Postbank needs to replace 12-million bank cards at a cost of R1-billion after its “master key” was compromised, the Sunday Times reported.
Citing several internal Postbank reports, the Times found that the bank’s master key was stored in plaintext during a data centre migration in July 2018. Two staff members also stored the key in plaintext on USB flash drives and one of the drives can’t be located.
One of the internal reports cited in the article, an overview of financial crime, reportedly stated that Postbank found 25,000 fraudulent transactions between March 2018 and December 2019. R56 million was stolen.
The master key was generated in January 2018, according to the report.
The article described the master key as a 36-digit code which allows anyone to read and write account balances, and read and change information on any of the cards the bank has issued.
The Post Office denied that its master key for Postbank’s cards had been compromised, saying that the “stories” were unfounded and only seek to create panic among Postbank’s clients.
Postbank’s clients include millions of social security beneficiaries who receive grants from the government every month.
No audit trail
Referring to another internal report titled “Overall IT Security Register” from January 2020, the Sunday Times reported that the Postbank had no logging in place to trace fraudulent transactions.
Postbank was not able to audit when an account was accessed, who accessed it, and what was done on the account.
A spokesperson for the Post Office said that it is on record that “systematic difficulties” were uncovered with the “reconciliation functionality” of the integrated grant payments system, and that the issue has been resolved.
R42-million stolen from Postbank in 2012
This is not the first time information security problems at Postbank has resulted in money being stolen.
In 2012, a syndicate stole R42 million from Postbank in a heist that took place over the New Year holidays — between 1 January and 3 January.
The syndicate opened several Postbank accounts across South Africa towards the end of 2011, and over New Year’s they gained access to a Rustenburg Post Office employee’s computer. From there the syndicate made deposits from other accounts into its own.
Over the next three days, automated teller machines in Gauteng, Free State and KwaZulu-Natal were used to withdraw cash from the accounts.
The SA Post Office suspended its new interim CEO, Lindiwe Kwele, in December 2019, after just four months at the helm of the struggling state-owned enterprise.
Kwele was appointed as interim CEO in August last year when former Post Office CEO Mark Barnes resigned citing differences on a forward strategy in relation to the structure of the group.
After his resignation, Barnes said there was a competent team in place at the Post Office, led by Kwele, which can still realise the potential of the organisation.
Kwele first joined the Post Office in June 2017 as Chief Operating Officer. Before that, she was Deputy City Manager for the City of Tshwane Metropolitan Municipality.
Business Day has now reported that Kwele and Mothusi Motjale, The SA Post Office’s head of the supply chain management division, were suspended on 4 December.
“The Post Office confirmed the suspension of the duo, saying it would allow for an independent investigation into unspecified matters,” the report stated.
Kwele fighting back
Advocate Eric Mabuza, who is representing Kwele, told Fin24 that the suspension is being challenged and has been referred to arbitration.
Kwele was suspended only two weeks after the new board was appointed and accused the board of delaying the process.
“How could the new board have familiarised themselves with matters at the SAPO within just two weeks?” he asked.
He added that Kwele “was just implementing decisions by the previous board”, adding that the suspension is related to politics.
The SA Post Office continues to make big losses, which required the government to give it a capital injection of R2.95 billion over the previous financial year.
There were, however, positive movements under Barnes. He said in the Post Office’s last annual report that the company was progressing towards profitability.
He added that the organisation was in a sound financial position, with no external bank borrowings or outstanding National Treasury guarantees.
The Post Office’s revenue increased by R897 million (19.8%) to R5.44 billion compared to the previous reporting period.
Expenses, however, increased even faster. Total expenses increased by R1.43 billion to R6.78 billion, which resulted in a net loss of R1.172 billion.
The South African Post Office (SAPO) is now able to accept debit and credit cards as a payment method for the renewal of motor vehicle licences at all its branches that offer the service.
The service is available at selected post offices in all provinces except Mpumalanga and the Western Cape. The list of branches where the service is available can be checked here.
