Biometrics

SECURITY FOR CPA CANDIDATES AND THE OVERALL CPA PROGRAM

As the Certified Public Accountant (CPA) credential is designed to protect the public interest, the safeguarding of the CPA Exam and its content is of paramount importance to the CPA Program. Therefore, it is imperative that each candidate’s identity be verified prior to sitting for his or her CPA exam.

Prometric, in its partnership with the CPA Program, continues to advance its test center security systems and is fully committed to word-class security measures. The implementation of the Prometric Biometrics Identity Management System (BIMS) represents years of research and investigation into cutting edge security solutions that balance the need for candidate privacy, exam security, and efficiency of candidate check-in. The CPA Program and Prometric, with their equal commitment to security, introduced BIMS in January 2008 as the next evolution of CPA exam security and candidate identity management.

The goals of the Biometric Identity Management System are to: • Verify a candidate’s identity each time he or she returns to a Prometric test center;

• Identify and mitigate the risk of testing fraud via mechanisms designed to help detect and prevent unauthorized candidates from sitting for the CPA Exam;
• Improve test center security; and • Provide additional protection of CPA exam content and intellectual property.

These goals are accomplished by automating the check-in process, enhancing verification of the candidate’s ID, and using a fingerprint (biometrics) to track candidate movement throughout the exam and his/her CPA exam lifecycle.

BACKGROUND ON BIOMETRICS IDENTITY MANAGEMENT SYSTEM

• Biometrics is defined as an automated method of recognizing a person based on a physical characteristic – in this case the candidate’s fingerprint.
• The candidate’s fingerprints will only be compared against the fingerprints of other Prometric testing candidates to help protect against proxy testing.
• Prometric combines the use of common government identification documents (driver’s license, passport, etc.) and a digital scan of the fingerprints to better authenticate an individual’s identity.
• The BIMS solution extracts encoded information from the magnetic strip or barcode of the identification document and displays it to the Test Center Administrator (TCA) for comparison to what is printed on the face of the document. The extracted data is also compared with the candidate’s registration information.

o The information obtained from the identification documents includes name, address, birthdate/age, and the document number. For example, when a driver’s license is used as identification, it includes the name, address, birthdate/age, and the license number. The driver’s license is also scanned to retain a digital image of the document for the BIMS.

• After enrollment, the digital scan of the candidate’s fingerprint is used to enable easier movement in and out of the testing center.

HOW BIOMETRICS IDENTITY MANAGEMENT SYSTEM WORKS

During the check-in process, a candidate places his or her finger (generally the finger closest to the thumb on the right hand) on a small electronic device that electronically obtains an image of the fingerprint. For candidates returning from breaks or for candidates returning to re-take a test or a different test section, the stored fingerprint templates are used to confirm that the returning candidate is the same person.

CANDIDATE BENEFITS

CPA candidates immediately benefit from the ability of BIMS to improve the efficiency of check-in and to help protect the value and brand of the CPA designation they are attempting to secure. All candidates, especially those who are repeat test-takers, experience reduced check-in times when signing in for their exam. Repeat test takers, as an example, simply need to provide an ID and a fingerprint, instead of repeating the longer initial check-in process. Automation of the identity validation process also applies a consistent and machine-generated methodology that reduces the subjective interpretation of the process by the proctors.

DATA PRIVACY

Sensitive candidate data, such as driver’s license numbers and fingerprint images, are NOT stored at the test center. Biometric data is securely transmitted real time to Prometric’s BIMS vendor, Identico Systems, to a secure state of the art database. This database is safeguarded with industry standard computer security protections, including, but not limited to, anti-virus, intrusion detection, firewall, web server and application scanning. Identico Systems is fully committed to the protection of CPA candidate data and is subject to multiple annual independent security audits.

Only NASBA, Prometric, AICPA, and Identico Systems have access to the candidate’s information. Identico Systems is responsible for storing and maintaining the candidate’s BIMS information for the express purpose of identifying and authenticating the candidate presenting him/herself for an examination. Furthermore, neither Prometric nor Identico Systems will disclose a candidate’s demographic information to any third party except as required by law or as necessary to complete a fraud investigation directly related to the candidate. Encrypted BIMS information will be disclosed to NASBA and the AICPA upon request for investigation purposes only.