information of South Africans exposed by Experian has found its way to the ‘dark web.’ The dark web allows criminals to anonymously sell stolen personal info, along with all sorts of other contraband, such as illicit drugs and weapons, this personal information includes cell phone numbers; home phone numbers; work phone numbers; employment details; and identity numbers.
The personal information of companies includes: Names of the companies; contact details; VAT numbers; and banking details. While no substantial evidence is provided on how this information managed to reach the web, it is possible that this data may now be sold to illicit buyers. A 2018 report found revealed a shocking estimate that it costs just R14,000 (US$824) to buy a full set of your personal details from the dark web. Although the files from the Experian breach were later removed from the dark web, this signals how less secure the country is from preventing and fighting cyber-attacks, and it goes back to the root cause of the lack of adoption of digital identities especially among the commercial sectors. The breach has been reported to authorities, and South African banks have been working with Experian and South African Banking Risk Centre (Sabric) to identify which of their customers may have been exposed to the breach and to protect their personal information, even as the investigation unfolds.
The other challenge is that fraud in South Africa exists in all sectors and their respective levels in the private sector. Since the private sector was closed amid the lockdown, for instance, the government offered the Unemployment Insurance Fund (UIF) pay-outs to employees that were laid off. The government has reportedly stated that it paid a large proportion of pay-out to several companies in the private sector which have not since then paid out those funds to deserving beneficiaries, indicating the level of fraud being committed by employers to their employees as well as the public officials issuing these funds. For instance, The National Prosecuting Authority (NPA) is currently investigating an alleged fraudulent transfer of funds relating to the UIF COVID-19 relief fund. The NPA says it has secured a preservation order at the High Court in Gauteng for more than R3.2-million ($191,360), which was part of R5.7-million ($340,870), allocated to CSG Resourcing to pay employees.
Another money-related scam involves scammers visiting people’s homes to “recall” banknotes and coins they say are contaminated with COVID-19. The South African Reserve Bank (SARB) warned that these criminals carry fake SARB identification and provide false receipts in lieu of the banknotes “collected,” which they imply can be collected from any of the banks. Interestingly, the SARB has neither withdrawn any notes or coins nor issued any instruction to hand in banknotes or coins that may be contaminated with the COVID-19 virus. The SARB has then issued a statement that it will NOT, under any circumstances, send employees or representatives to collect cash from the public. members of the public are approached by individuals purporting to be SARB employees or representatives, to hand in their money, they should refuse and contact local police. Again, how does a typical South African fully know that a person coming to their homes is indeed who they say they are? Even on the road, South Africans are no longer at ease being stopped by the police, due to recent cases of recent stops and roadblocks initiated by fake policemen who possess all the police regalia. Can a digital identity play a role in this instance? Absolutely yes. But the lack of adoption and a lack of awareness towards digital ID continues to place many people in jeopardy.
It is also quite often to hear of about a tender story for personal protective equipment that has been given to individuals associated with political party leaders and of public servants flouting the law in issuing tenders. President Cyril Ramaphosa chairs the 4IR commission, which he appointed to advise him, and government, on relevant policies, strategies, and action plans to position SA as a smart, connected, and competitive global player. Ramaphosa believes technologies like artificial intelligence (AI) will play a pivotal role in stamping out corruption that has reared its ugly head in the ANC-led government. Stating the need to build on the ‘open tender’ processes employed in certain areas and make use of technology and artificial intelligence as a standard practice to tackle corruption across all of government. To fight corruption with AI, organisations like the World Bank and Microsoft are working together on harnessing the potential to analyze huge datasets to detect patterns that indicate corrupt behavior, according to the Global Government Forum.
Therefore, it is evident that corruption can be intertwined with fraud, and must be addressed for a country like South Africa to extensively fight fraud. There needs to be more investment in stamping down corruption, as again, it is that personnel in the traffic department that gets bribed and gets tempted to give an unqualified driver a licence, which will one day cause an accident and claims many lives. It is that border officer that allows an undocumented driver to pass at the border gate with no undocumented papers. It is that DHA personnel who gets bribed and allocates illegal IDs, which then contributes to socio-economic issues. It is that public official, who uses his power and allocate a PPE tender to a non-compliant company who then fails to deliver and jeopardise the lives of the citizens. To fight this, it will require both the legislation changes aimed at fighting fraud and corruption and the clear adoption of technologies that cannot be tampered with or corrupted by its users. The country therefore needs technology systems that can function independently and accurately with less human intervention that can render services that is ethically and morally conducive.
About the author
Tshepo Magoma, a Yoti Digital Identity Fellow, is an experienced researcher, strategist and innovator with experience working in Africa’s small business and social enterprise sectors.
DISCLAIMER: Biometric Update’s Industry Insights are submitted content. The views expressed in this post are that of the author, and don’t necessarily reflect the views of Biometric Update.
Africa | biometrics | data protection | digital identity | fraud prevention | identity verification | secure transactions | South Africa | Yoti