Cheaters: Inside IT Certification Fraud
The VAR Factor
But sometimes it is employers who encourage employees to get certified using any means necessary. For example, a systems integrator or value-added reseller (VAR) might want to get authorized to sell a particular vendor's product. Authorization might require that the company have one or more certified professionals on staff.
"If a VAR helps his employees cheat to get a certification in order to get or stay authorized, the company's customers are affected, as well as the vendor that the VAR represents," Ripley says. "Say someone cheats to reach the Microsoft Gold Certified Partner level. If the VAR implements a poorly designed solution, the customer has wasted his money and he thinks Microsoft has bad products. Everyone loses when this happens."
Rick Gregory, managing director of the training community of TrainingIndustry.com, has heard of instances in which outsourcing contracts are being canceled and the work is being brought back in-house because the people assigned to the contract simply weren't qualified. "The contract specified a requirement for specific kinds of certified professionals, so the people went out and purchased a credential," Gregory says. In the end, the work was below standards set in the outsourcing agreement.
Vendors such as Microsoft and Cisco and third-party agencies like the Computing Technology Industry Association (CompTIA) and the Storage Industry Networking Association (SNIA) that sponsor certification programs lose both money and intellectual property when even one exam is compromised. It can cost hundreds of thousands of dollars and take numerous subject matter experts three to six months to develop a certification test.
"We hear from candidates that some of our tests are readily available," IBM's Cooper says. "It's a compromise of our [intellectual property]. Our internal sponsors wonder about the validity of the tests. They typically don't need to rewrite the tests, but they need forensics to understand the impact to the test scores. Nevertheless, the perception is that damage has been done."
Fraud and the Countermeasures
In order to develop measures to combat fraud, the certifying agencies need to understand how cheaters operate. Here are some of the cheating techniques that have been identified and what authorities are doing to thwart the fraud.
One of the oldest tricks in the book is to get someone else to take the test in place of the real candidate. Called a proxy test taker, a person goes to a test center and takes an exam registered as someone else. A few "entrepreneurs" have even turned this technique into a business.
"Recently we found that our certifications, along with other IT certs, were being sold on the Internet via a proxy test taking service," says Julieann Scalisi of Citrix. "Caveon, as part of our new Web patrol service, took the action to have them removed from Google. Unfortunately, the site still exists and they appear to be selling Citrix certifications from $700 to $4,800."
Cisco and test delivery company Pearson VUE are in the forefront of implementing stringent candidate authentication techniques to discourage proxy test taking. Soon, each Cisco exam candidate will be required to have a digital photo taken at the test center, and must provide a digital signature in order to take the exam. The photo and signature will be attached to the test results.
Over time, Cisco and Pearson VUE will be able to spot individuals whose photos appear under different names and signatures. Other vendors and test delivery companies are exploring the use of biometrics such as fingerprints to determine if one person is taking tests under numerous names.
Erik Ullanderson, manager of Global Certifications for Learning at Cisco, is happy to share his antifraud techniques with his colleagues on the IT Certification Council. "Our efforts in curtailing fraud are not a Cisco-only value-add," Ullanderson says. "We think other companies should be jumping on the investments that Cisco and Pearson VUE have made." Indeed, the ITCC is looking at how it can utilize this and similar programs worldwide in light of privacy concerns in various countries.
Another common cheating technique is to have the test items and answers in advance. Such information is often posted to certification forums, blogs or brain dump sites, giving a candidate the opportunity to memorize rather than actually learn the subject matter. "We know that exam content can be found on different Web sites for a fee," Scalisi says. "Content and answers also can be found within blogs and discussion forums that are usually intended to help others answer difficult exam items, sometimes providing hints but often times providing actual answers."
More blatant are the Web sites that sell hundreds of actual exams, marketing them as study aids. "Certification candidates need to know that certifying agencies never provide their exams or other preparation materials to these brain dump sites," HP's Horzempa says. "Most of what is posted has been obtained through illegal means." In fact, brain dumps are often a violation of the laws protecting copyrighted intellectual property.