Remote vs Test Centre? Rethinking risk in assessment security

Organised collusion, proxy test taking, and AI-enabled cheating are growing in scale and sophistication. In response, many programmes are re-evaluating their delivery models. But these threats are not confined to any one environment, they exploit gaps in controls wherever they exist. Yet decisions about assessment delivery are often still shaped by the assumption that location defines risk.

As more data emerges from programmes using layered security models, that assumption is becoming harder to sustain. The focus is shifting to a more important question: whether the security architecture behind an assessment is strong enough to meet the demands of an increasingly complex threat landscape, regardless of delivery mode.

A changing landscape

Advances in security architecture, integrated controls and data analytics are challenging historical perceptions. Risk is no longer determined by where a test is taken, but by the strength, integration, and effectiveness of the controls in place. Weak or siloed measures can create blind spots in any environment. Conversely, well-designed, layered security models deliver high levels of assurance across both remote and in-person testing.

Part of the challenge lies in how dramatically the nature of test fraud has evolved. Even five years ago, most security risks were relatively isolated and localised. Today, cheating operations are more sophisticated and coordinated. Organised fraud networks share content and strategies across geographies. Proxy test-taking services operate as commercial enterprises. Generative AI tools provide real-time assistance during an exam.

These threats are not tied to delivery mode. This is why point-in-time security approaches, focused on single identity checks or monitored sessions, are no longer sufficient. Threats persist beyond a single session, and signals that appear low risk in isolation often form clear patterns when viewed in combination.

Where programmes often fall short

Many programmes still rely on fragmented or session-bound controls: identity verified once, proctoring without deeper analytics, and signals captured but not connected. The result is gaps in visibility and detection.

When controls operate in isolation, anomalies can appear ambiguous. A glance away from the screen, a minor identity inconsistency, or an unusual response pattern may

not trigger action on its own. But when these signals are combined, they provide high-confidence evidence of misconduct.

Without integration and correlation, programmes risk both under-detection and over-reliance on manual review. They also struggle to build a defensible evidence base when decisions are challenged.

A layered approach

Addressing these risks requires a move from individual tools to a coordinated, multi-layered security architecture. A useful way to think about this is as a recipe. Each ingredient matters, but the outcome depends on how they work together. Remove one effective control, and the result changes.

A layered model brings together controls across four key areas:

1. Identity assurance

Moving beyond a single ID check to continuous verification. This includes biometric validation (facial recognition, voice matching, keystroke dynamics), alongside behavioural indicators that surface sophisticated impersonation techniques, such as deepfakes and synthetic identities.

2. Environment and session controls

Extending visibility beyond the candidate to the testing environment. This includes room scans, secure browser controls, and second-camera monitoring to expand the field of view beyond the candidate’s webcam. This added visibility helps identify risks that may sit outside a single camera angle, such as hidden connected devices or off-screen assistance.

3. Behavioural monitoring

Shifting from passive observation to active analysis. AI-assisted proctoring surfaces potential issues in real time, while behavioural anomaly detection identifies deviations from expected patterns at both the individual and population level. Crucially, these systems are supported by trained human proctors, ensuring decisions are proportionate and defensible.

4. Cross-session analytics

 Recognising that fraud is rarely a one-off event. Advanced post-test analytics link signals across sessions, candidates, and time periods to identify coordinated behaviour, repeat offenders and organised networks. This includes recurring use of the same device, unexpected location changes, or similarities across sessions that only become visible when data is connected over time.

Individually, each of these layers provides value. Together, they create a system where signals are correlated, controls reinforce one another, and detection becomes more accurate and scalable.

From perception to evidence

Perhaps most important is the mindset shift from process-based trust to evidence-based assurance.

Detection has moved from a post-event activity to a near real-time capability. In some programmes, investigation timelines that once took weeks or months can now be completed within a day, helping surface fraud earlier in the assessment lifecycle and in some cases before test day. Decisions are now based on multiple corroborating signals rather than single events, improving accuracy and reducing false positives.

Critically, this approach supports more consistent outcomes across delivery models. As layered security models mature, differences between remote and test centre outcomes continue to narrow. In our own programmes, we’ve seen variance between delivery models reduce to less than 5% when layered controls are consistently applied, with incident rates closely aligned across both environments.

This convergence has been steady and sustained, and it is not the result of any single tool or technology. It is the result of how controls are designed, integrated and continuously refined.

Implications for assessment leaders

The goal of test security is not simply to catch cheaters. It is to protect the honest test taker, ensuring decisions are based on evidence and multiple corroborating signals.

For assessment leaders, the implications are clear. Security cannot be evaluated as a checklist of individual controls. It needs to be understood as an architecture that spans the full assessment lifecycle, adapts as threats evolve, and produces evidence that withstands scrutiny.

It’s worth acknowledging the reality we’re all working within: no delivery model will ever be 100% secure. The goal isn’t perfection, it’s confidence. Confidence that the controls in place are strong and responsive enough to manage risk effectively. With the right security architecture, that confidence can be achieved regardless of where an assessment is delivered.