Although excise tax management systems and tobacco control programmes have different goals – where the former is concerned with collecting taxes and the latter with protecting public health – there is a point at which these goals overlap, given that both parties have an interest in eliminating illicit trade.
One of the measures used to counter illicit trade consists of applying secure, unique identifying codes (UIDs), via a secure label or tax stamp, to tobacco or other products, so that they can be authenticated and traced through the supply chain.
The use of secure and traceable UIDs has thus become a universal requirement among tax authorities and tobacco control regulators, as well as other parties concerned with the eradication of illicit trade. Such widespread use means that the UID generating function, itself, should be open and universal, rather than trapped within an IT silo.
To this end, in 2016, the first global track and trace standard was developed: ISO 16678:2016 (ISO/DIS 22378) – ‘Guidelines for interoperable object identification and related authentication systems to deter counterfeiting and illicit trade’.
The standard describes a number of important and distinct functional units that make up a product identification and authentication scheme. Back in 2016, most systems that were in place – like our Codikett platform – typically consisted of functional units as depicted in Fig 1, at the centre of which was a trusted UID query processing function.
Fig 1 – Object inspection model from ISO 16678:2016 (ISO/DIS 22378).
We subsequently followed up ISO 16678 with a new standard, ISO 22381:2018, pertaining to the implementation of interoperability between systems, where we identified a number of additional functional units, namely:
UID generating function (UIDGF)
Attribute assignment function (AAF) – ie. the assignment of product/manufacturing data to a UID
Trusted entry point (TEP).
Let’s take a closer look at how some of these interoperable functional units relate to excise tax management systems and tobacco product traceability.
In Fig 2, we can see how the trusted creation and issuance of UIDs is a prerequisite for both excise tax collection and tobacco product traceability.
Fig 2 – UID issuance for tax collection and tobacco product traceability.
In the case of tax collection, it is the tax stamps that are being traced, as opposed to the product. The UIDs allow for tax stamp traceability until the moment the stamps are applied to the product and activated – which is also the point at which excise tax is paid, or becomes due, and the product is ready for market.
In the case of tobacco control regulations, on the other hand, the emphasis moves to tracing the product itself. Regulations such as the WHO FCTC Protocol to Eliminate Illicit Trade in Tobacco Products and the EU Tobacco Products Directive (TPD) call for the track and trace of products. In the case of the TPD, the products must be tracked right up to the last economic operator before the retailer.
Despite these differences, it is possible to use one single secure UID – ideally applied to a tax stamp – to serve both tax collectors and public health bodies, which is why the UID generation function needs to be universal.
At Securikett, in 2021, we launched the Codikett cloud-based software platform for product verification and traceability. It is a generic solution, independent of other functional units, that can be applied to different business cases. These include tax stamps that carry a UID, or other security labels under public control that also carry UIDs (such as car inspection labels and highway vignettes), or security labels for recycling items like plastic bottles.
Assigning data to UIDs
When we refer to the data that are assigned to a UID, there are in fact two types of such data: attribute and event. Attribute data refers to information pertaining to the product and its manufacturing, whereas event data refers to information generated along the distribution chain.
Typically, UIDs are used as a pointer to data that is stored on the internet rather than being printed together with the UID on the product. Having said this, one of the key provisions of the EU TPD contradicts this basic UID functionality, in that it requires certain product-related attribute data to be printed directly on the pack of tobacco products. Event data, on the other hand, can be assigned to the UID at a later stage, once it has been captured from the distribution chain (which, in fact, is the only way it can be added).
But, if event data can be added later, then why can’t attribute data? Indeed, it would be possible to do this in a safe way using blockchain. And it would be easier and cheaper (in particular for emerging countries) to have the UID pointing to all data, as well as have it pre-printed on tax stamps, in a secure printing facility, rather than installing costly equipment and processes to print the UID directly on the production line.
I think the reason why the TPD requires some of the attribute data to be directly printed on the product (which, by the way, is also the case for the pharmaceutical sector) is to protect against fraud, in particular that related to directly printed UIDs, which could be exposed to the manipulation of data such as expiry dates or target markets.
However, as already mentioned, it is possible to secure the assignment of attribute data in a blockchain, which would solve the whole problem. Although we might think of blockchain as a solution for capturing all events in the supply chain, a more important use is for capturing specific events such as UID issuance, batch data assignment to UIDs, and other events that may carry a certain risk.
Trusted entry points
Another functional unit relates to trusted entry points (TEPs) for enabling secure interoperability of diverse verification systems. A verifier (inspector) needs to have access to an application that can be considered as a TEP, given that one of the main risks facing a UID verification system is that the whole system could be counterfeited.
ISO standards define TEPs as a method provided and/or certified by a trust service operator for resolving, without ambiguity, any UID.
Together with Advanced Track & Trace, Securikett has developed a model to demonstrate TEP best practice. The model shows how an app for accessing data via a UID can be made more secure, by applying an electronic signature to the UID. Only once the app has identified this signature does it proceed with connecting to the relevant verification platform.
Even companies that are competitors can use the same TEP to access their individual response pages. We therefore think this functional unit is of high value for moving forward in an interoperable world.
Linking UIDs to physical authentication
The verification of a UID should be directly linked to the verification of a physical authentication feature on a product, given that a code, as such, can be cloned.
Therefore, to print a UID on a product without an accompanying authenticating element is not really telling us anything.
An example of this physical/digital link is provided by a solution that matches the Codikett UID on a tax stamp with a 2D data matrix code that has been laser-etched into a glass bottle.
The solution – known as the Laser ID Mark – was developed together with Bucher Emhart Glass, the leading manufacturer of glass container production technologies.
It consists of a unique, unclonable code (which can be in human-readable or 2D code form – or a combination of both), which is etched into individual bottles during the manufacturing process, while the glass is still hot. The etched code can then be linked in a database with a Codikett UID on a tax stamp affixed to the bottle.
Standardised coding technology is used to generate the codes, which carry information such as production line and date of manufacture. The codes can be read by a barcode reading app on a smartphone.
Whilst the Codikett UID on the bottle shows that the tax stamp is valid, it doesn’t show that the bottle itself is. The Laser ID Mark does that. It makes the individual bottle identifiable and also facilitates the resorting of bottles for recycling purposes.
Furthermore, the marrying of the ID Mark with the tax stamp UID in a database ensures the stamp is attached to the item it was originally intended for, and is not being reused on a different bottle.
Linking the verification of a UID with the verification of a unique mark etched into glass.
Another way to increase security is to work with tamper-evident technologies such as void labels, which are a special product of Securikett. When the label is peeled off, it leaves behind an irremovable pattern accompanied by the words ‘VOID’ or ‘OPEN’, indicating that the label is destroyed and can’t be reused. Once the label has been removed it is virtually impossible to reattach it.
The combination of physical and digital solutions is key. While the logical aspect of digital technologies is the backbone of modern solutions, the physical combination is needed for authentication. At Securikett, we have always focused on tamper evidence for this reason, because if a stamp can be transferred to something else for reuse, it’s as if it were actually a fake itself.
Going forward, it will be crucial for organisations in both the public and private sector to ensure they remain independent and futureproof, by thinking and acting in terms of trusted functional units. As far as the tax stamp and product track and trace fields are concerned, such units include:
Secure attribute assignment
Transactional data management: ie. UIDs of tax stamps up to placement on the market, and products carrying UIDs through the distribution chain
Trusted entry points for queries.
And let’s not forget the importance of linking UIDs to physical authentication features.
Be prepared for global interoperation and don’t get caught up in IT silos!