Lately there’s been quite a lot of buzz surrounding “student authentication” and what Universities and Colleges need to do to remain compliant. From the landmark case between WGU and the OIG, to the countless billions lost in 2017 alone to academic cheating and financial aid fraud, it’s clear that the time for change is now!

Recently the largest education accrediting agency in the U.S. passed new requirements for student ID authentication. The new regulation(s) stands to change the way institutions are validating / verifying student enrollment and is gaining traction amongst other accreditation agencies.

Under the previous student authentication guidelines, “any institution that offered distance, or correspondence education was required to verify that the student who registers for a course was the same student participating throughout the course. Verification methods deemed acceptable included pins and passwords, as well as proctored examinations.

Taking effect Jan. 2018, the new rules are:

“10.6: Student Authentication Guidelines"

a) An institution that offers distance or correspondence education must: Ensure that the student who registers in a distance, or correspondence education course or program is the same student who participates in and completes the course or program and receives the credit.

(1) A secure login and pass code: 

  • Can be shared amongst individuals and fraudsters
  • Are easily compromised
  • Has no way of securely or accurately verifying the user

(2) Proctored examinations:

  • Can't verify same student is doing course work
  • Students are finding ways to hack the system
  • Designed to catch cheaters only 

(3) New or other technologies and practices that are effective
      in verifying student identification such as BioSig-ID:

  • Integrated with LMS/No per use charge so ideal for continuous authentications
  • Verifies students throughout the course anytime, anywhere
  • Provides next-level forensics and auditing tools that keep you off the naughty list
    and in compliance with regional accreditors and the feds

With the new guideline(s) in place, pins and passcodes and proctored examinations ae no longer viable options, because of their failure to verify a student’s identity.

What schools are left with, is the only PROVEN solution to accurately identify and verify a student’s identity anytime, anywhere throughout a course. The writing is on the wall…

Proper authentication and compliance begins and ends with BioSig-ID the world’s first biometric password that you draw.


Each semester, education loan fraud by criminals who pose as students grows tremendously. The victims?  Mostly low tuition schools offering online or distance learning programs. Fraudsters are easily able to pose as students because they are not required to make a physical presence. As long as a student can make it to census date, they are eligible to receive the thousands of dollars from Pell Grant monies remaining on their student account. Federal financial aid regulations must be able to document attendance in each class where students receive FSA. The Dept. of Education also mandated that schools institute new “academic attendance taking criteria” to determine attendance and last day of attendance.

Also, to consider are managing Official and Unofficial Withdrawals, Title IV calculations using (R2T4 forms), Last Date of Attendance and other requirements These all require the institution to have an accurate and accessible attendance data. It is easy to see why creating better policies for tracking attendance is beneficial. If FSA award has been disbursed and is owed back to the Dept. of Education, the institution must return the money and then try to collect these monies from the student. Good luck, fictitious and fraudulent students are long gone! 

It is a lucrative business with groups as large as 800 fictitious students being reported.  Fraud comes from three types of groups- Individual students, fraud or organized crime rings or unscrupulous bad actors within the institution. According to the U.S. Department of Education, improper Pell grant payments topped $2.2B in 2016. While FSA fraud is nothing new, it is rapidly growing. This growth has spurred the federal government to step in and put pressure on institutions to fix the problem.

So, who's on the hook? Well according to the feds, the schools. 

Colleges and Universities must make sure that all FSA money is disbursed to the students who are there for the right reasons... If not, then the school must pay back all the money. This creates a huge and unnecessary loss of revenue for the school. It can also lead to additional problems such as:

  • Lower institution retention rates
  • Possible changes in government funding models
  • Increased accountability for higher education institutions

Unfortunately, it's not going to get any better until schools are able to detect and sort the real students from the fraudsters. Luckily, this could all be solved easily with air-tight student authentication and the ability to monitor for the signals of fraud.

For years, the OIG and Dept. of Education have stated that schools must adhere to the following requirements associated with distance education Title IV funding:

  1. VERIFY a student’s identity throughout the ENTIRE course
  2. Determine student academic ATTENDANCE
  3. Maintain sufficient EVIDENCE of student attendance

With many institutions, up for accreditation renewal, now’s the time to implement a plan of attack!

