Knock It Off!

April 1, 2007

I was surprised. Well, surprised, then excited and then discouraged. I discovered yet another area of security that I knew nothing about.

It started a couple months ago when the Wall Street Journal ran a story about counterfeit products and labels. It seems some large retailers suffer a problem of unscrupulous folks swapping barcodes on expensive items. The bad guys walk into the store with a digital camera, take pictures of cheap item barcode labels and expensive item labels. Then they go home and, using barcode printing software you can buy at any office supply store, craft a duplicate label with a false barcode.

Slipping back into the store armed with the counterfeit labels, the thief replaces the label on the expensive toy or power saw, and checks out – then sells it on eBay. Nice business.

Source Counterfeiting

But it’s not limited to retailers and fake barcodes. Manufacturers have a similar problem. Brand name shoes, cosmetics, designer clothes, cigarettes, sports wear, toys, wine, software & movie disks and, frighteningly, pharmaceuticals, auto and aircraft parts and electronics all fall prey to counterfeiters. Basically, if a product can be manufactured, it can be diverted and counterfeited. But several protection measures are available.

Counterfeiting is the handiwork of unscrupulous manufacturers who create products or labels of legitimate goods and sell the fakes. China is the home of many counterfeit manufacturing operations; but it happens all over the world, including inside the U.S. and in Europe.

Diversion is the sneaky business of, say, buying a shipment of U.S. goods in Colombia at a discounted price, then reselling it in the U.S. at a higher price. Manufacturers, consumer groups and retail stores are beginning to fight back.

I was surprised by the scope of this nearly trillion dollar black- and gray-market activity. Then I was excited that as security professionals, we have many tools to combat the problems of counterfeiting. For one thing, we have security cameras in store aisles and loading docks monitored by skilled professionals. We have video analytics and security officers walking tours. We have investigators who can interview suspected fraudsters, and behavior analysis best practices we can convey to employees and partners. Invisible printing can foil the barcode pirates, plus there are UV and infrared techniques for printing invisibly on the labels so the check out readers can see the codes, while a digital snapshot can’t.

Clever New Solutions

There are also clever new security technologies such as taggants in inks, RFID labels and tiny non-line-of-site technologies that can be easily inserted in labels, or even in the goods themselves, to ensure authenticity. Taggants may also have the added quality of being undetectable even under forensic analysis. That makes them impossible to duplicate by counterfeiters.

So it seemed like a perfect problem for the security industry to solve, prompting me to seek out the top producers and integrators of diversion and counterfeit protections and ask them to break it down for me. The response I got was that solutions fall into two classes:

Overt – Authentication that consumers can see such as holograms and color shifting inks.
Covert – Authentication that is hidden such as ultraviolet fluorescing markings, ink taggants and coded metal fibers, all of which are invisible and require special readers.

The coolest covert technology is the hidden coded metal fiber. The fibers, the size of a human hair, can be integrated right in the label, the brake pad, even woven into the shoe or scarf label. One variation on this wire can even store item-specific information, like RFID can, but without the cost or the conflicts with metal or vulnerability to water that RFID suffers. Investigators can easily perform spot checks in the field with handheld readers. But the nature of the technology, and some best practices, ensure that labels or products cannot be duplicated.

More Should Address the Problem

But ultimately I was discouraged that I had met so few security professionals or security technology vendors (software companies, device makers, integrators) with this problem on the radar. Even our biggest professional associations don’t seem to address it (except as a small part of the retail loss prevention discussion – but diversion and counterfeiting extend far beyond retail loss).

I think this type is fraud is squarely in the domain of the security industry. We have tools and techniques to combat it, and we can carry the message to brand protection managers, legal counsel, and executives. Here is one more example of how central our security directors are to the welfare of the company and its customers.

Steve Hunt is founder of the Chicago-based research firm, 4A International, www.4ai.com. Contact him at info@4ai.com or visit his blog, www.SecurityDreamer.com.

SecurityDreamer is growing up fast. Since lauching Security- Dreamer in November 2006, readership has steadily grown. According to Hunt, he has recently added a daily email with recent updates. The site will soon feature more IT and IT security content -- especially information that relates to collaboration and communication across the lines of physical and homeland security with IT.

SecurityDreamer will host forums, or discussion boards, for topics like intelligent video, PSIM, security management best practices, endpoint security, FIPS 201 and needed technology standards. Watch for a Wiki, too. We are even going to list more than a hundred vendors and invite your comments on each.

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.