Webinar on Non-Cloneable Codes Raises Contentious Questions

A recent webinar, entitled ‘How Non-Cloneable Codes Enable Supply Chain Automation and Credible Traceability,’ has raised contentious questions with regard to the use of physical security features and unique identifying codes as authentication tools.

The webinar, which was organised by Messe Frankfurt Trade Fairs India, focused mainly on brand protection in that country – although the discussion points raised in the webinar could equally be applied to tax stamps.

The webinar welcomed panellists from the agricultural and aftermarket (automotive spare parts, accessories and components) sectors, together with experts in serialisation, traceability, blockchain and product security.

The experts included Samit Yadav, serialisation and traceability practitioner, Rahul N S, Product Manager, Global Blockchain Business, Bosch India, and Ashish Anand, Technical Director, Linksmart Technologies. Each of the experts shared a similar view on what works and what doesn’t work when it comes to using unique identifying codes and physical security features for product authentication.

What they had to say

The challenge with using a serialised QR code to give a product a unique identity is that the code can be copied, to the extent that the copied code looks like, and performs in the same way as, the real thing.

In order for cloned codes to be detected in the market, a tremendously high number of consumers must participate in the scanning of the codes, which means that brand owners need to invest in costly loyalty schemes to incentivise consumers to do the scanning. Widespread code scanning will create a sort of ‘herd immunity’ that helps to expose different cloning patterns in the market.

The first scan of a code is usually treated as the original (even if it isn’t), and the second and subsequent scans of the same code are usually treated as fakes (even if one of them is the original).

Any backend system set up by the brand owner to analyse scanned information received from the market is blind to the physical item the code is attached to, and this means the brand owner has to carry out costly field investigations to track down any fraudulent products and remove them from the market. But it is extremely difficult to detect such products if they are all carrying cloneable codes. Furthermore, if the brand owner wants to take legal action, cloneable codes do not provide sufficient evidence on which to build a legal case.

Traditionally, brand owners tend to be continuously in the process of upgrading the overt and covert security features on their product packaging, almost in competition with counterfeiters, which just leads to increased costs for the brand owners.

The panel experts advised against using what they referred to as ‘fancy and dominant’ overt features, such as ‘shiny holograms’, which lull consumers into believing, without any doubt, that a product is genuine and that it is, therefore, not necessary to scan the code to prove authenticity. But holograms, themselves, are prone to falsification and consumers may not be able distinguish a genuine hologram from a fake.

Counterfeiters are becoming more creative. For example, they have been known to send photos of original, coded products to different collaborators, or ‘sponsors’, who scan the (cloneable) code in the photos on their behalf. The backend analytical system then alerts the brand owner to the fact that the same code has been scanned at multiple locations, thereby indicating the presence of fake products. This forces the brand owner to go out into the field to retrieve the fakes… but there is nothing to be found.

It is, then, at this point, once the field investigators have come back empty-handed, that the coast is clear for the counterfeiters to launch actual fake products into the market.

Cunning, aren’t they? And the situation is made even worse when the collaborators in such a scheme turn out to be a brand owner’s own supply chain partners – which has been known to happen, explained the experts.

Given that cloneable codes cannot provide authentication of a product, consumers become frustrated and subsequently disengage themselves from a product they no longer trust.

What can brand owners do?

QR codes are being used extensively in track and trace solutions today. Government regulations for establishing credible traceability are coming into play, especially in pharma products, and it will be a matter of time before it happens in other sectors as well, advised the experts.

But for now, brand owners could consider adding a warning notice to the product to alert consumers to the fact that the codes are cloneable and that the product’s authenticity therefore cannot be guaranteed.

Or they can move to non-cloneable solutions.

‘I talk to a lot of key decision makers across a lot of the brands globally, and they are very excited when we talk about non-cloneable tech. I feel it won’t be long before non-cloneable codes become as ubiquitous as cloneable ones,’ said Rahul N S.

Non-cloneable codes will always provide an authoritative response without ambiguity, which is why only minimum consumer participation in the scanning of such codes is required in order to detect fakes.

Fig. 1 – Dual-layered label with non-cloneable code. Source: Linksmart.

For instance, Fig. 1 shows a dual-layered, non-cloneable label on a pharma product, incorporating a QR code on both layers. The top layer is for authentication purposes and can be scratched off, revealing the bottom layer which the consumer can use to perform a loyalty scan. The codes themselves are also embedded with anti-copy technology.

The position of the panel experts with regard to the effectiveness of overt security features such as holograms is certainly a contentious one. The experts argue that overt features are basically no longer required to authenticate a product, since almost everybody these days carries a smartphone with them, which is able to scan and authenticate a non-cloneable code.

But couldn’t one argue that the scratch-off layer shown in Fig. 1 is, itself, an overt (or at least semi-covert) feature?

Indeed, overt security features remain a highly debatable topic that could benefit from being thrashed out between the proponents and opponents of such features.