Students need to be vigilant when using payment platforms, NSFAS warns

NSFAS has warned students to be vigilant when using online allowance payment platforms after what it says were attempted cyber attacks targeting sensitive student data.  

The fund said the attacks were aimed at the platforms of the four fintech companies it hired last year to distribute student allowances. The companies are eZaga, Tenet Technology, Coinvest Africa and Norraco Corporation. Some of these platforms have students’ identity numbers, addresses and contact numbers. 

“This is with the intention to steal student data and intercept allowances and render the new system unsafe. NSFAS is investigating such cases and will involve the assistance of law enforcement,” said NSFAS chairperson Ernest Khoza recently. 

The fund’s spokesperson Slumezi Skosana told Sowetan the imposters create fake platforms that look similar to that of the fintech companies and then lure students to type in personal information that could compromise their accounts. 

“When it comes to the breaching of cyber attacks, NSFAS and the four partnered companies have not experienced any sort of breach, but we have had attempts on the system by individuals who  tried to get in, not only our systems and that of our partners,” said Skosana. 

He said they had also come across clones of the official website. 

“This is not an everyday occurrence but there are days where we would pick up four to seven fictitious websites that are pretending to be NSFAS. Now this is not speaking on behalf of our partners but what NSFAS has picked up on our networks. When we pick up these websites, they are immediately shut down,” said Skosana.

Norraco Corporation said it had experienced attempted attacks on its systems but did not want to give further details. 

eZaga director Saud Ally, blamed the attacks on what he termed “corporate espionage”. which he said was being investigated. 

“We have put in place comprehensive security measures to fortify our systems against unauthorised access, data breaches, and other cyber threats from advanced encryption protocols to robust access controls and continuous monitoring. Furthermore, we understand that cybersecurity is not a one-time effort but an ongoing and dynamic process,” said Ally. 

Ryan Passmore from Tenet Technology said it used similar security measures as banking systems to safeguard student data.

“We haven’t experienced any attacks and we would be able to pick up such instances quickly. We also have verification methods such as OTP (one-time password) and other methods that your average bank uses but what we often come across is that students aren’t careful with whom they share their data with and we advise against this,” said Passmore. 

Skosana said students should look out for websites that don’t have verification methods.

“To stay safe, they must avoid websites without OTPs or other steps like our learner communication process ‘Know Your Client’, which uses facial recognition or photo verification. Be cautious with such sites,” said Skosana. 

With the fund covering over one million students, Skosana said that students’ data was very important.

“Once someone tries to access our system, we are immediately alerted by firewalls and other security measures put in place. This is not a problem that is only starting now but one that existed prior to our direct programme, but we have measures put in place and there have not been any successful breeches so far.

“We just urge students to be more vigilant of not only the people they share their data with but also when they log in on these platforms,” said Skosana.