Tracking and authentication — both are important!

About the blogger: Ian M Lancaster is a founding director of Reconnaissance International Ltd, which specialises in information about secured documents and products. He is a member of the ISO committee, which has drafted several authentication and anti-counterfeiting standards, and is the general secretary of the International Hologram Manufacturers Association (IHMA). Ian is also the director of the Global Forum on Access to Safe Medicines (formerly on Pharmaceutical AntiCounterfeiting Solutions).

Pharmaceuticals have become one of the most commonly — and most dangerously — counterfeited products, largely because it is so easy for a criminal to make something that looks right but has no — or inadequate — active ingredients. And while this problem is most prevalent in the poorest countries and developing nations, it is also an issue in developed nations. That is why the EU issued its Falsified Medicines Directive (FMD) and the US Congress recently enacted the Drug Quality and Security Act, both legislative attempts to establish stronger protective systems for medicines distributed in their respective jurisdictions.

However, it is not only counterfeit meds that are unsafe, as the WHO recognises with its cumbersomely-named Member State Mechanism on Substandard/Spurious/Falsely-labelled/Falsified/Counterfeit (SSFCC) Medical Products. Spurious, falsely-labelled, falsified and counterfeit are all frankly synonyms for fakes, and substandard covers many other issues such as badly stored, out of date and so on. All of them are a cause of concern for patients and hence the need for careful supply chain control and monitoring and careful marking of legitimate pharmaceuticals; two complementary and necessary requirements that are often seen as the same thing.

Monitoring and control of the medicines supply chain has become easier in recent years with the advent of low-cost track and trace systems, which allow every pack to be marked with a unique code that can then be read at key points in the distribution system. These systems take serialisation to a new level of functionality, using encoded numbering systems such as data matrix codes to carry critical information about the item that they are on. That information can include the unique identifier for the item, manufacturing place and date and intended destination market. The unique identifier is stored on a central database so that when the code is read at key distribution, dispensing or selling points, it can be checked against the database to make sure that the item is in the intended place at the expected time. Also, when it is dispensed or sold, then the record can be appropriately marked.

More sophisticated systems, such as the e-pedigree aspiration of US legislation, aim to write back to the item the action that has been performed on it, noting what, when, where and by whom. But these systems are still more dream than reality, because the write/read/write infrastructure is very expensive, as is the chip or other method of receiving the updated data on to the item. Data matrix and other methods of encoding serialisation are here and now, as demonstrated by GS1’s healthcare marking standards.

All of these enhance supply chain monitoring and inventory recording, both of which help to keep fakes from being insinuated into the supply chain. However, they do not provide the other essential component of ensuring delivery of safe medicines to patients — authentication.

In 2012, the International Standards Organization published its standard 12931, titled Performance requirements for authentication solutions in the field of material goods, the first international standard to prescribe such requirements. That standard makes a case for the complementarity of tracking and authentication, stating that ‘track and trace on its own does not provide authentication (of material goods)’.

Why not? If the supply chain can be controlled and each item tracked from factory to patient, why does this not mean that the medicine as taken by the patient is always genuine? The answer lies in a human being’s inability to read a data matrix code, the vulnerability of network-based systems and the fact of the existence of parallel supply chains (those set up by the counterfeiters or other criminal suppliers).

It is generally accepted these days by product or brand protection managers and others in the authentication community that the most effective way to combat the efforts of counterfeiters is to use a combination of different types of functional feature. This is captured in ISO 12931, which recommends the use of overt and covert features, with the facility for forensic analysis, all complemented by track and trace methods. Overt features are readable by one or more of the human senses, while covert features require some kind of tool to become readable, whether by revealing something to a person or to a machine. In either case, they are independent of network connections and databases at the other end of a telecoms link, thus they work in adverse conditions as long as the person doing the examining is properly equipped with the right tool and a reference feature to compare with.

Also, network-based systems are vulnerable to interruptions, hacking and other attacks. Neither a human eye nor a reading device can tell whether a data matrix or similar code has been copied, with a link to a cloned website (think of all those phishing emails that link to a cloned bank website) so that the item is seemingly validated as the authentic product.

And while pharmaceutical company supply chains are tightly controlled, this control does not extend to the parallel supply chains through which fake medicines are sent from a factory (often but not always in China) to the street market or bazaar in an African, SE Asian or other vulnerable country. Or, indeed, to a pharmacist in Europe or the US. The fake products in these supply chains may well have a code on them, but it is a code that is linked to a false website, and that assumes that the code will be used, which is most often not the case.

A linked overt/covert authentication feature is the only way to demonstrate the genuineness of a product in the supply chain or on a counter or stall at the pharmacist or street trader, but the best combination is to link that feature to the encoded serialisation feature. This can be done through separate features, each operating independently, or they can be combined, for example, in a hologram or colour-shifting ink that incorporate a data matrix code. In this way, they become inseparable, the one validating the other and providing the best supply chain control and authenticator of the item.