Call outs or crossheads:
Knowing where the product is and has been is not the same as knowing that the product on sale at any given retail outlet is genuine.
Are traditional tried and tested methods of document and product authentication, such as optically variable devices, became obsolete?

The Decade in Authentication

The actual or intended destruction of the New York World Trade Center towers, the Pentagon and the White House on September 11 2001 was a defining moment in the history of authentication. In the previous decade, the most security conscious nation on earth, Israel, worried about the unambiguous determination of people’s identities. Israeli security forces worried about the flow of Palestinians across its borders and asked us, the industry, ‘how do we know that document holders are who they say they are?’ This simple question went to the heart of the issue of authentication regardless of whether we are talking about people or things.

The events of 9/11 took the question from a small state in the middle east to the USA and hence to the world platform. Of course, we worry about the security and authenticity of an identification document and many measures have traditionally be taken to ensure that the information describing the owner, photo and description, cannot be altered. but now comes the deeper question of the issuance of the document in the first place; was the person to whom the document is being issued, really who they claim to be?

By extension, the same question can be posed about goods; ‘so the packaging and labeling is genuine but how do I know they aren’t applied to fake goods?’ Or, alternatively, the product may be genuine but is it out of date, has it been properly stored, and is it being legitimately distributed in my country?

The doubt was always there and caused concern to brand owners and bona fide purchasers of software and expensive whiskies etc but during the first decade of this century a new threat was realized that threw the authentication business into high gear – the threat posed by counterfeit pharmaceutical products.
The ideal answer to legitimizing or authenticating things, whether people or goods, was deemed to be the same: the ability to track the thing as it travelled around the world or moved through the supply chain, with the facility to trace its movements back through this chain - more simply known as track and trace.

E-Pedigree or Serialisation

In the case of goods, specifically medicines, the Food and Drug Administration (FDA) in America took an uncharacteristically proactive step in declaring that medicines should have their entire histories recorded from the synthesis of their active ingredients all the way through the supply chain via formulation, packaging and distribution until the point of purchase or administration. All this information would be stored digitally and be available for consultation by the appropriate authorities. Cumulatively, this electronic background history would become known as e-pedigree. The FDA went one step further and defined the technology that could make this happen. Influenced by millions of lobbying dollars from interested parties in the RFID industry, the FDA ordained that this was the technology of choice.

After millions more dollars had been spent on trials by the likes of Pfizer and Wal-Mart, it became apparent that the claims for the technology had been inflated beyond what could be conveniently and cheaply delivered. Furthermore, the infrastructure to carry out the writing to and reading of the chips would require billions of dollars to create, and the FDA failed to specify who would pay for this. Steam was further taken out of the implementation of such schemes by key states, such as California, deferring the requirement for implementation until well into the next decade.

Meanwhile, other parts of the world, and other industries, were taking a different approach. Malaysia mandated the use of serialised holograms on all registered medicines, and in the second generation these have a polarized security feature; the US semi-conductor industry, through its trade association, has established an encoded serialisation system, as has the European vehicle parts industry; and the European pharmaceutical industry, through EFPIA, its industry association, is (after several years of discussion and research) running a pilot scheme to test data matrix 2D barcoding as a method of tracking medicines.

There are fundamental differences between the e-pedigree approach and the data matrix approach. E-pedigree requires the ability to write information on the product as it moves through the supply chain; it is a dynamic system. Data matrix, and other serialisation methods, write a unique number on the product and read that number in to track the product through the supply chain. It is a static number, albeit used to record dynamically on a database. There is another very significant difference: the costs of implementation; e-pedigree is not yet affordable, serialisation is.

Track and Trace and Authentication

Whatever the method of track and trace, it has been accepted by most concerned authorities that knowing where the product is and has been is not the same as knowing that the product on sale at any given retail outlet is genuine; that requires something that is inseparable from the product to help demonstrate that it is genuine - now commonly known as an ‘authentication’ feature or device. Flea markets and car boot or garage sales tend not to have the means of reading an encoded serial number to refer to a central database, but these are the places where it is especially important to know whether something being sold is genuine or not. Hence the increasing recognition of the need to complement track-and-trace systems with authentication methods.

