Proxy test taking is when someone takes a test for someone else. This article explains the risk of proxy testers impacting test validity and suggests ten approaches to deal with it.
Proxy test taking is when someone takes a test for someone else. It is a pernicious kind of test fraud. If it is not spotted it means someone can pass a test without having the requisite skills and competence.
Proxy test taking was part of the recent “Varsity Blues” admission testing scandal in the U.S., where children of wealthy parents used test fraud to get admission for their children to prestigious universities. A professional proxy tester, Mark Riddell, was expert enough at the SAT that he could take the test and target whatever score seemed appropriate for the student (high enough to get in, but not high enough to raise alarm bells). He was paid US$10,000 per student and in April 20221 was sentenced to four months in prison for his part in the fraud. Like other forms of test fraud, this was not a victimless crime. For each student who got into university unfairly, another student was rejected and had their life chances reduced.
Even more seriously, proxy test taking seems to be behind2 a Pakistan International Airlines pilot cheating scandal, which led to an air crash and major loss of life. A large number of pilots who lacked the technical knowledge required for one of the piloting exams bribed others to take the exam for them. This lack of competency contributed to a plane crash in Karachi in May 2020, where many people were killed. Following the crash, after an investigation, well over 100 pilots lost their licenses for cheating in these tests.
Proxy testing can involve a professional proxy testing company or person (often found over the Internet) who takes the test for money. Or it can involve a friend or colleague taking the test as a favor. There are three typical scenarios:
- Proxy test taking at a test center. The proxy tester goes to the testing center and pretends to be the test taker, either using a false ID that passes identification checks or else with the complicity of the test center (e.g., a proctor is bribed).
- Proxy test taking with online proctoring. The proxy tester logs onto the system as the test taker, using a false ID or relying on poor video quality to appear to be the test taker.
- Proxy test taking via a remote computer. The real test taker logs into the test but gives access to the computer being used to a proxy tester over the Internet. The test taker sits at the computer and pretends to take the test, but the proxy tester controls the session and answers the test for the test taker.
Proxy testers often use realistic-looking false IDs, and it’s not as easy to spot as in the cartoon.
Whenever proxy test taking happens, someone who doesn’t have the skills and competence to pass the test is able to do so. Unlike some other kinds of test fraud, which might increase someone’s score a little bit, proxy test taking potentially lets someone with no competence at all pass a test, and so each time it happens it has an impact.
There is no single strategy that will protect against and defeat proxy test taking. Proxy test taking happened 100s of years ago in Imperial China and may always happen. But there are lots of good approaches that can reduce it.
Here are ten to consider.
1. Deter test takers by making clear the risk of long-term discovery
Many test takers who try to have a proxy test taker take the test for them are found out. Some are found out immediately, others later. For example, many of the Varsity Blues students who had tests taken for them were found out and expelled from their colleges; as were the pilots in Pakistan.
As Sophocles said: “Do nothing secretly; for Time sees and hears all things, and discloses all.”
Many tests mark the foundation of a career or the start of a professional role. If a test taker gets someone else to take the test for them, that person has leverage over the test taker forever. If using a professional proxy test taker, that person is likely a criminal, and so test takers who use proxies risk their future.
As a test sponsor, you should make it clear that anyone who is found conducting this kind of test fraud will suffer the invalidation of their credentials. There is no statute of limitations on this. It’s also important to publicize cases where this happens, so that future test takers understand that the risk is real.
2. Ask a question only the test taker will know
There is an old and perhaps apocryphal tale from the world of banking compliance. Back in the days when bankers had secretaries, they sometimes asked secretaries to take compliance tests for them. Supposedly some banks included a question in the tests asking the test taker to tell that year’s bonus payment. A banker might share a password or a login with a secretary, but bonuses were closely held secrets (and very much not shared with secretaries!). Such a strategy unmasked some cheating.
The principle has value in other contexts. If the test taker is known to your organization, then consider including within the test some survey or data capture questions about them. These are questions that the real test taker will know but a proxy tester might not know – for example, training details or some personal information that you have access to.
