[Another whitepaper length summary of some related articles from this year's blog]
PRACTICE Good Anti-Counterfeiting Techniques
I have previously remarked that the approaches to counter counterfeiting depend on the relative mix of addressable and unaddressable counterfeiting occurring in the supply chain. If the counterfeiting is not addressable, then the brand must continue to message the unique qualities offered by their product so that people will want the authentic—and not the counterfeit—product. If a brand owner cannot address the counterfeiting, then the brand owner must provide a product provably superior to the customer. With “unaddressable” counterfeiting, perhaps paradoxically, the brand owner must struggle with the customer, and not with the counterfeiter. If the counterfeiting is addressable, on the other hand, then the brand owner is in a direct struggle with the counterfeiter. And to fight the counterfeiter, a single weapon is rarely sufficient. To deter a counterfeiter takes PRACTICE. And this blog addresses how PRACTICE (Plan, Research, Activate, Collect, Train, Investigate, Convict and Evolve) leads to a multifaceted ecosystem of tactics to prevent, detect and react to counterfeiting.
So, a version of an old joke to start. Patient: “Doc, are you comfortable with your diagnosis?” Doctor: “Ma’am, I’ve been practicing medicine for 40 years.” Patient: “Well, I’d like a second opinion from someone doesn’t need any more practice, and actually knows what he’s doing.” However, any physician worth her salt invests in CME, or continuing medical education. Life is practice. Practice doesn’t make perfect, but it can always improve on the imperfect that is the now. And PRACTICE is the acronym I’ll use for the crucial eight elements in an effective anti-counterfeiting ecosystem. So, let’s take a look, one element at a time.
P is for Plan.
The Plan is paramount, because it anticipates the overall strategy—including the research to be performed. The plan must consider the set of deterrents to be used. Will they be overt, covert, and/or forensic? Who will collect data on them to perform track and trace, inspect, authenticate or forensically analyze? When and how will these deterrents will be researched? When and how will the extent of current and future counterfeiting threat to the product be researched? The plan includes the activation of the ecosystem—the nerve-racking moment when the first products belonging to the security ecosystem roll down the production line—and the data collection roll-out. The plan includes the training: how customers, retailers, inspectors and possibly forensic analysts are educated about the deterrents. How will investigation and potential legal action—based on evidence collection and prosecution—be supported? And, finally, how will the system evolve? That’s right, we must plan for change.
R is for Research.
Research includes how you pick your deterrents. Do you pick ones that are easy for the counterfeiter to spoof? If so, they should cost you nothing. Do you pick one that’s hard and/or expensive for the counterfeiter to reproduce? If so, good, but you need to research how easy it is to use for your would-be counterfeiters. Research also includes understanding the counterfeiting threat to your supply chain. If you think it is small, you’d better look hard. It’s much easier to show it is a large problem than a small problem—sorry, that’s just the nature of statistics. You need hundreds of samples from any relevant section of your market to be sure the problem actually is small.
A is for Activate.
After your research plan is completed, the system must be turned on. This is a huge step—maybe more accurately a “step function”—but the bump of activation can be smoothed by starting small. A 2D barcode is one way to collect information on where your products are going, but some companies start even smaller. Think of the soda pop folks who print numbers under the caps on their 20-ounce plastic bottles. They’re not doing this so you can win a free can of pop—they’re doing it to see where the unique numbers are going, and validate their supply chain. Their “activation” is a matter of setting up a website and asking people to web/dial in the numbers under their caps. No—this doesn’t give true track and trace, and certainly not authentication, but it does help them collect data (see next step!) useful in assessing just how big a problem they have on their hands. Activation in full-fledged, label-based security printing and imaging means having the deterrents integrated into the digital front end of the printing. It means having all of the inspection and authentication algorithms, devices and reporting systems fully tested, qualified and in place for the long run. And, it means integrating the data with your existing manufacturing, distribution and reporting registries.
The first C is for Collect.