Similarly, the equally important question of how to authenticate people at a national level still remains, although partial measures have been introduced. The greatest flurry of technical activity was prompted by the USA which, in an effort to know better who was entering the country, ordained that passports should be electronic. This means that the personal data contained within the passport should be stored electronically and be accessible to customs officers, hence the passport booklet should be able to communicate directly with an electronic reader. The monumental 6th version of Document 9303 issued by the International Civil Aviation Organization (ICAO) in 2006 provided specifications for the new globally interoperable biometric identification system and the data storage using a contactless integrated circuit. Thus, the world scrambled and some countries began issuing electronic passports in 2006.

Outside the USA, the use of biometrics has flourished. Frost & Sullivan, in a new report, estimate that biometrics in the EMEA region (Europe, Middle East and Africa) earned €216.1 m in 2008 (about $300 million). The technologies that provide biometric identification include face recognition, iris recognition and hand geometry as well as voice and signature verification. The US Border service now requires fingerprints from all arriving passengers, while iris recognition immigration systems have been installed at several UK and Dutch airports and is set to be widely adopted in other European airports in the next three to five years.

So, does all this mean that traditional tried and tested methods of document and product authentication, such as optically variable devices, became obsolete? Not at all. E-Pedigrees and digital readers are all very well provided the power is on and the inspectors suitably trained but there is still no substitute for the human senses. Germany strengthened the security of its passports by introducing a state of the art holographic laminate which, itself, contains variable data to protect the printed variable data. The USA had the option to apply a common hologram to all state-issued photo-ID driving licenses, thereby making the security more recognizable to examiners, contrarily declined to implement this and the Real ID Act, enacted to strengthen document security, merely required the use of ‘Federally approved’ documents by 1 January, 2010. What this meant was not specified.

Meanwhile, however, many new identification documents issued in the US, from the Western Hemisphere Travel Initiative card to the Transportation Workers Identification Credential, are protected by holograms – the tried and tested overt authentication method for human eye examination.

Rising Profile of Anti-Counterfeiting

While the perfect authentication and tracking system has not yet been devised – posing a challenge to the authentication industry – the public sector profile of the need to combat counterfeits has increased exponentially in this first decade of the 21st century. Now, undoubtedly, governments care about counterfeit goods as well as counterfeit documents (they’ve always cared about counterfeit banknotes!). As has been the case for well over a century, France leads the way in framing and enforcing legislation which makes it illegal to import, trade, wear or use counterfeit goods. But the topic is no longer ignored by other countries or policy meetings: the G8 summits now regularly issue statements about the need to fight counterfeits, and this is regularly discussed at the Davos World Economic Forum.

Discussions and issuing statements is easy for governments, but there are also specific commitments to fight counterfeits. The EU has issued several directives applying to combating counterfeiting and piracy, and is currently considering a major revision to its medicines supply chain regulations to strengthen the protection against fake medicines; China has introduced technical standards for anti-counterfeiting devices with legislation to require all consumer goods to use such devices being implemented slowly across the country; India, like China, has recently introduced draconian penalties for counterfeiting medicines and other ingestibles - although whether these countries are providing adequate investigation and law enforcement resources is questionable.

Governments also fund Interpol, the World Customs Organization, the World Intellectual Property Organization and the World Health Organization, four inter-government organisations that are taking active steps to raise the barrier for counterfeiters. In addition to their internal policies and programmes, these IGOs combine to organise the Global Congress to Combat Counterfeiting & Piracy, an annual meeting which – supported by industry through BASCAP and INTA –  genuinely provides a forum for policy, strategic and tactical discussions between national law enforcement agencies and law makers.

More particularly for authentication providers, the current moves to introduce standards for authentication and anti-counterfeiting through the International Standards Organization, can only – if properly drafted – encourage brand owners and other IP rights holders to use authentication systems to help to detect the fakes and so protect their products and their customers from the counterfeiters.

With all these trends, strategies and policy developments emerging in the past 10 years, the coming decade holds much promise for the authentication community!