Authentication as a Roadblock to Innovation: Understanding and Overcoming the ProblemCharles Dull | Associate Dean of the IT Center of Excellence, Cuyahoga Community College
In online education, compliance is quickly becoming a mainstay of daily operations, whether it’s state authorization, attendance tracking or student authentication; each has a current or upcoming compliance standard. Consider that prior to 2010, many public schools were not active in state authorization (let alone 34 CFR 600.9) but, by next July, all will need to have a state authorization process and also be able to identify and verify those students. Essentially, with the academy’s emphasis largely on quality of education, student identity was assumed to be verified based on document validation at a single point in time and fraud was minimal. This meant you could delineate duties in siloes by department or function, enrollment management could verify students, pass them on to a department such as financial aid with their various verification processes and IT for data security, then assign by modality (online, blended, on-ground or other mode). The current paradigm deviates from the norm while reallocating resource capacity to focus on student authentication for any secure access (financial aid, class access and/or admissions) and the responsibilities of an online administrator could shift requiring knowledge of verification technology, processes and compliance.
Innovation brings to mind game-changing and unique concepts. However, it rarely brings to mind fraud.
We rarely consider the hacker to be an innovative genius when, in fact, that’s exactly the case. Technology innovation can also be used to improve efficiency and is becoming more useful in preventing fraud in online environments; this has not always been part of the best practices for those administering online programs. The influence of technological advances on compliance is being seen in new standards, where it’s expected that a rule can be followed based on the current technology available in the particular industry, in this case, authentication and verification of identity or credentials. The coming compliance changes on verifying student credentials or identity present a vortex of technology needs to prevent fraud that may make access to dynamic technology and online learning different if not cumbersome. Previously it was suggested there is a difference between identification, validation and authentication. What appears to be a better way to frame this is to view this as a verification process for credentials that cannot rely on login and password as the primary means of verification. This moves innovation from learning and/or learning management and technology definition to also include compliance management.
The challenge for online program administrators is not technology; rather, it’s using technology as the primary means of meeting compliance. Technology, whether it is a basic learning management system (LMS), adaptive learning or analytics, is not new to online learning. However, verification technology is new when seen as a process spanning multiple departments. Often, most of verification rested as a single-point-in-time verification process, essentially relying on documentation of credentials presented either in real time or verified by a third party and in many cases during admissions or enrollment and often including some type of fraud check or prevention.
Having a verification or authentication routine or process at every or each point of secure access is new and will require collaborative planning by program managers, deans, admissions, enrollment, IT, legal and fraud prevention, and institutions will need fraud prevention experts.
Student authentication compliance suggests online administrators may need to broaden their perspective and knowledge beyond the LMS and innovative learning technologies to understand how technology can be used to meet compliance standards, which, if not met, could create serious financial consequences. Learning the differences between MFA (multi-factor authentication) and validation routines relies on a smart device receiving an access code to other methods such as biometrics. Since the compliance standards are months away from the comment period, it’s still unclear what technology will meet the compliance standard in full, but it can be stated this knowledge will be needed. A common vocabulary is also needed that can distinguish from authentication for a single incident, such as a test or financial aid application, to protocols for verification for all secure interactions.
What may become necessary for schools is to move from offices or departments managing online technology and support services to a structure resembling a campus. Compliance is going to change how schools report data for online students; fraud prevention is going to force a change in how we understand verifying credentials, along with attendance tracking, refunds and not to mention state authorization. The office or department of online services will need to morph into a more dynamic structure with a wider range of fraud prevention, predictive analytic reporting, compliance and reporting responsibilities.