Using digital identity to stamp out credential fraud and fake diplomas

The moment you learn that someone you care about has received a serious diagnosis, the last thing you want to worry about is whether or not you can trust your doctor. How would you feel if you discovered that one of the medical professionals responsible for helping them navigate their illness had never gone to medical school? What if your loved one died as a result of that individual’s decisions?

Thanks to a horrific twist of fate, one mother from North Carolina knows exactly what that’s like. In a 2004 statement before the Committee on Education and the Workforce, retired FBI agent Otho Allen Ezell Jr. shared the heartbreaking consequences of one criminal’s actions: “The girl’s mother trusted the “doctor,” based on his M.D. degree, and took her daughter off of insulin, as instructed. Sadly, her daughter died. The physician–he earned his degrees from bogus institutions. All of his diplomas came from diploma mills.”

In other words, one man’s lie about going to med school ended up costing a child’s life.

“Diploma mills” have become a billion-dollar industry, offering fake degrees and credentials nearly any area of study imaginable. Anyone who can navigate the Internet can purchase fake credentials to help them land jobs while avoiding the hard work a real degree would require. Fortunately, self-sovereign identity holds the power to help combat this type of credential fraud and fundamentally change the way we think about sharing information on the Internet.

Credential fraud in higher education

Efforts to uncover and shut down diploma mills have been going on for decades. Ezell Jr. participated in an FBI investigation called DIPSCAM, short for “diploma scam,” that ran from 1980 to 1991 and identified 12,500 “graduates” from 40 diploma mills. Customers used the fake credentials to get jobs in the military, law enforcement, in the public sector at the county, state, and federal level, and…you guessed it: higher education. 

In his testimony, Ezell Jr. described the prevalence of fake credentials from diploma mills:

“Degree mills are well over a $500 million a year business. Probably one million Americans have purchased and probably used fictitious credentials…They devalue earned degrees with lookalikes and soundalikes. They confuse the public. They defraud students who believe the school is real. They deceive employers, customers, clients, and patients. They lower the prestige abroad by defrauding foreign students.”

Why pay tens, if not hundreds of thousands of dollars in tuition when you can pay a few thousand, or even sometimes less than a hundred dollars to get a piece of paper that leads to the same job? Part of the success of diploma mills lies in the fact that colleges and universities tend to be the least affected by the harm. Nobody blames institutions of higher learning for the availability of fake diplomas on the Internet. 

A 2017 investigation by the Canadian Broadcasting Corporation’s (CBC) Marketplace investigative team dug into the business records of one of the most prominent companies to cash in on fake diplomas. Authorities raided Axact, an IT firm and diploma mill based in Pakistan, after a former quality assurance employee-turned-whistleblower named Yasir Jamshaid came forward in 2015. Charges were filed but no individuals were convicted. The assistant vice president of international relations pled guilty to wire fraud after being arrested in December 2016, and Axact’s U.S. lawyer maintains that any wrongdoing was perpetrated by clients of Axact–not the company itself.

Many diploma mills offer fake diplomas in the names of existing schools, but Axact specialized in creating large numbers of fraudulent schools and accreditation bodies. The vast majority of the customers knew they were purchasing fake degrees but sales agents also impersonated professors to convince potential clients they were applying to legitimate schools. Jamshaid actually helped to return roughly $600,000 to 22 customers who believed they had applied to legitimate schools.

Self-sovereign identity is a powerful tool for fighting credential fraud

Give graduates verifiable credentials

Credential fraud in higher education has been able to thrive for several reasons; first and foremost because people so rarely check whether or not someone has actually received a diploma. Checking the authenticity of a diploma still requires someone to call the college or university and find someone who can help you figure out whether or not the person in question actually graduated from the school. This type of friction makes it highly unlikely that someone will verify the information unless they have to.

Real schools can set up public registries or issue digital credentials, as has been the case in the United Kingdom. A service called the Higher Education Degree Datacheck has been set up to verify information about degrees and twenty universities have started issuing digital degrees that can’t be faked as easily, according to Times Colonist reporter Geoff Johnson. These solutions may be helpful; unfortunately, they don’t address a more fundamental problem with regard to verifying information shared online.

Another reason that diploma mills, as well as phishing, data breaches, identity theft, and other types of credential fraud, have become so prevalent is due to the difficulty involved in telling where information comes from on the Internet. The Internet gives us the ability to share information from one side of the globe to the other; unfortunately, it still doesn’t give us a way to be sure that the email that looks like it came from our bank actually came from the bank without calling and finding someone who can figure out whether or not any of the bank’s departments sent out an email. Imagine the headaches we could avoid if we had a way to tell where our information comes from.

Enter self-sovereign identity.

Self-sovereign identity is a movement to add this layer of trust to the Internet. The foundation of self-sovereign identity starts with a digital wallet. Just like the physical wallets we carry around today, digital wallets can be used to carry money, credit cards, various forms of ID, and even pictures of our loved ones. Unlike those physical wallets, however, digital wallets come with cryptographic superpowers like the ability to backup, revoke, and restore credentials without having to contact the issuer. 

Tools that leverage standard protocols for self-sovereign identity can easily be integrated with existing solutions for digital identity. Rather than simply sharing information between devices, self-sovereign identity gives us a way to verify the source of information by establishing a unique, direct line of communication between two known entities. Once that connection has been established, one party can act as the verifier and issue a digital proof that the other party can use to demonstrate that the information came from the first party. In other words, an organization like an accredited university can issue a digital ID with security features that allow someone presented with the ID to tell that the university issued that person the ID and that it isn’t fake or expired, without having to contact the agency.

By being able to share digital degrees using protocols for self-sovereign identity, graduates will be empowered with the ability to attest to their status in a way that can be easily verified without having to call the school directly. An employer who wants to verify the authenticity of a candidate’s claim about where they went to school will be able to do so by sending a request for the candidate to share their digital credential. If the candidate consents, then verifying their information will be as easy as clicking a button. 

And the best part? Self-sovereign identity isn’t a far-off future: Organizations are already using the technology to empower employers to better, more confidently verify the background and credentials of those they employ. For example, Truu is an early Evernym customer that works with NHS healthcare organizations to provide a secure, verifiable digital identity for doctors so that all patients can trust in the qualifications of their healthcare providers.

Here’s how it works:

Looking ahead

Next to many of the illegal activities conducted on today’s dark web, credential fraud diploma mills can easily seem forgettable. Who cares about fake degrees amid the casino of drugs, prostitution, money laundering, and other illicit offerings available on black markets? As we’ve seen, however, the consequences of diploma mills extend far beyond simple deception. Nobody should lose their livelihood – or their life – because someone in a position of authority couldn’t verify basic information about someone else’s past. Thanks to self-sovereign identity, evaluating the trustworthiness of digital claims will soon become easier than ever.

Are you ready to build your own system for issuing digital diplomas? Check out Evernym’s Early Access Program to join 50+ organizations future-proofing their identity architecture with cutting-edge tools and tailored learning tracks as well as quick-start workshops and resources.