The renewal of motor vehicle licences is the most popular transaction at Post Office branches – clear evidence of the success of this service.
If you did not receive a renewal notice, the renewal form (ALV) can also be downloaded here.
Motorists who have received a traffic fine issued in terms of the AARTO Act may pay the traffic fine at any Post Office countrywide.
A backlog of millions of items still waiting to be delivered at the Johannesburg nerve centre of the Post Office is being cleared as fast as possible.
That’s according to SAPO CEO Mark Barnes, who has stated that the provider is looking to clear the backlog by 24 November 2018.
“We started off in April with a 46-million item backlog and we are now down to a 7.8-million backlog.”
The bulk of that is sitting at the Witspos Hub in Johannesburg.
SAPO defines a “backlog” as any item of post five or more days behind schedule.
Barnes says there have been some improvements in clearing the domestic mailing backlog but they still need to catch up with international deliveries.
Listen to the full interview here.
Source: Randburg Sun
There’s a new parcel delivery scam that post office users should remain alert for and guard against, Southlands Sun reports.
The SA Post Office warned the public to be on the alert for the new scam which is designed to defraud them.
The conmen place phone calls to members of the public, alleging to be from the Customs division of the SA Post Office. The caller informs them that a parcel is ready for collection, provided they first pay ‘customs fees’ into a bank account.
The SA Post Office insisted that it does not require customers to make any bank deposit before parcels are released. In instances where a SARS levy import tax is payable on parcels from abroad, the import tax must be paid at the Post Office counter when the item is collected. The customer will receive a point-of-sale receipt for this payment.
Where the Post Office has the recipient’s cellphone number, the customer will receive an SMS requesting them to collect the parcel at a specific branch. The SMS will not request funds to be deposited into an account.
Members of the public who have information regarding this scam are requested to call the police or the Post Office’s crime buster hotline on 0800-020-070.
The SA Post Office advises the public to ignore communication of this nature.
Unpaid domain fees are allegedly the reason why the South African Post Office’s (SAPO’s) web site was recently down for an unknown number of days.
Upon navigating to www.postoffice.co.za, users were greeted with an error stating: “This site can’t be reached … www.postoffice.co.za took too long to respond.”
According to reports on MyBroadband, payment for an amount of R125.40, invoiced on 1 February 2018, had not been made by owners of the post office domain.
Calvin Browne, cofounder of DNS Africa and head of international registrar relations at Domain Name Services, explained the situation in detail to MyBroadband.
According to Browne, an invoice was sent and delivered to SAPO on 1 February. By 1 March, a follow-up email was sent and delivered. On 12 March, a final warning e-mail was delivered, and a week later the domain was suspended. The outstanding fees were paid on 20 March.
The lack of payment was not the only issue, however, and is reason for the three-day delay between payment on 20 March and the web site only coming online again on 23 March.
According to MyBroadband, there are “several errors with the ‘postoffice.co.za’ zone setup”. Browne says it is “quite remarkable that anything works at all” – all of which contributed to the extended downtime.
Via MyBroadband, Browne gave a detailed explanation of these problems, which included:
- There are seven nameservers, instead of the listed five in the registration
- One of the nameservers – waterbok.postoffice.co.za – is not valid
- The “postoffice.co.za” domain is susceptible to DNS cache poisoning and is vulnerable to being hacked
- One nameserver – gemsbok.postoffice.co.za – is not listed in the co.za zone
- When the “gemsbok” nameserver was queried, “waterbok” had been replaced by “gemsbok” and “gemsbok.postoffice.co.za” was gone
- The TTLs (Time To Live records) are different – on “gemsbok.postoffice.co.za” they are set to expire in one day, while “waterbok.postoffice.co.za” they are set to 10 minutes
- When Browne tested the nameservers, they responded with “SERVFAIL”, which “basically means they know nothing about postoffice.co.za”
- These misconfigurations mean two of five registered nameservers do not even know about the domain, and cannot be trusted to serve the correct information
When taking all of this into consideration, it is no surprise that SAPO took so long to get its web site back up and running – and it belies problems on their other domains, such as Post Bank.
