Here goes my second post.
I’m going to elaborate on Codentify’s methods of counterfeit avoidance, or the lack there of.
Before I get started it is important for me to note that I have received encouragements by leading anti-tobacco activists after my first post. To those who wrote me; thank you for your support!
Allegedly, making a hard time for counterfeiters should be one of the tobacco industry’s main goals. Although, when this interest conflicts with simplifying the production process and increasing revenues, it seems tobacco companies prefer to cut counterfeiters some slack…
I’ll remind you how Codentify’s product authentication works:
Let’s suppose your cigarette tastes funny and you want to confirm they are an authentic product and not counterfeit. You can submit the Codentify 12-digit code printed on the pack via SMS / Call to the hotline. The system then checks if your code has been verified before. If it has not then the system will derive what factory the pack came from, that is it! The system can easily produce a false positive. It has no way of confirming that my cigarette is genuine only that the code number has never been checked before. On the other hand it can also produce a false negative. Let’s say someone has already received confirmation that their code is genuine on a counterfeit pack and I then check the code on my real pack, the system will respond by telling me mine is in fact the fraudulent pack as the code was already submitted by someone else.
This procedure might be sufficient to catch counterfeiters that copy a single code to a large amount of packages, so that if for example there are thousands of packs with the same code, it would be checked more than once, and therefore mark it as suspicious product.
Although, if a counterfeiter copies let’s say a thousand codes only once or twice, the probability the same pack would be checked twice decreases significantly, and the probability it would be checked enough times to raise a flag and get someone to investigate it drops nearly to zero.
When you think about it, a thousand packs of cigarettes is not so expensive to legally buy. Nevertheless, if you’re a shop-owner, or better, a part of tobacco product distribution – copying a couple of thousands of different packs from various brands is no big deal.
I have been asking myself, why the companies implemented such weak measures to protect its own brand. I mean, if you’ve invested time and money into developing your own cryptography patent, why not securing it a bit more. Examples for solutions off the top of my head:
• Not using a 12-digit number that is printed on the outside of a packet as your security mechanism. That’s just lame.
• If so, at least provide the consumer some basic info when he checks the product, so he would know he holds a pack in London that was intended for Paris and produced more than a year ago.
• Checking the codes throughout the delivery process, and informing the consumer it was checked at the key-points of the supply chain. Now I’m not saying they should store all they’re codes into a DB as it is (that would be an obvious security breach), but saving some altered versions of it in order to perform these checks may do the trick.
But then it hit me… what if they’re purpose was not to secure their brand. When producing billions of packs a month, you don’t really care about small scale counterfeiters no matter how dangerous their product might be. All they ever cared about was making the printers go faster, while giving a simple barcode a name that sounds “high-tech-security”, and getting governmental authorities off their back.
I would also like to note that as I mentioned in my first post I had managed to reach out and connect with an insider in the industry. I have since met with him and video recorded our meeting where he explains in depth just how much of a ruse Codentify is. I have a friend currently editing the video and I hope to have it up by the end of next week. I think it is very hard hitting material so stay tuned.