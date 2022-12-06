The South African Broadcasting Corporation’s (SABC) online payment platform for TV licences is back up and running after being unavailable for almost five months.

The SABC took its online payment platform down after MyBroadband reported a significant security flaw relating to the TV licence web portal.

The SABC appears to have changed the platform’s name from PayNow to FAST Pay.

The web portal lets TV licence owners view the status of their accounts and pay their outstanding fees.

However, a MyBroadband staff member attempting to register on the platform ran into issues when confirming their account using the provided one-time pin (OTP).

It returned an error multiple times, and when they tried to log in afterwards, it said an account had already been registered with the provided credentials.

We resolved the issue by resetting the password, which provided another OTP that was accepted by the platform.

MyBroadband asked the SABC for comment, but it had not answered our questions by publication.

SABC TV licence security vulnerability

MyBroadband noticed that the SABC had taken its online TV licence platform offline in July 2022. However, it is unclear when exactly the public broadcaster took it down.

“We are currently experiencing issues on PayNow. We apologise for the inconvenience,” the SABC’s TV licence page said at the time.

It provided several physical pay points at which SABC customers could pay TV licence fees, including Banks, the Post Office, select retailers, Easypay outlets, Pay AT outlets, and the SABC head office and its branches.

The SABC did not provide a reason for the platform being taken down and didn’t respond to our queries on the matter.

Curiously, this was shortly after MyBroadband reported on a major security flaw on the platform.

The vulnerability allowed attackers to access customer accounts without passwords and view private information, including outstanding bills and account statements.

It also allowed them to view and change any addresses on file.

We promptly notified the SABC about the issue and enquired about a coordinated disclosure arrangement. The vulnerable section of the website remained accessible for a while after we informed the broadcaster.

“The SABC is investigating this matter, as the security of its platforms and protection of its clients’ personal information is of utmost importance,” the public broadcaster’s Head of Communications, Ndileka Cola, said.

The unavailability of the online payment platform would have likely made it difficult for some customers to pay their TV licence fees.

The SABC says TV licence fee evasion rates significantly contribute to its poor financial situation, with 82% of its customers refusing to pay in 2021.

This figure was up slightly from 81% the year before, with 2020’s evasion rate climbing significantly from 69% in 2019.

The SABC’s online TV licence portal has been subject to two other security vulnerabilities in the past — the first in 2016 and the second in 2020.

The first incident was spotted by a MyBroadband reader who pointed out that SABC’s payment gateway provider was using outdated encryption to secure sensitive payment information.

Toward the end of 2020, the public broadcaster warned customers of a hack on the platform after an attacker defaced its website.

It advised users not to leave their details on the website.

However, the following day the SABC announced that it had resolved the issue.