During the 2025 Tax Stamp & Traceability Forum™, Francis Tuffy of Reconnaissance International chaired a panel discussion on the role of physical security features in an increasingly digital landscape, where artificial intelligence (AI) and quantum computing (QC) are coming to the fore.
Joining Francis on the panel were Sven Bergmann, founder and CEO of Venture Global Consulting, Tony Rodriguez, Chief Technology Officer of Digimarc Corp, and Ian Lancaster, consultant and co-founder of Reconnaissance International.
This article presents the discussion flow between panellists and audience.
About every 25 years or so, there are certain sets of technologies that combine to change the world.
In 1975, we had the mass consumer production of integrated circuits, which led to a whole raft of new devices and business efficiencies, using computers.
In 2000, we had cheap access to the internet which, combined with a step change in telephony, gave us interconnection between people and devices around the world, cheaply and instantaneously.
Now, in 2025, we have the combination of two technologies which will change the world for the next 25 years. Those two technologies are AI (otherwise known as machine learning), and QC.
QC, admittedly, has not yet reached a commercial level. But quantum logic has. So, what is the relevance of AI and QC to tax stamps?
AI loves large datasets that are constantly being updated, because it needs to train and test its improvement. The larger the datasets, the faster it learns. As for QC, it loves a large number of events with only one possible outcome. For example, rolling a die consists of six events (the six faces of the die), with only one outcome (the die lands on just one face). QC loves tackling those problem but on a very large scale.
But what’s that got to do with tax stamps? Well, what is it that we do? We generate millions of unique identities, and we put those identities out into the marketplace, in the belief that at some point in the future, when we test any one of those individual items, we will be able to prove that it is a true, untampered identity.
Today’s discussion is not specifically about AI and QC, though, but rather about the switch from physical to digital, which we have heard is steamrolling through our industry.
Whether you define ‘digital’ as digital printing, or as a set of binary data that only exists ‘virtually’ as codes in a database, the transition towards ‘digital’ is inevitable.
But does this mean there will soon be no place left in this wholly digital world for physical security features? Let’s hear what our panellists think.
Ian Lancaster (IL): We live in the material world. We are analogue beings. I interact with you; I shake your hand; I give you my business card; you interact with your notes, whether on your computer or on a piece of paper. We are not digital beings.
It’s relevant that we’ve heard a couple of presenters saying at this Forum that less than 1% of the public pays any attention at all to whether something is genuine or not, and that the printer’s magnifying glass is still the key tool for examining a suspect document. That’s a very important point to bear in mind.
We are not talking in this panel about the public deciding on whether something is real or not. We are talking about experts. And those experts must be very familiar with the item they are examining, because the human eye is still one of the most effective examination tools – as is the sense of touch, but we don’t really use touch for tax stamps.
I can look at a design – printed, hologram or otherwise – and because, as an expert, I know what I am looking at I can spot a fake pretty quickly. I have no idea what a jumble of dots, squares, and patterns on a datamatrix or QR code mean. And I think that is a very important distinction.
Tony Rodriguez (TR): As long as we believe that Level 1, overt security features have a role to play, physical features will remain. Having said that, in order to make Level 1 features effective they should be tied to some type of digital backend to enable reconciliations, proof of authenticity and visibility into the supply chain.
It is a false dichotomy we are discussing; you must have both physical and digital technologies. Until the time when we decide that Level 1 doesn’t matter, or that we don’t want to understand the supply chain, or understand the identity of an object, we are going to have both.
Sven Bergmann (SB): I agree that there will always be a place for Level 1, physical features. But I have heard a lot of people at this Forum saying tax stamps should be authenticated like currency, with all the features and printing that this entails. This is fine if the problem we are solving is how to authenticate tax stamps.
But what if the problem is not one of fake tax stamps and counterfeit products, but rather a problem of manufacturers flooding the market with illicit whites that do not use authentication features (as is the case in Pakistan).
The only way you can fight this is with data, incorporated into a track and trace or other revenue system, and ideally integrated into a tax stamp. How you incorporate data into the stamp, though, is important because sometimes it is very difficult to distinguish real from fake stamps, unless you are an expert.
During COVID-19, one of the most counterfeited items were 3M masks. But these counterfeits were carrying holograms on them, whereas 3M itself doesn’t use holograms on its masks!
This serves to illustrate that, rather than thinking from the outset that there must be a Level 1 feature in our solution, we should first look at what the actual problem is that needs solving, and then select the solution best suited to the job. In other words, we should tackle the issue from the other way round, ending with the selection of Level 1 features for verification.
Following these opening statements, the panel moved to a Q&A session, which generated a lively interaction between panellists and members of the audience. Here are some of the questions covered.
Q: If you, as a user or specifier, had to choose today between physical only or digital only, what would you go with?
Audience: I think there is no binary answer between physical and digital. Digital for me means computational power, whereas physical is our life, our world. But the two are intertwined.
Take direct marking, for example, which, at first glance, is considered digital only. But this direct mark has to be laser-engraved or inkjet-printed onto the product, at which point it becomes physical.
IL: Direct marking has a very important place in tax stamping, but it also needs physical protection such as an ink with embedded security features. I don’t think direct marking has the range of possibility of physical protection that a physical stamp has but that doesn’t mean that I am against direct marking.
