Test centers might also record the test subjects on digital video, and put the test taker's photo right on the certification report. "Proxy testing used to be a big thing," says Pearson's Poyiadgi. "But once we required digital photos and digital signatures it disappeared."
But while the "gold standard" of testing security applies to the 500 testing centers that Pearson VUE owns, that can vary at the other 4,600 sites owned by Pearson's partners, including IT training organizations and colleges and universities that test students at the end of a training program.
Den of thieves
Pirates use a variety of techniques to steal entire tests and answer keys. These include sending people into test centers to remember or photograph sets of questions. (This type of "item harvesting" might require sending as few as 10 people into a test center to memorize all of the questions on a given test.)
It can also involve outright theft of test data from corrupt or lax test centers. "Because the whole test and answer key is downloaded to servers at each location the entire item bank and answer key are available to be hacked. It's really problematic," Caveon's Addicott says -- and it's leading some certification and testing organizations to move to a SaaS-based test delivery model. (See sidebar, below.)
When test takers try to cheat using brain-dump sites, however, they sometimes end up getting cheated themselves. In some cases the sites deliver fraudulent or obsolete content to unsuspecting buyers, says Dave Meissner, chief operating officer at Kryterion Inc., a provider of online IT certification testing services. "If people spent the same energy and creativity to study as they do to cheat they would be far better off."
In response, IT certification bodies have staged coordinated attacks on brain-dump sites where the pirates attempt to sell the looted data, including the use of cease and desist orders and raids, says Kainrath. "We'll meet with Cisco, Microsoft, VMware and try to figure out the best approach to mitigate these sites," he says.
"If we find out that a test center has been colluding in any way, that center is shut down by our security team," says Poyiadgi. Pearson VUE, he adds, has only experienced "a handful of cases."
For the industry as a whole, however, combating intellectual property theft has been an uphill battle. "You can shut the sites down but it's like pulling the top off a weed. It just pops up somewhere else," Kainrath adds.
"It's not mom and pop" thieves, says Fremer. "Organized sophisticated stealers can make millions -- or tens of millions -- from just one certification program."
So, test sites and certification programs try to react quickly to minimize the damage. CompTIA monitors online brain-dump sites and chat rooms for stolen test items, and uses analytics to determine whether any given question's effectiveness in measuring competency might have been compromised. "As soon as there's been any degradation we pull the item," Kainrath says. "We have huge item banks in reserve and can move questions in and out quickly."
Story continues on next page.