VIRTUAL PROCTORING – Is It True The System Can Be Broken?

Virtual proctoring, it’s a service nearly everyone is familiar with. Created to help higher-ed institutions protect against cheating, the process is designed to be cheaper than brick and mortar proctoring methods which are typically very expensive. The problem is, it’s not effective.

With technology growing at an unprecedented rate, virtual proctoring companies are not equipped to deal with the emerging technologies and actors that seek to thwart their “cheat proof” systems.

Typically, when taking an online-proctored exam, students are required to have a computer, a monitor, a webcam, and in some cases, device of some sort to show the proctor that you do not have any notes taped to the side of your monitor. Proctors then use their remote access to take over control of your mouse and check the settings on your computer to ensure that you only have one monitor display and to disable your screenshot capability. Finally, the proctor then has you spin your webcam around the room so they can see where you are taking the test. 

In theory, as the test taker you’re stuck in front of your monitor with a webcam that shows everything to a proctor on the other end. Problem solved right? Well… not so fast.

A quick google search shows that these so-called “remote proctoring solutions” can be beat. Blogs and how-to guides like “How to beat online exam proctoring” or "Beating, Cheating, and Defeating Online Proctoring” are just a few places where students can receive information and training on how to cheat on a virtually proctored exam.

Students and faculty alike have also complained that virtual proctoring is intrusive, expensive and ineffective. In an article entitled “Students raise concerns about exam web tool ProctorTrack” the author notes that there is considerable skepticism about tools like ProctorTrack and their ability to combat cheating.

IN FACT, students have taken it upon themselves to demonstrate just how ProctorTrack can be bypassed and have created a guide for beating the system - “On Knuckle Scanners and Cheating – How to Bypass Proctortrack”.

Unfortunately, schools are being sold a feel-good system that students can now drive a truck through to cheat. Liability for collecting physical biometrics like face, fingerprints and the potential hacking of same are important to know about:  

At the end of the day, cheaters and frauds will always try to game the system. It’s been proven that proctoring does little to deter academic dishonesty as a whole. After all, if you know you will be watched you are generally on your best behavior, because cheating can expel you.

Sure, a proctored mid-term or final may keep most students honest, but what about the rest of the semester? AND since all the other gradable assessments that count for most of the GPA are not proctored and use a password to access, students use whoever they want to do the work for great grades. Depending on how a course is weighted, the proctored exam may only account for 30% of the overall grade while the other 70% of the course is fair game for cheaters.

Periodic authentication throughout a course semester is the key for stopping bad actors. If you’re looking for a solution that’s non-invasive, affordable and proven to work, check out BioSig-ID™. Make students happy. Deliver yourself from risk. Re-take control of the classroom.

Some college students are apparently willing to pay hundreds to off load a test or thousands for the whole course. Google “pay to do my homework” is the top monthly search phrase for the top sites most visited to rid one’s self of the onerous task of doing one’s own course work and to guarantee a good grade or your money back.  The phrase, “Do my chemistry homework,” is another top favorite for those who would rather pay than study. 

In 2014 when I first searched there were only a few companies in the business of taking student’s tests, but the field of competitors has grown.  I was the Dean of Academic Technology for Colorado Community College Online (CCCO) then and was looking for a solution to making assessments secure.  Faculty and administrators suspected that there was cheating going on, but we weren’t sure.  We didn’t really know how much it was. 

Something more reminiscent of Mission: Impossible, circa 1996, has come to light last week. We have all held a belief (well, desperately clung to it actually) that it would take a hacker a certain amount of time to guess the password to our personal and office computers. Long enough that they would be caught red-handed, in fact. It gives one those “warm fuzzy” feelings inside, well things got cold and hard with a quickness last week. This is terrible news but don’t quit reading yet, an answer has already been rolled out to keep your PCs safe!

It seems now a hacker can get into your locked PC fast. How fast? Fast enough to make Ethan Hunt jealous. Like, SERIOUSLY jealous. What’s worse? You don’t need to be an agent and steal the technology from the government while running the risk of being disavowed. It is available to the public. Scary right?

A stunning Chronicle of Higher Education article on the new cheating economy in the September 2016 issue exposes the dark underbelly of online education. In a comprehensive investigation, the Chronicle outlines the extraordinary criminal exploitation of online learning today. 
 
From academic imposters who will literally take classes for hire, to writing boiler rooms that churn out theses and even dissertations, to scams that steal billions of dollars in loan funds a year…how much longer can this crazy denial last? It’s a criminal takeover and clear threat to online education’s continued existence. 
 
It’s not that they aren’t solutions. But mostly, Higher Ed refuses to act. What is really going on? Inertia. Diffused responsibilities. Most of all, missing the financial imperative. By ensuring academic integrity by upgrading LMS security, you can potentially recover a significant sum in lost loans. But this message is clearly not getting through.
 
The burgeoning underground has exploded in the last few years, siphoning hundreds of millions of dollars into a shadow academic buy-and-sell marketplace. We’re not talking about just paying for term papers. Now term papers are commissioned. They’re original – and pricey - so you can’t find plagiarized text anymore. 
 
Or consider the promotion-hungry professional who hires someone else to complete his degree. This extremely sophisticated penetration of online learning systems exists to scam grades, degrees and money from your school. The logical end is the destruction of your reputation. 
 
The problem is driven by very poor data management, security and controls, and the illogical use of antiquated tools to identify students.  For an industry that evolved rapidly with technology, it is striking that so few have become early security adopters.

Did you see Feds are phasing out the use of sending secure message texts (SMS) to your cell phones. Why? because it is not secure and has given rise to a lot of fraud- you may have been a victim un-knowingly during a password reset!

National Institute of Standards and Technology (NIST) is  calling for the end of SMS 2-Factor Authentication or "2FA". This was an unavoidable conclusion with all the security holes in cellular/LTE data communications. The carriers (AT&T, Verizon, etc) did not want to spend the money to secure the data, specifically SMS, and that led to the development and rise of apps like WhatsApp. WhatsApp and others are nothing more than secure messaging, as opposed to SMS, unsecure messaging. Where the carriers did not want to spend money, others found a goldmine. You do remember WhatsApp was sold to Facebook for 19 billion (yes, that’s with a “B”) dollars?

Currently one of the largest suppliers of SMS identity verification is via Microsoft Azure (boasting over 20 million users) and we will see a large number of them leaving in droves. Keep in mind, if NIST says it is a no-go, many corporations will have their hand forced into making a change.

The writing was on the wall. Biometric Signature ID saw the problem. Our BioSig-ID biometrics solves the problem because our biometrics can backup, or invalidate, an identity before and after the fact and SMS alone cannot do that. 

Here is a link to the full NIST draft: https://pages.nist.gov/800-63-3/sp800-63b.html

Check out this video here: https://youtu.be/_jUJ0UxZfds