Identity verification in an assessment context means establishing that the person sitting at the keyboard is the same individual who enrolled in the course or registered for the exam. The most common approach is document-plus-face matching: a learner photographs a government ID, and a live webcam frame is compared against it using facial-recognition algorithms. Knowledge-based authentication — secret questions or one-time codes — adds a second factor without requiring biometric capture. Ongoing presence checks periodically compare the webcam frame against the enrolment photo throughout the exam to detect mid-session substitution. The strongest safeguard in high-stakes testing is multi-factor verification that combines document checking with a live biometric comparison. However, automated facial recognition carries documented accuracy disparities across demographic groups, meaning systems calibrated on unrepresentative training data can disproportionately fail learners from certain backgrounds. Data collected for identity verification — particularly biometric templates — is special-category personal data under GDPR Article 9 and regulated by laws such as the Illinois Biometric Information Privacy Act (BIPA), requiring explicit consent, purpose limitation, and strict retention controls. Designers of identity-verification flows must plan for accommodation edge cases such as learners who cannot provide a standard photo ID or whose appearance changes due to medical reasons.