The traditional fraud detection process needs to be overhauled. If schools are potentially losing 4% of Title IV funds to fraudulent students, think what that means to a school that disburses $50M - $100M.  That's big money schools stand to retain. 

If only administrators knew they could easily get this money back and return it to their budget. If only they had simply captured student ID authentication logins between course start up and census day.

It's possible.

Thanks to BioSig-ID. This gesture-based biometric software can monitor for fraud and send early warnings to administrators that will stop loan disbursement until they can determine whether the student is truly authentic.

  • Step one is authenticating every student as they enroll at the beginning of the course or during an introductory prep course if your school offers this. 
  • Step two is authenticating student ID multiple times before gradable assignments from course start to census day. (BioSig-ID complies with the new academic activity requirements)
  • Step three add any additional information from internal sources that provide information pointing to a fraudulent student. (ask us what these are, as they can be powerful indicators)

Step four do not disburse balance of FSA UNLESS the student successfully authenticates their identity with BioSig-ID. the password that students draw with their finger or mouse that can't be shared with others.  Optional if you combine our biometric password solution to an additional ID resource like a government ID check at FSA application or course registration (via webcam), you now have a system that is virtually impossible to defraud. Luckily BioProof-ID is such a product – by working with respected virtual proctoring company B Virtual, live agents verify the ID check then watch users complete the last phase of creating their BioSig-ID password. Once BioSig-ID is in use, distance learning institutions will be able to answer the long-posed question, “Who is taking my course online?”. It can track everything - student attendance patterns, login locations and attempts, history, activity, and time. We take the guess work out of the forensics and pinpoint the anomalies that could never be detected by an individual or even a dedicated team. Once the bad actors are found, schools can then put their regular procedures in place, issuing warning letters, or other actions they deem necessary.

This two-prong approach is win-win.  Especially when you factor in the ROI. How about recovering say, $400K, that you might have lost in disbursements to fake students.... would a cost-effective solution that recovers it and meets all federal regulations be worth it?

You do the math. Protect your job and get some help to stop the fraud! 

How BioSig-ID Forensic Tools Catch The 2 Types of Fraud

Fraud using the “virtual highway” is big business with data breaches costing $6.2B in 2016 and Financial Student Aid Fraud (FSAF) costing upwards of $3.8B annually. So you ask how can your institution get your money back?  If you’re an company or univeristy, how can you stop the data breaches?    

Understand there’s at least two types of Internet or device based fraud:

  1. Those who steal your data for financial gain against others, leaving you with the liability costs (credit monitoring, fines, reputation loss, stock price decline, etc..)
  2. Those who enter your enterprise and steal directly from you (ransomware, reimbursement of monies you receive, etc…)  

Where does higher education fit in?

#2 above since students (real and fictitious) are actually stealing what may be 4% of all the FSA your institution dispenses. To bring this home say your school disburses $50M in FSA. The feds suggest 4% is “improperly paid”. Using this math it means $2M has to be paid back to the Dept. of Education and the school is left to try and collect these monies from the student. = Good luck.  

What about data breaches and protection for your company?

#1 above since bad actors seek the data you hold on all your clients/users. Data breaches are common place and costly, we read about them every day. External threats from various hacking and internal threats are the main reasons why breaches occur. We recommend multi-factor authentication using BioSig-ID gesture passwords since sharing, stealing or hacking will not be successful. It stops imposters from logging in. Most of the companies who are breached end up paying recovery costs at $158.00 per breached record and healthcare records cost them $394.00 each. This adds up to $millions of dollars! It even affects share prices. The disclosure last year by Yahoo of two massive user-data breaches (1.5B) in 2013 and 2014 led Verizon to lop $350 million from the purchase price for Yahoo’s internet businesses.  

Finding the origin of fraud is like trying to find a needle in a haystack and fraudsters know it. One of the many reasons that fraud is committed, is because it’s hard to catch the perpetrator. With fraud growing at an alarming rate, many bad actors are able to slip through the cracks.

What if there was some way of combing through all of the raw data, pinpointing fraudsters and recovering lost money?

Fortunately, there is!

In addition to providing award-winning biometric identification and authentication solutions with the world’s first biometric password, BioSig-ID (You draw your password versus type it in, NO hardware required) we can now analyze hundreds of thousands of activities of BioSig-ID usage. These reporting tools provide backend details on how the user is accessing assets, from device to geolocation, to time of day or number of password resets. We review historical pattern analysis and take all of the guess work out of finding fraud.