Collecting data is not just about reading the 2D barcodes and other printed features on the label, packaging or document. A lot of data must be collected beforehand, as part of the research. One way to get this kind of data is described in the previous paragraph. However, data must be collected on an ongoing basis to determine the extent, location and nature of the counterfeiting threats. To determine the extent, one must research all channels for sales—from supermarket to information superhighway. What percentage of the product in each channel is counterfeit? How many counterfeiters are there? Do the counterfeiters work together? This data is crucial for later investigation and legal reaction to counterfeiting. Other data is also collected on an ongoing basis—inspection, authentication and forensic information on the quality of the printed deterrents. I will talk about specifics of these data in a later blog.
T is for Train.
Training, or educating, the actors in the product’s supply chain, is tied to the ecosystem planning described above. If you are relying on your end customers to validate—inspect and report anomalies, authenticate, whatever—the product, then you have to provide reliable and easy—preferably really easy—steps for them to follow. If you trust your retailers and want them to authenticate, the training can be a little—but only a little—more involved. If you are relying on paid inspectors, the training can be more complicated, but in general they will still need to be able to validate the products with relatively simple, cheap and portable devices. The training plan approach is similar to the one you must take for auditing and compliance with most government bodies—for example, NASA and the FDA. The most important consideration is to have a process in place and to then follow it. If you don’t follow the process, your data won’t link together, you won’t pass an audit, and you won’t have reliable estimates on the extent of the counterfeiting. Additionally, abandoning a process just because counterfeiting is occurring causes confusion for those who wish to legitimately validate your product. Counterfeiters love confusion, it helps them in their (non-legitimate) supply chain. There are better ways to address future counterfeiting, and I’ll talk about the “innate moving target” shortly.
I is for Investigate.
A lot of brand managers fail to understand that in order to investigate, you typically need an additional type of data to the data you use for track and trace, authentication or inspection. Investigations depend on the investigation plan—how data is collected, retained, analyzed and acted upon. Dynamic research is required. If you start to see sporadic counterfeiting in a new area, for example, it is often the case that these counterfeits originate in another, already “counterfeit-established”, region. Investigation is necessary to test for the link(s). And just investigating the “publicly known” security features may not be enough. Instead, additional features of the product—up to forensic analysis of the printing and/or product ingredients—may need to be analyzed to uncover the counterfeit supply chain. I’ll talk about the collection of salient investigative data in more detail in a later blog.
The second C is for Convict.
How do we get a conviction? Well, first of all, you can’t convict anyone if what they’re doing isn’t illegal. So, brand owners who are not working with government (e.g. FDA) and other compliance bodies (e.g. GS1) are encouraging the counterfeiting of their products. If you’re in organized crime and are still resorting to the old ways—gambling, prostitution, weapons, drugs—you’re a fool. Counterfeiting is easier, more rewarding (higher margin!) and less risky. And, brand owners, stay with me here: counterfeiters already know this. So, help stiffen the penalties for counterfeiting, smuggling, product diversion, and other forms of fraud—security is about detection and reaction even more than prevention. Without an onerous reaction, there simply is no deterrence. Even if your deterrents cannot be beaten. With no reaction and unbeatable deterrents, all you do is force the bad guys to resort to old-fashioned insider jobs. Bribery, extortion, blackmail, eavesdropping, collateral theft—they have a lot of options. And they’re creative, so this list is just a sample. To get a conviction, you will need the laws in place. Additionally, to get a conviction, you need an auditing, compliance and data integrity plan. In many countries, even the counterfeiters are presumed innocent until proven guilty. Make sure your data is credible, auditable, and usable. If it’s not, it’s not data, it’s just wasted storage space.
Finally, E is for Evolve.
“They” say people don’t like change. Then, another “they” say that people do like change, and that to be human is to change. “They” are both correct. We like change, when we see it coming. In anti-counterfeiting, we see it coming when we design our security system to be an innate moving target. That is, the system is designed for change, benefits from change, and anticipates the need for change. However, these changes do not cause a system reset, a brand protection blue-screen, a full stop. They simply require the existing system to change its settings. Maybe the counterfeiters have to fully reboot, but that’s OK. Remember the rule, any system that makes the counterfeiters spend more than the brand owner is a deterring system. Any system that doesn’t needs to be changed. I’ll cover this topic more fully in future blogs, including the next.
