The World's Only Test Security Blog
Pull up a chair among Caveon's experts in psychometrics, psychology, data science, test security, law, education, and oh-so-many other fields and join in the conversation about all things test security.
Posted by Caveon
updated over a week ago
Online proctoring (sometimes referred to as remote proctoring) is the observation of a test taker during an exam by a neutral third party via a webcam. The proctor authenticates the examinee's identity and monitors their behavior throughout the exam to ensure the security and integrity of the test being administered. Unlike on-site proctoring, remote online proctoring services take place over the internet in a separate location from the test taker.
Online proctoring typically works through a third-party vendor that validates the examinee's identity, informs the examinee of test-taking rules and policies before the test begins, and monitors the test taking practices of the examinee throughout the exam. The proctor's job is to keep a vigilant eye out for any cheating, fraud, or other misconduct that may take place during the exam. In addition, the proctor is typically responsible for various administrative duties and resolving any non-security-related issues the test taker might experience (such as technical difficulties).
As the remote proctor observes the examinee throughout the test, special attention is paid to the examinee's surroundings to ensure that hidden cameras, cell phones, peers, or other unauthorized materials are not present and to confirm that the examinee is not cheating and that the test content is not being copied or stolen.
When examinee behavior is not in line with test taking policies or rules, proctors can pause the test to look into the situation, issue a warning, or end the test altogether.
There are three areas of the test security process: prevention, deterrence, and detection/reaction. First, to prevent threats if you can. Second, to deter people from trying to breach your security whenever possible. If neither of those work, to detect the security breach and then react to minimize the damage. But what role does proctoring play within each of these three areas of security, and is proctoring a robust enough security measure to prevent, deter, and detect security threats on its own?
An online proctor's role is mostly passive, confined to scanning the test taker's viewable area, looking for misbehavior throughout the exam, and attempting to deter cheating. As a result, remote proctors cannot directly prevent test security threats; a test taker can still consult cheat sheets, record the test session, copy the answers, or carry out any other form of cheating at any time. None of them can be stopped by proctoring staff—proctors can only catch these threats once they have already occurred.
Proctoring's greatest strength is its deterrent effect against cheating and test theft. By simply being present, proctors discourage would-be-cheaters from carrying out any testing malfeasances, as examinees know they are being monitored. This effect is enhanced in remote proctoring as test takers must assume they are constantly being watched. Without the in-person advantage of waiting for the proctor to turn away or get distracted before attempting to cheat, online proctoring has the advantage of a streamlined and uninterrupted deterrent effect.
Unfortunately, and despite what many think, a proctor's impact is relatively limited when it comes to discovering infractions to the rules. While proctors claim to uncover examinees who are communicating with others, using cheat sheets or cell phones, or copying the test questions for later use or distribution, they can be easily fooled. Similarly, a proctor is unable to detect some of the most harmful forms of cheating—identifying hidden cameras or devices, catching proxy test takers, or stopping individuals from using pre-knowledge to cheat on the exam.
With these three principles of security—prevention, deterrence, detection—in mind, it becomes clear that online proctoring is not sufficient on its own, and it should never be a program's standalone security strategy. Rather, it should be a piece of a comprehensive security strategy. To learn more about the in-depth advantages and disadvantages of proctoring, read the white paper, "The Past, Present, and Future of Proctoring."
The whole reason remote proctoring exists is to help ensure the validity and security of an exam. Factors such as cost, effectiveness, reputation, and scalability are important, and while there are several systematic factors (such as LMS integration and customer support options) to bear in mind when selecting the remote proctoring service, the most critical factors should be the security considerations. While this list of five features is not exhaustive, it's important to note that if any of these five elements are missing, an exam's security can suffer heavily.
Your proctoring vendor should be able to work closely with you and provide the necessary data for any additional security measures needed to protect the validity of your exams. Services such as data forensics, web monitoring, and exam audits are offered by third-party test security vendors who are dedicated to ensuring the authenticity of exams and the integrity of organizations. Services like these not only provide added peace of mind throughout the test administration process, but they can help guarantee the security of your exam and the validity of your test scores.
For example, in the case of data forensics, suspicious patterns in your testing data can uncover threats and expose testing irregularities and other cheating efforts. You can learn whether test takers are colluding or using pre-knowledge, whether proxy test takers are posing as regular examinees, and more.
Since proctors can be a security vulnerability in and of themselves, they should not be able to view an examinee's screen or any of the test questions. This measure stops proctors from prompting a test taker toward the correct answer or copying down the test questions themselves. Since one of the easiest ways your exam content can end up on the internet is through the unauthorized distribution of test content, every measure must be exhausted to ensure test content is viewed by as few eyes as possible. The proctors themselves should never be able to view the test questions.
It is nearly impossible to discern whether an individual's ID is real, especially over a webcam. However, there are measures for authenticating test takers through biometric signature analysis and other verification methods that make it far more difficult for would-be proxy test takers to gain access to the exam or falsify a passing score for another examinee.
This security feature gives room for an unplanned investigation into suspected testing malfeasances. Less permanent than terminating an exam, this function provides proctoring staff the opportunity to take a deeper look into a situation before moving forward with more permanent measures, such as invalidating a score.
In an ideal world, proctors will always be well-trained and highly invested in every test session they monitor. But that isn't always the case. Proctors are not always well-trained, they are not infallible, and they can be easy to fool (see how easy it can be to use hidden cameras during a proctored exam in this video). Perhaps your data forensics measures uncovered a potential cheating ring and you need to take a closer look into the individual test sessions of examinees, or perhaps you discovered a cache of live exam questions on the internet and need to find out how widely they were spread. Whatever the scenario, access to recorded test sessions is a high-priority checklist item to ensure that test takers—and test monitors—are following the rules.
In all, remote proctoring is not sufficient on its own, and it should never be a program's standalone security strategy. While there are systematic factors (such as LMS integration, customer support options, and cost) to consider when selecting your online proctoring service, the security factors available should be front-of-mind.
For more than 18 years, Caveon Test Security has driven the discussion and practice of exam security in the testing industry. Today, as the recognized leader in the field, we have expanded our offerings to encompass innovative solutions and technologies that provide comprehensive protection: Solutions designed to detect, deter, and even prevent test fraud.