With their ability to store a product's full history, RFID chips promise to solve a variety of retail woes. But some fear that without added security features, they'll divulge the data to anyone with a scanner.
John Johnson joined the DC Velocity team in March 2004. A veteran business journalist, John has over a dozen years of experience covering the supply chain field, including time as chief editor of Warehousing Management. In addition, he has covered the venture capital community and previously was a sports reporter covering professional and collegiate sports in the Boston area. John served as senior editor and chief editor of DC Velocity until April 2008.
For a technology that was expected to quietly transform back room operations, RFID chips are mak ing a surprisingly big splash out in the wider world. They're showing up on credit cards and golf balls. They've been embedded into racers' wrist bands and casino chips. Now RFID tags are about to burst onto the retail scene. In stores in Europe and in pilot stores in the United States, RFID tags have begun to appear on individual pieces of merchandise: books, pairs of jeans, bottles of drugs, DVDs and CDs.
Their appearance on the retail stage caught many by surprise. Until recently, most assumed that RFID tags would remain behind the scenes for several more years— tracking cases and pallets bound for retailers' DCs. Tags were thought to be much too expensive to use for tracking everyday items.
But that hasn't proved to be the case. As businesses began experimenting with RFID, some discovered benefits that easily offset the tags' costs. Pharmaceutical manufacturers, for example, found that sticking an RFID tag on a bottle of Viagra or OxyContin provided a drug "pedigree" that helped weed out counterfeits. Retailers discovered that item-level tagging saved them money by reducing out-of-stocks, deterring shoplifting and cutting the amount of labor needed to manage inventory and handle replenishment.
Though not yet commonplace, item-level tagging is no longer rare. This year, nearly 200 million tags will be attached to individual items, mainly apparel, books and drugs, according to research firm IDTechEx. Starting in 2007, item-level tagging will account for the biggest share of the world's RFID market by value, rising to an $11 billion market for tags and systems (out of a $26 billion total RFID market) in 2016.
The looming explosion in item-level tagging has left many worried about security risks. As long as RFID remained in the back room, communication among tags, readers and networks was relatively easy to secure. But as tags move out into the retail world, some experts fear they'll become the target of threats ranging from eavesdropping and data tampering to viruses.
Data at risk
"When it comes to item-level tagging, security is very, very important," says Kevin Ashton, vice president of marketing at ThingMagic, a Cambridge, Mass.-based vendor of RFID readers, sensors and other technologies. And as he sees it, the current technology, Generation 2, cannot offer that security without significant enhancements. "Gen 2 has done a very good job improving tag readability, and it is much better than Gen 1 in dealing with situations where there are multiple readers. Where it badly needs to be improved is in the area of security ... Gen 2 has a little bit more security than Gen 1, but it's absolutely not enough to give end users or the general public complete confidence in the system."
As item-level tagging takes off, so will the potential for mischief and sabotage. "Our real concern is unauthorized people reading the tags," says Ashton. For example, without additional security in place, retailers could easily obtain data to gauge how well a product—say, a newly launched videogame—is selling at a competitor's store. Unlike bar codes, RFID tags are able to uniquely identify individual items, making it possible to track how a product is selling. Someone with a scanner could walk down a store's aisles and track inventory on a shelf, charting sales of that videogame. "And because it's RFID-based, you can also do it without anybody knowing you are doing it," says Ashton.
Similarly, someone with a grudge against a particular retailer could use a scanner to collect critical sales data and leak it to the press. "If you are a publicly traded company, the last thing you need is a leak that your competitor sold 10 times as many new DVDs as you did," says Ashton. "That's just one scenario of why reader authentication is a good idea."
Those are just two of many possible scenarios. In a white paper posted on ThingMagic's Web site, "Generation 2 Security," Ashton describes other potential threats. For example, there's the possibility that a hacker might use a rogue reader to write new information to a tag (say, changing a price) or even kill the tag. There's also the risk that someone will replace a tag with a rogue tag (a tag from an unauthorized source) or clone tag (an unauthorized copy of a real tag) that transmits false data to a reader.
RFID tags are also vulnerable to data interception via what's known as a side-channel attack. In a side-channel attack (which Ashton likens to wiretapping without the wires), an interloper electronically eavesdrops on RF communications between tags and readers to obtain access to passwords or other confidential data.
