Each semester, education loan fraud by criminals who pose as students grows tremendously. The victims?  Mostly low tuition schools offering online or distance learning programs. Fraudsters are easily able to pose as students because they are not required to make a physical presence. As long as a student can make it to census date, they are eligible to receive the thousands of dollars from Pell Grant monies remaining on their student account. Federal financial aid regulations must be able to document attendance in each class where students receive FSA. The Dept. of Education also mandated that schools institute new “academic attendance taking criteria” to determine attendance and last day of attendance.

Also, to consider are managing Official and Unofficial Withdrawals, Title IV calculations using (R2T4 forms), Last Date of Attendance and other requirements These all require the institution to have an accurate and accessible attendance data. It is easy to see why creating better policies for tracking attendance is beneficial. If FSA award has been disbursed and is owed back to the Dept. of Education, the institution must return the money and then try to collect these monies from the student. Good luck, fictitious and fraudulent students are long gone! 

It is a lucrative business with groups as large as 800 fictitious students being reported.  Fraud comes from three types of groups- Individual students, fraud or organized crime rings or unscrupulous bad actors within the institution. According to the U.S. Department of Education, improper Pell grant payments topped $2.2B in 2016. While FSA fraud is nothing new, it is rapidly growing. This growth has spurred the federal government to step in and put pressure on institutions to fix the problem.

So, who's on the hook? Well according to the feds, the schools. 

Colleges and Universities must make sure that all FSA money is disbursed to the students who are there for the right reasons... If not, then the school must pay back all the money. This creates a huge and unnecessary loss of revenue for the school. It can also lead to additional problems such as:

  • Lower institution retention rates
  • Possible changes in government funding models
  • Increased accountability for higher education institutions

Unfortunately, it's not going to get any better until schools are able to detect and sort the real students from the fraudsters. Luckily, this could all be solved easily with air-tight student authentication and the ability to monitor for the signals of fraud.

For years, the OIG and Dept. of Education have stated that schools must adhere to the following requirements associated with distance education Title IV funding:

  1. VERIFY a student’s identity throughout the ENTIRE course
  2. Determine student academic ATTENDANCE
  3. Maintain sufficient EVIDENCE of student attendance

With many institutions, up for accreditation renewal, now’s the time to implement a plan of attack!

The traditional fraud detection process needs to be overhauled. If schools are potentially losing 4% of Title IV funds to fraudulent students, think what that means to a school that disburses $50M - $100M.  That's big money schools stand to retain. 

If only administrators knew they could easily get this money back and return it to their budget. If only they had simply captured student ID authentication logins between course start up and census day.

It's possible.

Thanks to BioSig-ID. This gesture-based biometric software can monitor for fraud and send early warnings to administrators that will stop loan disbursement until they can determine whether the student is truly authentic.

  • Step one is authenticating every student as they enroll at the beginning of the course or during an introductory prep course if your school offers this. 
  • Step two is authenticating student ID multiple times before gradable assignments from course start to census day. (BioSig-ID complies with the new academic activity requirements)
  • Step three add any additional information from internal sources that provide information pointing to a fraudulent student. (ask us what these are, as they can be powerful indicators)

Step four do not disburse balance of FSA UNLESS the student successfully authenticates their identity with BioSig-ID. the password that students draw with their finger or mouse that can't be shared with others.  Optional if you combine our biometric password solution to an additional ID resource like a government ID check at FSA application or course registration (via webcam), you now have a system that is virtually impossible to defraud. Luckily BioProof-ID is such a product – by working with respected virtual proctoring company B Virtual, live agents verify the ID check then watch users complete the last phase of creating their BioSig-ID password. Once BioSig-ID is in use, distance learning institutions will be able to answer the long-posed question, “Who is taking my course online?”. It can track everything - student attendance patterns, login locations and attempts, history, activity, and time. We take the guess work out of the forensics and pinpoint the anomalies that could never be detected by an individual or even a dedicated team. Once the bad actors are found, schools can then put their regular procedures in place, issuing warning letters, or other actions they deem necessary.

This two-prong approach is win-win.  Especially when you factor in the ROI. How about recovering say, $400K, that you might have lost in disbursements to fake students.... would a cost-effective solution that recovers it and meets all federal regulations be worth it?

You do the math. Protect your job and get some help to stop the fraud! 