Original article by MyBroadband
The South African Post Office (SAPO) has officially joined the scramble to replace Cash Paymaster Services (CPS) as the country’s social grants distributor amid an ongoing crisis over the payment of beneficiaries.
CEO Mark Barnes has submitted an affidavit dated March 13 to the Constitutional Court as part of the Post Office’s application to be admitted as a friend of the court in the Black Sash vs Sassa matter due to be heard on Wednesday.
In the court papers, Barnes states that using the Post Office would “serve the national interest, protect beneficiaries’ information and support government’s ambitions for radical socio-economic transformation”.
Barnes has proposed two alternative systems to solve the crisis, including one that could be implemented within days. However, another long-term plan would need to include CPS.
The South Africa Social Security Agency (Sassa) is under more pressure to find a solution after CPS said it would not be able to pay social grants from April 1 if an agreement is not reached by Thursday.
Read the article here: If there’s no new contract by Thursday, grants may not be paid
Barnes states in the papers that the Post Office had already submitted an emergency backup solution to Sassa on March 1 in case CPS pulled out of the payment of grants to 17 million beneficiaries.
It says it can step in by using an electronic voucher system already used to pay staff employed at the department of public works in the Eastern Cape.
The Post Office said the system can be up and running within days, ruling out the need to extend the CPS contract that expires on March 31.
“Pay points would include SAPO branches as well as the 10 000 locations managed by the current cash-in-transit service provider. Identity documents and identity cards would be checked to ensure that the right people are paid the right grants after comparing to Sassa’s SOCPEN database,” Barnes states in the affidavit.
However, Barnes’ long-term solution that would meet the Sassa requirements would need CPS to assist for a maximum of twelve months as the Post Office prepares to take over.
The Post Office would need CPS to provide the biometric system, personnel that could be retained or replaced over time and cash dispensing machines owned by CPS.
Social Development Minister Bathabile Dlamini has insisted on a biometric system, arguing that it guards against fraud and has saved the fiscus R2bn. She said the system ensures that the right beneficiary is paid the right grant and proves the beneficiary is still alive.
‘State organ should have first preference’
Barnes proposes that the Auditor General monitor the 12-month handover period, with quarterly reports submitted to the court.
Barnes said the Post Office would charge R20 per beneficiary. CPS is currently charging R16.44 per beneficiary, an amount that is expected to increase if a new interim contract is signed.
Barnes argues in the court papers that the Post Office as a state organ should have first preference as a service provider.
“Where an organ of state is able to provide services, it is suggested that such services should first be procured from organs of state prior to the invitation being sent out to the public.
“The procurement of such services from the state-owned entities, where it is possible, is in the national interest and is fiscally prudent,” Barnes states in his affidavit.
However, Sassa and Dlamini have previously argued that the Post Office has only 2 567 outlets that are predominately in urban areas while the current system offers 10 000 outlets, mostly in rural areas. The two also said their norms and standards state that beneficiaries should not travel more than 5km to a pay point.
By Mahlatse Gallens for News24
The SA Post Office (Sapo) is making gradual progress and there is light at the end of the tunnel, but it remains long, CEO Mark Barnes said on Tuesday, ahead of a briefing to Parliament’s portfolio committee on telecommunications and postal services.
The committee received presentations on the first quarter performance of all the state owned entities falling under the Department of Telecommunications and Postal Services.
Barnes said confidence was slowly being built up within the Post Office and that the first quarter results did not truly reflect its current situation as it only received a R650-million cash injection from the government towards the end of the first three month period.
In the first quarter, a net loss of R259-million was recorded, a R26-million improvement on the same period in the previous year.
Overall revenue of R1,2bn was 79% of budget and was 5% (R62m) lower than the same period in the previous year.
