Biometrics outshine PIN & passwords for verification of online enrollment and test-taking while reducing financial aid fraud

cheating-grant-fraudAs of 2008, the reauthorization of the Higher Education Act mandates that universities and colleges in the U.S. instill a process to verify the identity of online students.

But with the failure of ordinary PIN-and-password security measures to completely prevent student cheating and even student-grant fraud, the academic world stands waiting for the other shoe to drop. Additional safeguards will soon be required, if not already called for by local accrediting agencies.

In response, some early-adopting chancellors, administrators, and CEOs have already pegged bio-signature authentication systems as a turnkey approach to providing greater accuracy in student verification. Given the additional advantages that such systems: reside “in the cloud” outside of the college or university‘s business system; require absolutely no additional hardware; entail no extra expense by students; and allow for the monitoring of fraudulent financial activity, this subset of gesture verification is emerging as the valedictorian of second-level ID verification.

“We have utilized signature biometrics for nearly three years with over 10,000 student users, and it has exceeded our expectations,” says Dr. Mark Sarver, CEO of eduKan—a consortium of community colleges offering online courses and degrees regionally accredited by the Higher Learning Commission of the North Central Association of Colleges and Schools. “It provides an identity-proofing solution that is transparent to our students while respecting their privacy, is available anytime, and stays cost-effective for the institution.”

In addressing the accelerated concern that individuals of unknown identity can sit in for someone else on a final exam, collaborate with others to earn a degree or illegally collect financial aid, providers of online courses now require a solution that goes beyond PIN and password checking.

“We used to rely on your basic password ID system,” says Dr. Dana L. Watson, Deputy Chancellor, Academic and Student Services with Central Texas College (CTC)—a public, open-admission community college serving over 50,000 students on military installations, in correctional facilities, in embassies and on ships at sea. “The problem is that passwords can be easily shared.”

(Next page: New identification-checking applications for optimum privacy)

A number of identification-checking modalities have recently surfaced to address this challenge. The gold standard is multi-factor authentication, which encompasses three elements: 1) something only (presumably) the user knows, such as a PIN or password; 2) an item the user has in his/her possession, such as a flash drive, or a token that provides random authentication codes; and 3) biometrics, something physically unique to the individual.

However, the challenge begins at this point. For example, requiring a user to possess a verification tool entails limitations due to the costs of producing and distributing the necessary hardware. Every student would have to have one. Of even greater concern, such devices do not necessarily authenticate the individual, but rather verify that a person has possession of the card or device.

Which leaves biometrics. Examples include fingerprints, iris scans and facial recognition. While these offer near-absolute verification, this type of identification requires a sophisticated, expensive, hardware device to capture and interpret the biometric patterns.

As a subset of biometric physical qualities, dynamic (AKA biomechanical) biometrics offers the possibility of identification without the need of additional hardware. Within this category exist three possibilities: gesture/signature, keystroke and voice recognition.

Yet, voice recognition often results in inaccurate matching because of variations in microphone fidelity. Keystroke analysis establishes the unique patterns and dwell times of an individual while typing. However using a keyboard to enter answers to multiple-choice questions on a test, for instance, does not allow enough time to identify an individual’s unique pattern.

Which leaves gesture/signature recognition, as exemplified via the handwriting of ones name (usually initials), shapes, or series of numbers. On the face of it, one would expect that this option would still necessitate a reader. Yet, recent innovations in software engineering have created a virtual reader that users gain access to via the internet, making it instantly and universally available while still ensuring a high degree of specificity.

In independent testing by the Tolly Group ─ a leading global provider of testing and third-party validation and certification services to the Information Technology industry since 1989─one gesture recognition system, BioSig-ID™, was found to be 27 times more accurate than keystroke analysis reported in earlier evaluations. Observed confidence ratings at 99.97 percent meant that the false positive level of the BioSig-ID software was three times better than guidelines put out by National Institute of Standards and Technology.

Founded in 2007, Biometric Signature ID is a Lewisville, Texas-based company. In excess of 70 clients and nearly 2 million users in all 50 states and approximately 60 countries currently utilize the company’s biosignature software.

Here, identification is accomplished by having students handwrite four letters or numbers within a confined space on a webpage by moving their mouse, stylus or dragging their finger across their smartphone screen. The software assesses the unique pattern of length, angle, speed, height, number of strokes and stores the information in an encrypted database. This data is compared to patterns collected by the user’s subsequent logins, confirming that the person who registered is the same person trying to access the account.

Beyond their high degree of specificity, the latest biosignature systems offer something that few other verifications methodologies benefit from. That is: the complete hosting of the process outside the academic institution’s business system. In effect, such systems represent a turnkey option.

“Probably the most compelling reason for selecting the biosignature means of verification is that we did not need to download any processing software; nor do the students,” concurs Watson. “Given that we provide courses to many members of the armed forces, they certainly could not download any software since the military, understandably, closely guards access to their computers.”

Going one step further, some biosignature systems provide suspicious activity reports to the academic institution, notifying them of potential fraudulent activity such as enlisting someone else to take a final exam.

“The extensive reporting tool provides us with the ability to uncover suspicious behaviors that can identify possible academic dishonesty,” confirms Watson.

For more information, contact Biometric Signature ID at (877) 700-1611, 708 Valley Ridge Cr., Suite 8; Lewisville, TX 75057; To conduct a “test drive” of biosignature technology, visit www.BioSig-ID.com.

David Rizzo, a California-based author, has penned three trade books, 200 technical articles and 500 newspaper columns. Rizzo covers a wide range of topics, specializing in technology, medicine and transportation.


Add your opinion to the discussion.