How BioSig-ID Forensic Tools Catch The 2 Types of Fraud

Fraud using the “virtual highway” is big business with data breaches costing $6.2B in 2016 and Financial Student Aid Fraud (FSAF) costing upwards of $3.8B annually. So you ask how can your institution get your money back?  If you’re an company or univeristy, how can you stop the data breaches?    

Understand there’s at least two types of Internet or device based fraud:

  1. Those who steal your data for financial gain against others, leaving you with the liability costs (credit monitoring, fines, reputation loss, stock price decline, etc..)
  2. Those who enter your enterprise and steal directly from you (ransomware, reimbursement of monies you receive, etc…)  

Where does higher education fit in?

#2 above since students (real and fictitious) are actually stealing what may be 4% of all the FSA your institution dispenses. To bring this home say your school disburses $50M in FSA. The feds suggest 4% is “improperly paid”. Using this math it means $2M has to be paid back to the Dept. of Education and the school is left to try and collect these monies from the student. = Good luck.  

What about data breaches and protection for your company?

#1 above since bad actors seek the data you hold on all your clients/users. Data breaches are common place and costly, we read about them every day. External threats from various hacking and internal threats are the main reasons why breaches occur. We recommend multi-factor authentication using BioSig-ID gesture passwords since sharing, stealing or hacking will not be successful. It stops imposters from logging in. Most of the companies who are breached end up paying recovery costs at $158.00 per breached record and healthcare records cost them $394.00 each. This adds up to $millions of dollars! It even affects share prices. The disclosure last year by Yahoo of two massive user-data breaches (1.5B) in 2013 and 2014 led Verizon to lop $350 million from the purchase price for Yahoo’s internet businesses.  

Finding the origin of fraud is like trying to find a needle in a haystack and fraudsters know it. One of the many reasons that fraud is committed, is because it’s hard to catch the perpetrator. With fraud growing at an alarming rate, many bad actors are able to slip through the cracks.

What if there was some way of combing through all of the raw data, pinpointing fraudsters and recovering lost money?

Fortunately, there is!

In addition to providing award-winning biometric identification and authentication solutions with the world’s first biometric password, BioSig-ID (You draw your password versus type it in, NO hardware required) we can now analyze hundreds of thousands of activities of BioSig-ID usage. These reporting tools provide backend details on how the user is accessing assets, from device to geolocation, to time of day or number of password resets. We review historical pattern analysis and take all of the guess work out of finding fraud.

No matter the industry, BioSig-ID robust analytics reporting has been proven to:

  • Track and notify of potential fraud in REAL time
  • Create a significantly positive ROI when using our forensics
  • Recover lost money and prevent data breaches
  • Provide more transparency to network administrators
  • Catch even the smallest pattern deviation

Once in use, BioSig-ID forensics system knows exactly who users are. It can track many factors from login patterns and attempts, to activity and success rates. BioSig-ID finds the anomalies that could never be detected by an individual, or even a dedicated fraud prevention team and provides alerts in real-time. Once the bad actors are found, clients can handle it from there, taking whatever action they deem necessary.

The BioSig-ID forensics are derived by having your users create/draw their unique gesture biometric passwords when logging in to a device or virtual asset. After years of use in 95 countries and 10 million uses, BioSig-ID has significant data and power to filter out the bad actors.  Our state of the art analytics tool has become fine-tuned in pattern analysis used to find academic fraud, access to your device or account fraud and financial fraud. 

Life’s too short to be chasing fraudsters. Let BioSig-ID’s fraud buster forensic tool help you find the needle in the haystack so you don’t have to. 


Pell Grant and Direct Student Loan Fraud are two of the biggest obstacles plaguing institutions of higher education and the worst part is, there’s no immediate end in sight. In 2016, almost $4 billion was disbursed improperly. With the feds cracking down and looking at new funding models, it’s uncertain what the future holds for financial aid or how it will affect students and schools. The feds have responded with new regulations that now make Title IV funding dependent on whether you are compliant with adequate student ID verification. Don’t you not want to know about this?

The latest case study from Biometric Signature ID (BSI) examines a series of best practices that have been collected from our clients who are using BioSig-ID, the world’s first biometric password. Initially it was implemented as an academic integrity strategy to ensure institutions verify and authenticate online students, However, the serendipitous discovery of BioSig-ID’s success in deterring FSA fraud has expanded the application of BSI’s tool beyond the focus of its original intended use. BioSig-ID is a powerful tool used to identity fraudulent activity. Ultimately this saves the institution, legitimate students and taxpayers who are all affected in some way by federal student aid fraud. What are the two ways that the feds make the school pay the tab for fraudulent students?

