Before the Internet, all education was delivered face-to-face. You went to university or college and attended classes and exams in person. There were no PINs, no passwords and no one time access codes. With the evolution of the Internet, all aspects of our lives changed, from education to shopping and travel – you name it, it went online.
However, along with this wholesale shift to online services comes the inevitable explosion in online fraud, security threats and identity theft. While online identity fraud problem used to be primarily a problem for businesses, the move online spawned by the COVID-19 pandemic exposes educational institutions - such as universities and healthcare providers - to greater risk of fraud as well.
Despite a continued focus on online fraud and security as well as regulations, many organizations still rely on passwords to prove identity. To make matters worse, many users reuse the same password for multiple accounts or use passwords that don’t meet the basic security requirements for complexity.
Biometrics
Biometrics, technologies that utilizes physical and/or behavioral “characteristics” unique to an individual, have long been vaulted as a solution to the password problem. The best-known biometrics - fingerprints, face recognition and voice biometrics - have all found application in access control and telephone security, but have not been widely adopted for internet security.
For example, fingerprint sensors have been used for many years for physical security, such as access to premises and time and attendance in workforce management. In 2013, fingerprint technology came of age when Apple introduced Touch ID to unlock smartphones and then expanded it to unlock Apps Store and Payment applications a year later. Some banks use the fingerprint to secure online mobile transactions, but these are the exception and the technology is a long way from being used as a universal authentication technology for secure online services.
Similarly, face recognition has been widely adopted in passports and border control. Recent developments have also seen face biometrics appear in some IT security and online identity authentication applications, but the applications are far from universal.
In the telephone customer service, voice biometrics is becoming more prevalent. Many banks in the U.K., Australia, Canada and New Zealand, along with some government agencies, have adopted voice biometrics for automatic call identity authentication.
In telephone services, voice biometrics has a strong business case as it eliminates the need for customers to answer personal information questions (such as mother’s maiden name) which not only speeds up the service delivery saving the business money, but is more accurate and effective at detecting and tracking identity fraud in the telephone channel.
A new paradigm for online security
While biometrics are proven as a powerful identity authentication technology for specific applications such as access to devices, border control and telephone call centers, the wide-spread use of biometrics has yet to be maximized as a technology to secure online services and applications.
There have been recent developments on a new paradigm for online identity authentication. Higher education in particular requires a seamless continuous verification of the user’s identity whilst browsing a secure website.
This can be achieved via a relatively simple concept. On an enabled website, a code downloads to the browser on the user’s device, be it PC, laptop, tablet or smartphone and switches on the camera and microphone on that device. (Naturally, these are only switched on with the user’s permission.) This, in effect, allows the website to see and hear the user accessing the website, much like a familiar video conference call, but now with a website.
Behind the scenes, a unique combination of biometric and non-biometric technologies is used to continuously track and validate the user’s identity. Fused speaker and speech recognition technologies recognize who the speaker is and what they are saying. This works in tandem with face biometrics to validate that the voice matches the face. After all, voices come from faces and the right voice must come from the right face.
To enhance privacy, “gaze technology” can analyze eye movement to ensure that the voice is only monitored when user is looking at the camera and speaking to the website. The latest technology ignores the speaker if their face is turned away. It only recognizes and validates the user’s spoken commands when the user is addressing the website.
Depending on business rules, voice biometrics technologies can blank the screen unless the verified face is detected. Rules can also be applied that blank the screen if multiple faces appear. This is particularly useful when accessing confidential information from an insecure location, such as viewing medical records, financial reports, or government information from a home office or a public place.
The experience nowadays can be much like video conferences, such as Zoom, WebEx, Teams (to name a few), which people have become more familiar and comfortable with over recent months. But instead of interacting with another human, the user interacts with a biometric engine that is informing a secure website of the identity verification status of the person accessing that website. This can be useful for educational institutions conducting online testing and for enterprises trying to manage secure access to sensitive data. Voice biometrics can also be helpful for online delivery of confidential health services or records, as well as for payment services and banking.
One of the benefits of this newer technology for the enterprise, is the technology can use the existing browser technology and existing hardware on the user’s device. Users do not need additional hardware or software, one-time passwords or access to email.
Preventing identity fraud in online education
While originally developed with online banking and financial services in mind, the COVID-19 pandemic has driven significant interest in the latest biometrics from the education sector.
COVID-19 has caused many large educational institutions to accelerate the transition to online delivery of educational services. This has highlighted the issue of student identity and specifically the identity of students during online examination and testing. How do you know that it is the registered student taking the online examination?
Leading universities around the world, require continuous authentication of students undertaking online examinations. Using the camera and microphone on the student’s computer, technology can detect if the correct face is in front of the computer and blanks the screen when there is no face or when an incorrect face or multiple faces are detected. Voice biometrics augments the face recognition to positively assert the student identity and to detect if the student is speaking during the examination.
These concepts are in their infancy, but present a unique possibility for educational institutions around the globe who are looking to implement secure technologies for online learning. The next stages involve marrying with AI chat bots, speech synthesis and avatar technology to provide a secure two-way multi-media conversational user experience. In effect, this creates a synthetic customer service agent that recognizes who the person is, what they want and responds using spoken and visual cues.