Many of the challenges we face in the testing industry have changed, while some remain exactly the same – such as ensuring the person who shows up to take a test is who they say they are. Not only does the challenge of proxy test taking still exist, but it has also become greater with new technology. One example is deepfake, which gives people the ability to become someone else during an online test.
The technology used by professional impersonators doesn’t have to be highly advanced, however. Anyone with a decent printer and laminator can fake a passport and use it as identification to sign up for a remote proctored exam, for instance. While we have processes and tools in place to prevent this type of test fraud, technology has advanced much further and at a rapid pace. The use of deepfake is a relatively new method of impersonating test takers.
This blog explores how multi-biometric analysis, global search capabilities and deepfake detection can be used to mitigate risks and increase test security. Whether the technology used by impersonators is as advanced as deepfake, or more basic identification fraud.
Multiple biometric checks
The first step is to strengthen biometric checks with multiple layers, capturing several of the characteristics that make a human being unique:
- Face – image capture at the time of test registration, via the test taker’s webcam.
- Keystroke – captured during registration, when the test taker types on the keyboard.
- Voice – audio recording during registration, via the test taker’s device.
These checks don’t need to be complicated or time consuming for the test taker. Keystroke patterns can be captured as test takers type the information needed to register for a test. And the images required for facial recognition will be captured during standard ID checks during the test registration process.
Algorithms with human oversight
With multiple layers of biometrics captured, a series of algorithms is used to identify similarities between test takers that might indicate a proxy test taker. Keystroke biometrics for example, measures characteristics such as speed, rhythm, and typing patterns. A flag is raised if the algorithm spots a pre-determined level of similarities. This is then passed on for human review.
For example, based on the policy of the testing program, a 97% facial match might trigger a human review, a 98% voice match, or a 99% keystroke match. The score will be based on the volume of assessments, ensuring a high probability that the test taker is an imposter.
The final check is a double-blind review. Two separate human beings check the results, to reduce any risk of collusion, bias or human error. Only then is a decision made that fraud has likely been committed and further action is needed.
Deepfake detection and advanced ID verification
In addition to capturing and cross-referencing multiple biometrics, ETS and PSI are working with third parties to add further layers to our test security capabilities, with advanced ID verification and deepfake detection.
Working with Entrust, a global leader in identity-centric security, we now have access to a global database for biometric matching that increases our ability to identify professional test takers and testing rings.
Yet another layer is deepfake detection that uses algorithms to spot anomalies in points on the face or facial movements – such as freckles, unusual head movements, or lack of blinking. These ‘liveness checks’ are all cues that demonstrate whether a person is really a human and they are hard to mimic, even with deepfake.
Read about our partnership with Entrust to fight fraud in assessment and credentialing.
Protecting your brand
These multiple layers of technological and human safeguard are in place to protect the honest test taker. At the same time, they protect the integrity of a test score, the value of a credential, and the test owner’s brand. We know that test owners invest a lot in building their reputation and brand, and we are committed to protecting that.
The test taker and other stakeholders need to trust the test outcome. Knowing there are rigorous and effective controls in place to prevent test fraud enhances that trust. The multiple biometric checks used by PSI and ETS demonstrate our commitment to building trust in your credentials, and they differentiate us from other providers.
What’s next for test security?
In almost every area of life, we want things now. Whether it’s online shopping or streaming a movie. Test results are no different. The move towards real time information and real time decision making allows us to provide a test outcome with more confidence. Then the test taker can progress to the next stage of their life – be it university, college, or employment – with a valid test result. The faster we can do that, the more we are helping people.
When it comes to the next threat on the horizon, we are only in the infancy of deepfakes and deepfake detection. Our next goal is prevention. Much like a lockdown browser prevents access to other applications, such as copy and paste, we are looking at technologies that will prevent a test taker’s device from using deepfake capabilities. It’s a move from deterrence to prevention.
We are constantly scanning for new test security threats and new ways to overcome them. In the meantime, our underlying methodology of multiple biometrics, global search and deepfake detection, is continually ensuring the protection of test integrity and maintaining the value of credentials.