Biometric Signature ID is a leader in the Identity and Access as a Service (IDaaS) market. To view the entire study please click here.

Recently, several of the world’s top professional poker players revealed that they have been victims of a hacker or group of hackers who took over some of their non-poker online accounts. The security weakness that allowed this to happen was one most people wouldn’t expect: two-factor authentication (2FA). 

One of the most common forms of 2FA is SMS text messaging using a person’s cell phone. It makes sense. Almost everybody has a cell phone – smart or otherwise – and can easily retrieve a pin and password via SMS technology. However, it’s not secure! In fact, in the latest draft of their Digital Authentication Guideline, the National Institute of Standards and Technology (NIST) noted that “using SMS is no longer recommended as a credible two-factor authentication system because of its many insecurities”.

In the case of the poker players, they requested sensitive personal information that was provided to them via SMS text messaging. This ultimately allowed someone to take over several of their non-poker related online accounts.

Ultimately the weak link is the cell phone company. Whether it’s ghost towers, negligent customer service representatives, a hacked phone, or a mass data breach it’s a known fact that cell phones are often a major source of personal identity theft and fraud. It’s also important to note that while this appears to be an isolated incident, it’s not. This time it was four professional poker players, but there’s no telling how many others could have been affected by this same breach, OR how many people are plagued by similar issues around the world each day for that matter.

The writing is on the wall or in this case your phone, so here’s what we know. 2FA authentication is out, multifactor authentication (MFA) is in (something you know, something you are). Biometric Signature ID has the solution you need to keep your personal identity safe. Using our revolutionary MFA biometric solution BioTect-ID, we can lock down a device, authenticate users in seconds and in the case of an attempted breach, revoke access. Cloud-based identity protection at your fingertips:

  • BioTect-ID (SKSA) now locks access to devices
  • BioSig-ID (SKSA) locks access to web applications

If you worry about the security of your customers call us. BioMetric Signature ID has proven id authentication with over 10 million uses in 95 countries. Cloud-based identity protection without software downloads or additional costly hardware. SMS alone cannot do that. 


The ability of telehealth companies to do business in Texas--the last major U.S. market stymieing the growth of video doctor consultations--cleared a key hurdle when a bill widening patient access cleared the House of Representatives.

The new legislation is the latest victory for the Telehealthcare industry. Passage has opened a market of 28 million people to telehealth companies like American Well, MDLive and Teladoc that all offer access to physicians and patients via smartphone, tablet or computer. In recent years, employers and private insurers have started embracing the trend as a way to make healthcare more convenient and avoid costly and unnecessary trips to the emergency room, or a more expensive physician’s office. But there’s still some side effects…

While Telehealthcare continues to help keep costs down and makes it more convenient for patients, there’s a lot of risk with web-based medical services. EMR records are stored digitally, E-script companies and patient portal systems typically still only require a pin and password for access and current authentication methods are outdated, costly and unreliable.

The fact is, data breaches are up. A recent Accenture study found that 26 percent of Americans, or more than one in four, had had their health care data breached—meaning that health systems need to step up their efforts when it comes to privacy. In 2015, Anthem, the largest health insurance company in the U.S. was subject to a massive data breach forcing them to pay a record $115M to settle data breach suit. If approved, this settlement will mark the largest payout to date for a data breach case.

The new legislation that was passed in Texas allows telehealth consultations between a physician and a patient AS LONG AS the clinician complies with certain standards such as use of “clinically relevant photographic or video images, but even this can be bypassed or hacked.

It’s time that patients demand stronger security measures and it’s up to providers and physicians to ensure that they stay vigilant in safeguarding personal information.

BioMetric Signature ID’s suite of products including BioSig-ID, BioTect-ID and BioProof-ID gives you the tools and confidence you need to successfully combat fraudulent activity. Proven with over 10 millions uses, our gesture biometric security combines a great user experience with an ID verification solution unlike anything else on the market today. Best of all, NO downloads or hardware required! Visit our web site today and take a test drive to experience BioSig-ID™ for yourself.