3. Consider Single Sign-On
This will only work for some environments but consider requiring test takers to log in to the test with organizational credentials. For example, if it is a corporate test, require the login via a single sign-on from organizational systems (e.g., Active Directory). It’s usually a very serious offense in companies to let others use corporate credentials, and of course, these credentials also give access to a lot of other corporate data. So people might be less willing to share with proxy testers
4. Strong authentication
The most obvious approach is to strengthen identification checks, so as to make sure that the person taking the test really is who they say they are. Consider:
- Linking the test to some other way of identifying the person, e.g. attendance at training or identification by someone trustable
- Having a trusted person (manager, teacher, etc) vouch for the person
- Asking for two copies of government identification, not one
- Where allowed legally, keep copies of photos from previous exams and use them to compare when someone takes an exam the second time and as a record of who took the test
Biometrics is the analysis of unique biological or physiological characteristics of people, for example fingerprinting, facial recognition or keyboard biometrics (how people type).
There are significant privacy concerns around biometrics. In Europe, using it is for the most part not permitted without consent. In the US, there are laws in some states that restrict it. And facial recognition has received some significant negative publicity around how well it works with some demographic groups.
In theory, biometrics could be a measure to prevent proxy testing. You can gather biometrics on registration and then check them in exam delivery. You can also compare biometrics between different test takers, and if a single proxy test taker takes multiple exams (pretending to be different people), they can be spotted.
6. Vary and refresh tests
Although some proxy testers may be experts in the subject, others may have memorized stolen content or specific versions of the test, or their knowledge may be out of date. The more you can vary the test, by having different test forms, by randomizing the selection of test questions or the content of test items the better. It’s helpful to introduce new content as frequently as you can. These measures help with proxy test taking and also with other kinds of test fraud like content theft.
7. Data forensics
Data forensics is the statistical analysis of test results to identify anomalies that could be test fraud. Such statistical analysis can identify likely proxy testers. One technique used3 is evaluating the similarity of correct and incorrect responses from different test takers. If a single proxy test taker takes the exam under a variety of different names, it is likely there will be a pattern to answers – e.g., the same question will be answered correctly or incorrectly more often than by chance. This can be used to identify a series of tests which could be taken by a single proxy tester. Once such anomalies are detected, further analysis (e.g. looking at stored IDs or photos) can determine evidence.
Questionmark can offer a Data Forensics Analysis in partnership with test security experts Caveon for Questionmark OnDemand users and they or other suppliers can also conduct statistical analysis for those using other test delivery systems.
8. Anonymous tipline
Many test sponsors find that it’s helpful to have a place where test takers or other stakeholders can report test fraud issues anonymously. This can be a phone line, but increasingly is a tipline/hotline web form, a well-designed example can be found at CompTIA’s security hotline page.
Such a system can generate genuine test security issues to follow up. It gives confidence to honest test takers that security is taken seriously, and it will worry test takers considering using proxy test takers that they could be reported.
9. Have a proactive test security team
They say that the price of freedom is eternal vigilance. And it’s surely true that vigilance from a test security team will reduce the threat of proxy test taking and other test fraud.
Some things to consider:
- Look for patterns in test registration that could indicate that the same person is registering multiple times (email addresses, IP addresses, credit card numbers, etc).
- Communicate with candidates and those who influence candidates that you take security measures to deter them from considering cheating.
- Look on social media and the web for individuals or organizations offering to act as proxy testers
- Educate colleagues on what to look for and have them also be alert to threats on social media
- Join forces with other test programs to collaborate, including via industry bodies. The ATP have an active test fraud coalition and the IT Certification Council are also active in the field.
10. Consider multiple tests
Last but not least, consider replacing a single “large” test with a series of smaller tests.
If you have a single test event, where passing it gives an important credential, some test takers may feel it’s worth cheating. But if you have a series of tests at different times, it’s harder to arrange a proxy tester. There will likely be a higher cost, and the same proxy tester may not be available every time, making it easier to be found out.
One technique sometimes used is to require those qualified to take regular short “delta” or update tests to check their skills are up-to-date with new developments in the field. If someone passed the original test via a proxy, the update tests could be a challenge.
There are other benefits of a series of tests over time. It’s likely fairer and more reliable as a series of tests measures skills and knowledge over time. People will also not be disadvantaged by being ill on testing day. Multiple tests may also encourage sustained learning over time to prepare for the tests, which due to the benefits of spacing out learning, makes it more likely that learning will be retained for the long term.
We hope that this article helps you come up with strategies for preventing proxy test taking.
Another good article is from Questionmark partner Caveon, focuses on how to stop proxy test takers.
There is no single solution to prevent proxy testers, but adopting a wide range of tactics will help deter and respond to them. Include within the tactics good test taker communication to make sure that people understand the risks of using proxy testers to deter them from doing so.
For more advice, white papers blogs and more on the subject of test fraud, visit the Questionmark Test Fraud Hub Today