For now, let’s put PRACTICE into practice. In a healthy anti-fraud ecosystem, all elements of PRACTICE are working together, deployed together and designed to detect counterfeiting as fast as possible. The world’s hardest-to-reproduce deterrents are often compromised precisely because they are the hardest to figure out by someone wanting to validate, too. The difficulty of reproduction is frequently associated with size, features or effects that are also hard to educate people on. An example when the product relies on uneducated consumers to check product validity is the “variable hologram”. Customers are used to looking at holograms for some striking visual effect, but they have no idea the effect should be different from one package to the next—let alone how.
The deterrent used, therefore, must match the training given to the would-be validators. And the only way there is an appropriate “impedance match” between the deterrents and how they are successfully used in the ecosystem is if the planning occurs first, the research second, and the activation third. As with all successful security approaches, security printing will only work if it is built from the ground up.
This form of PRACTICE outlines an end-to-end process for initiating and supporting an anti-fraud program. Each of these—from Plan to Evolve—involves by itself multiple processes as well. Let's look more closely at on two quite different types of processes, each focused on the “Investigate” portion of PRACTICE. The “Investigate” portion includes the continual accumulation of data on the counterfeiting of your product. One means to do this uses security variable data printing, or SVDP. This is the use of multiple variable deterrents to draw out the “style” of the counterfeiter. That is, SVDP regions can be used as “bait” or “decoy” deterrents—not to force the counterfeiters to “replicate” the data in the printed region, but instead to force the counterfeiter, through trying to replicate the appearance of the printed region, to identify himself. This is because complex printed regions cannot be scanned and re-printed without modification. How a counterfeiter will try to reproduce such a complicated region—the choice of color, intensity, spatial frequency, contrast and other transforms the counterfeiter uses—provide a signature for the counterfeiter’s style. This process is an example of an a priori process, in which the data to be collected is designed and deployed. Another means to continually accumulate data on the counterfeiting of your product is to perform a posteriori analysis of the product, and compare the analysis results to those expected of legitimate product.
As a non-printing example, John Jasper, head of Molecular Isotope Technologies (MIT), writes, “Process patents are mechanisms by which to protect and extend the patent-protected lives of pharmaceutical products. They are typically supported by the analysis of reaction impurities, trace metals, etc. Natural stable isotopes present a novel source of information recording evidence of the process manufacturing history – particularly, the synthetic pathway – used to produce pharmaceutical and other chemical materials…[Our] work in the area of product authentication showed that every batch of pharmaceutical materials had a highly-specific ‘isotopic fingerprint,’ allowing individual batches of materials to be tracked and counterfeit batches to be identified.” In other words, MIT’s process for analyzing the reagents in a pharmaceutical are precise enough to disambiguate between the authentic and the counterfeit processes involved in production.Image forensics, not surprisingly, can also be used in an a posteriori manner. The process is, on the surface, similar to the a priori approach: printed regions are analyzed for their characteristics, and different regions classified and clustered to help identify the number and size of the counterfeiters in your supply chain. The difference is that, using such an approach, a suitably difficult-to-reproduce printed area must be identified without the benefit of SVDP. So, a word of advice: if you want to identify counterfeiters, don’t make it easy on them—use SVDP or at minimum a few regions of difficult-to-reproduce printing (natural images, designs such as guilloches, etc.). Otherwise, you’re simply making their job easier, and that’s one process that makes no sense.
Universal ACID
Here I focus in on one specific technology which, if used properly, can help tips the odds in favor of the legitimate supplier and the concerned customer. Variable Data Printing, or VDP, provides the capacity, if so desired, to vary every aspect of a print job. However, for ease of making the print run compatible with the graphic artist’s design for the label, package, document, or other printed material, variable data printing is usually associated with a database that is populated before the job is “ripped”; that is, set to final printing commands by the RIP, or raster image processor.
