IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.
Sponsor Content
What does this mean?

Modernizing Identity in Higher Education

Higher education institutions may not be doing enough to protect digital identities as they move more academic and administrative services online.

female student clutches laptop with cybersecurity badge, contemplates user accounts and privacy
Shutterstock
Higher education institutions may not be doing enough to protect digital identities as they move more academic and administrative services online.

This issue came to the forefront in a national survey conducted by the Center for Digital Education (CDE) on digital identity practices in higher education. The research collected responses from 74 higher education officials in September 2024.

We asked leaders how they apply digital identity verification, which technologies and techniques they use, and where they encounter the biggest challenges. An analysis of our findings underscores the reality that many colleges and universities are ill-equipped to confront modern identity threats.

The State of Identity on Campus
Our research and analysis points toward one central takeaway: Higher education leaders should do more to fight identity fraud. 

Institutions often struggle to balance online user experience, academic freedom and fraud protection, says Lydia Payne-Johnson, a CDE senior fellow and director of data governance, compliance and identity management at George Washington University in Washington, D.C. In a competitive higher education environment, user experience may get more attention than fraud mitigation.

“If you have a bad student experience at GW, you might just pick up and go over to Georgetown. We don’t want that,” Payne-Johnson says.

Yet, higher education is a target-rich environment for fraudsters. Universities issue email accounts to alumni that may go unused for years. Scammers exploit these accounts to build synthetic identities. Parents and students often use outdated and potentially vulnerable verification techniques to access campus systems and make payments. These issues heighten the need for modern identity protection and fraud-fighting tools.

“Higher ed needs to do quite a bit of work to catch up,” says Payne-Johnson, who formerly worked in the financial sector, where advanced identity authentication and anti-fraud tools are commonplace.

Only about half of CDE survey respondents said their institutions use digital identity verification for crucial processes like registration, enrollment and admissions, and financial transactions. The percentages are even lower for core functions such as learning management systems, online exams and student health systems.

In addition, institutions often use labor-intensive monitoring and manual document reviews to spot fraudulent enrollment activities. These methods are insufficient in a rapidly evolving threat environment, according to CDE Director Brian Cohen. “The risks grow every single day because the bad actors are getting smarter and much more creative,” he says.

Unused alumni email accounts and weak identity practices are fueling growth of a new threat known as “ghost students,” which are synthetic identities created to bilk institutions out of student loan and government grant funds.

“Fraudsters will use college EDU accounts to perpetuate additional schemes because EDU domains are seen as trustworthy,” says Jordan Burris, public sector general manager with Socure, a leading provider of identity solutions. “We’ve seen in California community colleges that around 20% of enrollment and financial aid applications were fraudulent.”

More than half of survey respondents (53%) said they use more than one identity verification method, and more than a fifth (21%) said they use three or more methods, reflecting the complexities of identity verification. In addition, campuses may rely on legacy identity methods that are ineffective or difficult to use. For instance, almost 30% use knowledge-based authentication (KBA), where users answer security questions. KBA has become far less effective because cybercriminals often have access to users’ personal information through stolen data or publicly available social media accounts.

On the other hand, risk-based verification — one of the most promising defenses against advanced tactics like ghost students — was used by just 12% of survey respondents. Risk-based applications examine the context of a user attempting to be authenticated. The applications start with personal data like names, emails, addresses and birth dates. They also assess data from users’ devices such as software and browser versions. AI algorithms calculate a risk score by comparing this real-time, contextual data to a massive database of known fraud behaviors. This process dramatically improves verification outcomes.

“We’ve purpose-built our platform to analyze fraud patterns and provide a response in less than a second,” Burris says. Most legitimate users are quickly approved. Users whose data raises questions may need to provide government-approved documentation like a driver’s license or passport.

Greater use of automation and risk-based verification methods helps institutions strengthen data protection, reduce pressure on internal staff and improve online user experience — all of which ranked as top identity challenges for higher education leaders.

Modern identity verification solutions are also more inclusive than traditional methods, an important consideration for higher education institutions. “Students may not have a long credit history to verify identity,” Cohen says.

Burris concurs: “More than 20% of the U.S. population is credit invisible.” Legacy identity methodologies can lock these students out of online enrollment systems, creating another barrier for marginalized or low-income groups that already have a harder time getting into college.

DOWNLOAD THE FULL PAPER

Tags:

Socure