Operating expenditure of R1.4bn was R298m below budget and 7% (R110m) lower than the same period in the previous year.
Revenue was negatively affected by poor service levels due to non-payment of suppliers. The closure of some retail branches also had an effect.
Creditors reduced from R899-million in March to R729-million in June and trade vendors from R382-million to R200-million.
A critical goal, Barnes told the committee, was to settle outstanding creditors so that Sapo operations could function normally. It was also critical to fast-track the appointment of key executives.
The committee heard that the Reserve Bank has approved Sapo’s first level application for a banking licence for Postbank. The Post Office had also signed a joint agreement with recognised trade unions to settle wages and conditions of employment up to the period ending 2016/17.
Sapo had also secured a three year loan facility of R3,7-billionn from major financial institutions such as Standard Bank, consolidating its existing facilities of R1-billion.
“These funds will be prioritised for the settlement of historical labour matters, (to) pay the long outstanding creditor backlogs, as well as fund critical projects to support the corporate plan,” Barnes says.
By Linda Ensor for www.bdlive.co.za
SA Post Office (Sapo) CEO Mark Barnes is in the process of finalising a domestic syndicated loan facility to raise some of the R3,7-billion for the company that urgently needs the funds to stabilise its operations and start generating revenue‚ Telecommunications and Postal Services Minister Siyabonga Cwele said on Tuesday.
He told MPs during his speech on his budget vote in the National Assembly that his department would assist the company to raise the funding from the markets. The approximately R3,7-billion the company needed “urgently” would be in addition to the R650-million capital injection made by government recently.
“Sapo remains a strategic entity for extending government‚ e-commerce and financial services to South Africans far and wide through its approximately two and a half thousand (2 448) outlets‚” says Cwele.
He notes that the company was correcting the maladministration of the past 10 years by implementing the recommendations of the Special Investigating Unit (SIU) and the public protector‚ as well as its own strategic turnaround plan
Cwele says government was committed to ensuring that Sapo subsidiary Postbank became a developmental bank that would provide simple‚ easy-to-understand financial products and services for the unbanked and underserviced. Last year‚ the bank opened over 219 000 new savings accounts for the unbanked.
The response by the Reserve Bank to Sapo’s application for Postbank to be a fully-fledged banking company was awaited. This would open the way for the appointment of the Postbank board‚ its incorporation as a separate company and the registration of the bank controlling company.
Cwele says the inintegrated ICT white paper – promised by the end of March – would be finalised in the next few months.
The policy‚ he noted‚ would reduce barriers to entry “by moving away from monopolistic infrastructure based competition‚ to open access broadband networks”.
“A new spectrum policy will support open access networks as it aims to open the use of high-demand broadband spectrum for use by all licensees while adequately compensating those who invest in infrastructure.
“The ultimate target is to benefit the consumer by increasing consumer choice‚ reduce costs‚ increase innovation‚ and encourage all consumers to fully experience the internet.”
The minister noted that mobile broadband 4G/LTE coverage now stood at between 35 and 53%.
By Linda Ensor for www.timeslive.co.za
The annual renewal notice reminding South African motorists to renew their car licence disc may fall through for 2016, according to The Power Report in the Sunday Times.
The report states that motorists are “now on their own” this year, after the 20-year-old notification system has faltered.
The licence notifications include relevant registration and VIN numbers of a driver’s vehicle, but have failed to be sent to motorists this year due to the Department of Transport not paying their SA Post Office bill.
“While the Department of Transport concludes a payment regime of outstanding fees, notices won’t be sent,” stated the report.
The Power Report asked the department when the matter will be settled, but it did not reply to questions on the issue.
The department advised drivers to “continuously monitor disc expiry dates and use the provisions of the 21-day grace period to make their annual payments”.
Where to go, and what you need
Car licences can be renewed at licensing offices, municipal centres, and designated post offices.
Motorists will need an application form for the licensing of a motor vehicle (available at a post office or licence office), proof of address, and ID.