Drivers

Why "authenticate" a product? It takes time, costs money, it's hard to quantify the benefits, and its inconvenient.

When you stop to consider these questions, you realize that there needs to be a Driver. Some reason that tips a company over the edge to take the time, effort and cost to make it happen. Probably the easiest way to rank these is to think along two axes, one being urgency and the other being the magnitude of risk.

The easiest driver to understand, and the most urgent, is regulatory. Pharma companies will be spending millions on serialization over the next couple of years, not just because they think its the right thing to do, but because governments have required it. And when a regulatory driver is present, the cost goes from being a "hard to quantify" to a "cost of doing business".

Next is a legal driver. IMO, actual or potential liability & litigation for the effects of a counterfeit product is a much stronger motivator than even the threat of the loss of sales, profits or brand image. It's really hard to quantify how much these issues effect a company, and there's no requirement to report them, but a negative verdict in a liability action almost invariably becomes public, along with the damages awarded.

Finally, value based drivers (loss of sales, profits and/or image) are the ones we're most familiar with, and hear about most often. But they are the hardest to quantify, both on the front and the back end. 

Hard to value what you should spend, when you don't know what it's costing you, or what the return will be. 

 

Is Serialization Authentication?

In discussions I've had with colleagues over the years, the question has often been asked as to whether or not serialization can be a legitimate form of authentication? The arguments against it usually revolve around the fact that since serialization media are printed on existing labels or packaging, they can be, and usually are, easily copied, as opposed to physical authentication technologies whose core being revolves around being hard to copy. 

IMO, this misses the point. The issue isn't whether or not a particular technology is harder to copy than another, its about whether or not any technology is usedtrusted and sanctioned by the issuers & audiences that need to rely on it.

Like it or not, serialization is increasingly being seen as a primary, and sometimes the sole, means of authentication, just look at the DQSA here in the US and the European Pharma serialization requirements which are pending.

I think the question should be; Will serialization = authentication?

What do you think? Let me know.

Inconsistent

What does it mean to authenticate something, or someone? How do we know when something is authentic (when to trust)? Who tells us what we must do, and when we have (or they have) determined its OK?

IMO, one of the biggest challenges to developing and implementing effective authentication systems has always been the fact that the thresholds & process for determining authenticity vary so greatly between different products and contexts. Think about:

  • The TSA person checking you out at the airport to let you board the plane
  • The store clerk accepting your credit card for payment
  • The pharmacist filling your prescription

In each of these situations, the criteria, the tools and the process for checking those tools varies widely. And most importantly, the threshold for being able to say "this is OK" varies as well. 

Hard to find the right technology to trust when the game changes so much.