A simple VDP job is outlined here:
Static elements (background, brand logs, three empty copy holes)
Copy hole #1: Database for 2D bar codes
Copy hole #2: Database for unique text sequences
Copy hole #3: Database for watermarked images
When the RIP occurs, the static portion is printed quickly (usually stored in a cache for quick “ripping”), and then each of the copy holes is filled based on the reference for that printed material, pulling the correct bar code, text sequence or watermarked image from the database and rendering it to the copy hole. In security VDP, or SVDP, the copy holes contain not only variable data, but usually uniquely variable data. Also, this variable data can be (but isn’t always) read by some type of inspection, authentication or forensic device. That is, the copy holes contain data. Most readers are probably familiar with mass serialization, but if not, I will describe that in more detail in an upcoming blog. Suffice it to say for now that mass serialization is a means of ensuring that each copy hole on each printed material—e.g. label, package or document—contains a different identifier that can be read (which means interrogated and the data encoded successfully interpreted).
Once you understand the power that variable data printing brings, it is universal acid—you realize it cuts through everything. And in this case, universal ACID means All Content Is Dynamic. Not just variable—but variably variable, or dynamic. Every element printed can be a variable copy hole and so our scenario above shortens to: For every region on the printed material, Copy from Database for that region Thus, every region is novel, or unique identified, and so capable of being interrogated for its information. In anti-counterfeiting, we wish to provide a moving target for the would-be counterfeiters, staying one step ahead of them in the deployment of security features. However, this is a tedious game for us as well as the counterfeiters. SVDP offers us, however, an innate moving target—the ability to change the very nature of the variability on the fly. With SVDP, we have a way of providing a moving target without having to change our technology. VDP is the technology that provides a continual, built-in moving target. SVDP allows us to interrogate the information that is printed variably. This means that SVDP extends variability beyond just having a different identifier in the variable copy hole. It provides a who, what, when, where, why and how variability to the security printing RIP.
Who varies the job can tie the set of deterrents deployed—and how they link together—to a particular press operator, SKU, brand, or other logical units. By linking, we mean how the set of variable features relate to one other. Examples of deterrent relationships include replication, hashing, sequence fragmentation [sharing the mass serialization data between two or more variable copy holes], and other techniques for making the multiple variable regions “cooperate” with each other. One particularly powerful method is to use one deterrent—usually one used for track and trace or authentication already—as the registry “look up” sequence from which the signed-in user may then obtain information on one or more other variable regions.
What is varied also depends on how many security deterrents the brand requires—some for track and trace, some for authentication, some for forensics, some just to decoy the would-be counterfeiters, some to be used in case of recalls or other contingencies, etc.
When the deterrents are varied—or more importantly when the variability pattern is changed can be tied to pragmatic product details, For example, if the shelf life of a product is 6 months, it makes sense to change the relationship between deterrents every six months, so expired products also exhibit “expired” security strategies.
Where the variability is provided can change, too. Variable regions can be made static, and static regions can be made variable, over time. This keeps the would-be counterfeiter grasping at straws, and yet can still accommodate using a consistent variable deterrent, such as a 2D barcode, over time.
Why the deterrents are made variable depends on the realities in the supply chain and in the hands of customers. If certain deterrents are being successfully attacked, then adding new variability to the printed material is another way of gathering information on who the counterfeiters might be—insidious insiders, for example, may quickly incorporate these new variable regions, even if they are not tracked by your authenticators, and so tip their hand to you.
Finally, how the variability is provided is up to you. With VDP, there are so many “how” possibilities that you are being remiss as a brand owner if you fail to do either of the following two VDP processes: 1) Make a plethora of regions variable2) Change the relationship between the variable regions frequently In other words, we vary the way we vary the variability at various times. It’s VDP to the nth. And the more variable regions you have, the more security bits you can print.
We have to assume that the counterfeiters are aware of all these possibilities. And, at first, they appear rather daunting to the would-be counterfeiter. But, counterfeiters don’t react the way we expect them to, and so we have to be prepared for the unexpected. To help illustrate this, in the next blog, I am going to show how we might set up and defend our own counterfeiting business! And who knows, maybe SVDP will pass even this test…
Are You Making It Too Easy for Counterfeiters? Then, Let Me SLAP You!
