The fraud triangle : understanding and mitigating threats to test and exam security

2,984 views

Published on

The fraud triangle : understanding and mitigating threats to test and exam security

Published in: Technology, Education
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,984
On SlideShare
0
From Embeds
0
Number of Embeds
143
Actions
Shares
0
Downloads
0
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

The fraud triangle : understanding and mitigating threats to test and exam security

  1. 1. Eric Shepherd eric@questionmark.comCopyright © 1995-2010 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved.Questionmark is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
  2. 2. Fraud Triangle Threats Rationalization  Impersonation Opportunity  Content Theft Motivation  Cheating Copyright © 1995-2010 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. Questionmark is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
  3. 3. Donald Cressey, a famed criminologist, came up with a hypothesis while researching his doctoral thesis in the 1950s now called the “Fraud Triangle” it explains why people commit fraud. In order to reduce the likelihood of fraudulent activities we need to remove one of the elements of the Fraud Triangle. Motivation The three key elements in the Fraud Triangle are Motivation, Rationalization, and Opportunity. Fraud Risk Opportunity RationalizationCopyright © 1995-2010 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. Questionmark is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
  4. 4. What’s at Stake? High Life and Limb Higher Medium Promotion & Jobs & Legal Concern Stakes Low Educational Exams Medium Stakes Tests Elearning & Low Stakes Surveys Copyright © 1995-2010 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved.Slide 4 Questionmark is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
  5. 5. Licensure exams Motivation to commit fraud Certification exams Stakes of assessment Summative Assessments Placement tests Pre-certification exams Job Task analysis surveys Needs analysis surveys Post-course test Pre-course test Formative quizzes Course Evaluations Satisfaction surveys Copyright © 1995-2010 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. Questionmark is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.Slide 5
  6. 6. Short Term with Low Trust Relationships Higher threats require more “Oversight” and so cost Public Pre- more Certifications employment Large Programs & Licensing Small ProgramLower threats require less Sales and “Oversight” Regulatory Technical and so cost Compliance Channel less to Verification administer Long Term with High Trust Relationships Copyright © 1995-2010 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. Questionmark is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
  7. 7. Identity Fraud •Proxy takes the test on behalf of the real candidate Content Theft •Content is stolen and sold/given to potential cheaters Cheating •Candidate uses unauthorized “aids” to help them answer the questions Counterfeit Certificates/Licenses •Proof of certification/licensure is counterfeitedCopyright © 1995-2010 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. Questionmark is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
  8. 8. Rationalization Mitigation •Explain the facts: “Everyone else cheats so why •Most people do not cheat shouldn’t I?” •Consequences for cheating “I have no alternative but to •Provide learning environments for the candidate to be able to pass the assessment cheat and I have to pass honestly. because <fill in the blank>.” •Explain some of the security measures that are in place, that there are more, and the “I can get away with this.” consequences if they are caught. •Explain and gain positive agreement to the: •Honesty code “I didn’t know <fill in the •Code of ethics blank>” •Non-Disclosure •Consequences for cheating “The ends justify the means •Explain and gain positive agreement to the: (financial reward).” •Consequences for cheating “The Assessment provider is •Maintain a positive public image incompetent/bad/corrupt/etc.” Copyright © 1995-2010 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved.Slide 8 Questionmark is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
  9. 9. Locking down the candidate’s technology Tight controls over the test papers or (secure browser) to help eliminate the access to the technology before, during possibility of content being electronically and after the assessment harvested Shuffling items and choices and using a Not exposing the scoring algorithm beyond limited number of questions from a pool the content repositories/databases helps reduce item exposure Ensuring that people involved with the content databases have signed NDAs so Securing, and only providing limited access that they are aware of their to, the content repositories/databases responsibilities, the consequences of not fulfilling them and their legal accountability Vigorously following up on infractions Copyright © 1995-2010 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved.Slide 9 Questionmark is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
  10. 10. Formal honesty contracts that are agreed to at each stage of the process that explain the consequences for cheating Invigilation/proctoring of an assessment to monitor candidates’ behaviors Locking down the candidate’s devices, maybe using a secure browser, helps eliminate the possibility of them linking to internet resources via their browsers, instant messaging, etc. Copyright © 1995-2010 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved.Slide 10 Questionmark is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
  11. 11. Minimizes Protect Content ID Fraud Cheating • Personable, consistent Test Centers • Monitor vulnerable to unfair influence √ √ √ Events (Classrooms or • Convenient, personable, consistent Conventions) • Monitor vulnerable to unfair influence √ √ √ • Monitor is less vulnerable Test Station Kiosk √ √ √ • New and not yet widespread • Easy to deploy for use at home PC & 360 webcam • Little for content theft √ X √ • Seems secure PC & webcam & WebEx • Nothing for content theft √ X √ • Works for employees Un-Monitored • Nothing for content theft √ X X Copyright © 1995-2010 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved.Slide 11 Questionmark is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
  12. 12. Levels of Monitoring High Medium Stakes Stakes Exams Low Stakes Exams Exams Diagnostic Tests Formative Quizzes Course Evaluations Stakes of Assessment Copyright © 1995-2010 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. Questionmark is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
  13. 13.  Blog article “Oversight, Monitoring and Deliver of Higher Stakes Assessments Safely and Securely”  http://blog.eric.info/2010/02/oversight-monitoring-and- deliver-of-higher-stakes-assessments-safely-and- securely/  Contact  Web: www.questionmark.com/us/whitepapers  Email: info@questionmark.com Copyright © 1995-2010 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved.Slide 13 Questionmark is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.

×