No matter the industry, BioSig-ID robust analytics reporting has been proven to:

  • Track and notify of potential fraud in REAL time
  • Create a significantly positive ROI when using our forensics
  • Recover lost money and prevent data breaches
  • Provide more transparency to network administrators
  • Catch even the smallest pattern deviation

Once in use, BioSig-ID forensics system knows exactly who users are. It can track many factors from login patterns and attempts, to activity and success rates. BioSig-ID finds the anomalies that could never be detected by an individual, or even a dedicated fraud prevention team and provides alerts in real-time. Once the bad actors are found, clients can handle it from there, taking whatever action they deem necessary.

The BioSig-ID forensics are derived by having your users create/draw their unique gesture biometric passwords when logging in to a device or virtual asset. After years of use in 95 countries and 10 million uses, BioSig-ID has significant data and power to filter out the bad actors.  Our state of the art analytics tool has become fine-tuned in pattern analysis used to find academic fraud, access to your device or account fraud and financial fraud. 

Life’s too short to be chasing fraudsters. Let BioSig-ID’s fraud buster forensic tool help you find the needle in the haystack so you don’t have to.

Pell Grant and Direct Student Loan Fraud are two of the biggest obstacles plaguing institutions of higher education and the worst part is, there’s no immediate end in sight. In 2016, almost $4 billion was disbursed improperly. With the feds cracking down and looking at new funding models, it’s uncertain what the future holds for financial aid or how it will affect students and schools. The feds have responded with new regulations that now make Title IV funding dependent on whether you are compliant with adequate student ID verification. Don’t you not want to know about this?

The latest case study from Biometric Signature ID (BSI) examines a series of best practices that have been collected from our clients who are using BioSig-ID, the world’s first biometric password. Initially it was implemented as an academic integrity strategy to ensure institutions verify and authenticate online students, However, the serendipitous discovery of BioSig-ID’s success in deterring FSA fraud has expanded the application of BSI’s tool beyond the focus of its original intended use. BioSig-ID is a powerful tool used to identity fraudulent activity. Ultimately this saves the institution, legitimate students and taxpayers who are all affected in some way by federal student aid fraud. What are the two ways that the feds make the school pay the tab for fraudulent students?

Biometric Signature ID is a leader in the Identity and Access as a Service (IDaaS) market. To view the entire study please click here.

Recently, several of the world’s top professional poker players revealed that they have been victims of a hacker or group of hackers who took over some of their non-poker online accounts. The security weakness that allowed this to happen was one most people wouldn’t expect: two-factor authentication (2FA). 

One of the most common forms of 2FA is SMS text messaging using a person’s cell phone. It makes sense. Almost everybody has a cell phone – smart or otherwise – and can easily retrieve a pin and password via SMS technology. However, it’s not secure! In fact, in the latest draft of their Digital Authentication Guideline, the National Institute of Standards and Technology (NIST) noted that “using SMS is no longer recommended as a credible two-factor authentication system because of its many insecurities”.

In the case of the poker players, they requested sensitive personal information that was provided to them via SMS text messaging. This ultimately allowed someone to take over several of their non-poker related online accounts.

Ultimately the weak link is the cell phone company. Whether it’s ghost towers, negligent customer service representatives, a hacked phone, or a mass data breach it’s a known fact that cell phones are often a major source of personal identity theft and fraud. It’s also important to note that while this appears to be an isolated incident, it’s not. This time it was four professional poker players, but there’s no telling how many others could have been affected by this same breach, OR how many people are plagued by similar issues around the world each day for that matter.

The writing is on the wall or in this case your phone, so here’s what we know. 2FA authentication is out, multifactor authentication (MFA) is in (something you know, something you are). Biometric Signature ID has the solution you need to keep your personal identity safe. Using our revolutionary MFA biometric solution BioTect-ID, we can lock down a device, authenticate users in seconds and in the case of an attempted breach, revoke access. Cloud-based identity protection at your fingertips:

  • BioTect-ID (SKSA) now locks access to devices
  • BioSig-ID (SKSA) locks access to web applications

If you worry about the security of your customers call us. BioMetric Signature ID has proven id authentication with over 10 million uses in 95 countries. Cloud-based identity protection without software downloads or additional costly hardware. SMS alone cannot do that.