Acronyms and anagrams are excellent means to simplify a message and to provide easy recall of this message (thus, the word “mnemonic” [Greek origin]—assisting or intended to assist the memory). For example, in 3rd Grade, I figured out that my last name was an anagram for “KISS ME”. And I conveyed this knowledge to all of my female classmates. Which, not coincidentally, leads us to discussing the mnemonic SLAP.
SLAP, in the case of producing an effective ecosystem for brand protection and anti-counterfeiting, is an acronym for Scalable, Logical, Analytical, and Progressive.
Scalable means that the solution you propose can be used on multiple production runs, multiple products (SKUs), and for a reasonable amount of time. Don’t try to “divide and conquer”—that is, don’t use a completely different approach on different products. It will confuse your customers, your retailers, and your inspectors. Not only will it make it more difficult for you to get good authentication feedback, but you actually may increase the perception that your products are being counterfeited. Product “A” has deterrents 1, 2 and 3 on it, but Product “B” has deterrents 4, 5 and 6 on it—hmmm, one of these is probably fake. Or, worse yet, the would-be authenticator simply tunes out—too complicated, not worth it, too hard to figure out how to authenticate the product. Keep the message simple, and use an innate moving target for deterrence rather than actually changing the target. Security Variable Data Printing (SVDP) is such an innate moving target. One can change the information embedded in the security print, but never change the way a user interacts with it. And, because SVDP affords so many different means of embedding trackable and authenticable data, it is innately scalable, as well.
Logical means, well, think! Don’t make it easy on the counterfeiters. Here are some illogical approaches: (1) Spend a lot on your deterrent (counterfeiters love these “high margin” deterrents, because they’ll always knock them off more cheaply, and it decreases your margins while increasing theirs); (2) Use a deterrent/approach for only a short while and then stop using it (now your would-be authenticators don’t know what to expect—was it the old deterrent or the new deterrent, and which is legitimate). Much more logical: any time you roll out a new deterrent, which is unavoidable for some products—educate your authenticators; (3) Confuse different utilities in a familiar approach. Using variable data inside a hologram is one such example—most users think holograms are “variable” already, and aren’t likely to even notice the fact that one hologram is different from another; (4) Confuse machine vs. human readability. If you use a deterrent intended for machine reading, then embed data in a way that machines can read better than humans. And vice versa. Humans, for example, are very good at noticing alignment differences and relative color differences. Mach bands and other optical illusions are entirely invisible to machines. Machines are much better at noticing absolute color differences and of course steganographics such as watermarks. Meaning metamerisms are mainly meant for machines (alliterative, no?).
Analytical means your approach to the ecosystem should be geared at generating quantitative data. What is the compliance rate (i.e. what percentage of would-be authenticators actually try to authenticate)? What is the counterfeit rate? Read failure rate? If you can’t disambiguate these latter two—counterfeit vs. read rate, that is—you do not have an analytical solution. SVDP again underpins such an analysis: a counterfeit sample will generally have a different combination of print quality, print forensics and payload (data to be read) than a legitimate but unreadable—e.g. damaged, read with poor lighting, etc.—sample. Because of the multiple modalities—color, saturation, intensity, steganographics, halftoning, etc.—involved in printing, SVDP provides many on-ramps for analytics.
Progressive, finally, means that your approach allows progressively more complicated analysis to proceed smoothly. From an imaging standpoint, this means we move from image quality assessment (image “grading”) to image inspection to image authentication to, finally, image forensics. At each stage, a more in-depth analysis—and thus more difficult to reproduce—of the printed material is obtained. Making the first stage, image grading, relatively fast and painless, is an excellent way to generate “leads” from your customers. HP and many other brands address this by using “high-end” overt deterrents on their packaging. Customers are familiar with the motif—color-shift, thermochromic, etc.—and so notice when these have been unsuccessfully knocked off. Inspection ties layout and partial authentication to quality. Authentication ties the print job to the database of legitimate products. Forensics ties the data to the very material printed on, as discussed above.
Happy 2009!
-Steve
Posted
12-30-2008 4:56 AM
by
StevenSimske
Filed under: Counterfeiting, variable data printing, security printing, anti-counterfeiting, security, brand protection, brand name, VDP, security VDP, printing, security deterrent, anagram, Security Variable Data Printing, safety