SB: I would like to give an example of a direct marking programme that doesn’t use physical protection. In the US, every drug carries a unique code. There are no security markings and no special ink. It’s just a barcode.
A month ago, for the first time ever, a counterfeit medicine – Ozempic® – was discovered in a US pharmacy, by the pharmacist himself. In the US we have an instant verification system that works via the scanning of the code. It’s a full track and trace system, rather than just tracing. And it works. But it works for what it was built to do which was keep counterfeits out of the supply chain. We didn’t need to authenticate the packaging. It is a data-driven solution that makes sure counterfeits stay out.
Can the number itself be cloned? Yes, it can. But what can’t be cloned is the data behind it, because that serial number didn’t go through that wholesaler, that manufacturer, that process. It doesn’t match up. And therefore, it’s a fake.
TR: Such a solution may work in a situation where there is control over the supply chain, but the reality is that for many applications, especially over- the-counter pharmaceuticals, we have pharma companies asking us to layer digital and physical print technologies on top of a particular directive to help with consumer authentication.
IL: Agreed. We hear of many cases of cloned websites, cloned data stores etc. When I point my phone or even a more sophisticated reader at a code, I don’t know where it’s connecting to.
Q: What safeguards are critical in preventing cyberattacks from undermining trust in a digital tax stamp system?
SB: Cyberattacks are becoming an increasing threat. They can be addressed with the use of double-end redundant systems, where redundant components are placed at both ends of a connection or system, creating a backup path in case one end fails.
However, the question should be: what data will be hacked? If it is a bank of codes, you can apply encryption protocols to ensure that even if that bank is hacked into, the hackers won’t be able to get hold of the encryption protocol.
While people believe that AI will be able to fake all kinds of things, we also have the opportunity to deploy smarter AI to detect these fakes. So, it’s going to be a digital arms race, fighting tech with tech.
TR: The breadth of services that we employ, for example to carry out actions like penetration testing (simulated cyberattacks), include those offered by CrowdStrike and Snyk. So, it comes down to availing yourself of these services.
You also need to make sure you have the entire house protected with fences and searchlights, without leaving the front door open. Based on this analogy, it is really important to think through what symbology you are using for authentication and traceability purposes – whether it be a QR or other code – and what security features you will add to that symbology, because a QR code, by itself, is its own vehicle of attack.
Q: How can a government balance digital tax stamps with physical accessibility in a mixed technology regime?
IL: It’s clearly a dual future; it has to be. We can’t do without data, but we still need a physical carrier of that data, whatever the symbology and cryptology method used. You can print a code, but you have to print it somewhere, whether it’s direct marking or a material tax stamp. We’ve already referred to layering, and I would emphasise here that it is essential to combine different levels and types of security into your solution.
SB: Fully agreed. You can apply a code directly to a pack, secured with a taggant or fingerprint, for example, and then you don’t need an entire stamp. And then you can layer on as many features as needed until you have a solution that will solve your particular problem.
Q: What are the panel’s views on a future where AI can do everything, including authentication?
TR: I am a member of the AI security committee of the National Institute of Standards and Technology in the US, where we look at how AI models are being proliferated and how this impacts data sovereignty and associated accuracy.
One of my concerns is that when you start using AI for authentication, the entire model is completely dependent on how it has been trained.
You should challenge any statement promoting a particular AI model for authentication by asking how that model was trained, and what the training sets were. Because any AI model can be trained to give you any answer you want. This doesn’t mean that AI isn’t powerful. But remember to ask questions.
AI is the buzzword right now but basically what AI does is find the same patterns over and over again, thereby helping you to uncover smuggling data and hotspots for diversion more quickly.
Audience: I would like to comment on a potential future where AI generates the only security feature on a tax stamp – natural fingerprinting coupled with a unique identifier – and where physical security features no longer exist.
In theory, such a future sounds great. But the reality is that you have billions of stamps and products out there that you need to authenticate, and you need something very solid to authenticate them and bring a case to a court of justice. And solid means physical. It does not mean AI. AI can do wonderful things: perform extensive analysis, uncover fraud, guide prosecutions and inspections, make forecasts. But AI cannot replace real physical elements.
TR: To be clear, ‘solid’ does not just mean physical. Covert, digital information-carrying features have been used as a basis for case law and prison sentence convictions, providing definitive statements as to the identity of an object.
Audience: We currently face a challenge with extensive spoofing in the digital space, given that hundreds of bad actors have ready access to digital technologies. How can we give the end consumer the guarantee that the online data they are looking at is legitimate?
TR: There has to be interoperability at the data level, and that’s critical across boundaries, organisations, and countries. But first and foremost, it’s important not to use a publicly available technology as your authentication tool. If you do, you’re already starting off on the wrong foot.
Francis Tuffy wrapped up the discussion by concluding that there was a clear consensus, between panellists and audience alike, on the need for a combined physical/digital approach to tax stamps and traceability. However, it was emphasised that authorities needed to first consider the problem that required solving before moving ahead with implementing a tax stamp programme.
‘We are aware that AI is getting better, principally because we are generating mountains of data for it to train on,’ commented Francis. ‘While this brings opportunities in the form of being able to more quickly identify illicit activities, there remains a need for robust physical security technologies that are not AI-generated’.
‘There is also the risk that, as we venture forward into this digital age, we open ourselves up to a broader range of attacks. So, we must be armed with the appropriate safeguards... and answers to the challenging questions.’