Plugging the leaks
Given the variety of security risks, it's clear that the technology's vulnerabilities will have to be addressed before item-level tagging can really take off, says Ashton. That will mean security enhancements at the very least, and possibly the development of a new, Generation 3, protocol.
In his white paper, Ashton describes some security features that could be incorporated into future protocols (as well as some of the challenges they'd present). They include:
Encryption. Storing encrypted serial numbers on tags would boost data security, but it would also raise significant technological challenges of "key" management (that is, distributing and managing the corresponding decryption key). Encryption doesn't eliminate tracking; it simply makes it more difficult. Also, any onboard encryption operations would boost the computational demands on tags— introducing new overhead and boosting the tags' price.
Tagpasswords. Basic RFID tags already have sufficient resources to verify PINs or passwords, which could be a possible solution for protecting data. For example, a tag could be programmed to transmit critical information only if it receives the correct password. However, that raises the question of how to manage the passwords.
Tag pseudonyms. RFID tags would change serial numbers each time they are read, which would eliminate the need to program the tags with passwords. This approach would make unauthorized tag tracking more difficult, but it would also introduce issues of pseudonym management. Ashton predicts that security will be the focus of growing awareness over the next six to 12 months. He adds that if developers start work soon, a new protocol could be ready by 2008 or 2009, just in time for the expected item-level tagging boom.
Not so fast ...
Not everyone agrees that it's time to abandon Gen 2. Executives at EPCglobal, the organization responsible for developing the standards for application of RFID tags and electronic product codes (EPC), consider talk of developing a new Gen 3 technology to be premature.
If the need arises, the agency may decide to consider security enhancements and optional features, says Sue Hutchinson, director of industry development for EPCglobal. But if it does, she says, EPCglobal will build them on the Gen 2 base—that is, develop a Gen 2, Class 2 product—rather than starting over again with a new Gen 3 standard.
Possible security enhancements to Gen 2 include additional password schemes or maybe even some light encryption on top of some of the locking mechanisms that are already in place, says Hutchinson. "We want to make sure we are all responsible users of the technology and that we've done everything we can to safeguard consumers and most importantly to safeguard the relationship that our end users have with the consumer community."
Texas Instruments (TI) is working with EPCglobal to make that happen. TI has endorsed an authentication method for tag data that can be either on- or off-network. According to Joseph Pearson, business development manager for TI's RFID Systems division, EPCglobal has created an EPC item-level serialization scheme for item tags that will serve as an electronic security marker unique to each product, enabling automated track and trace capabilities as well as real-time visibility of the product through the EPCglobal Object Name Service (ONS) network. ONS will act as a "traffic cop" and direct authorized network inquiries to the correct database hosting the desired data.
Theoff-network method enables RFID readers to authenticate the tag through a shared data encryption algorithm. When it comes to tracking a bottle of Viagra, an electronic security marker can be a digital signature generated via a public key infrastructure (PKI) and programmed into the tag's memory. An RFID reader is able to validate the tagged product because the reader is supplied with the appropriate manufacturer public key to authenticate the digital signature. By using a digital signature, a manufacturer's unique "electronic fingerprint" is created and programmed into the RFID tag, which can then be authenticated by an RFID reader without a network.
Concerns about RFID security aren't limited to private industry. The Department of Homeland Security (DHS) issued a report in July calling for increased attention to security issues. Although good physical security controls exist on the RFID systems in use by the government, the report noted, there are still some system security concerns that should be resolved. According to the government, "These security-related concerns, if not addressed, could increase the potential for unauthorized access to DHS resources and data."
RJW Logistics Group, a logistics solutions provider (LSP) for consumer packaged goods (CPG) brands, has received a “strategic investment” from Boston-based private equity firm Berkshire partners, and now plans to drive future innovations and expand its geographic reach, the Woodridge, Illinois-based company said Tuesday.
Terms of the deal were not disclosed, but the company said that CEO Kevin Williamson and other members of RJW management will continue to be “significant investors” in the company, while private equity firm Mason Wells, which invested in RJW in 2019, will maintain a minority investment position.
RJW is an asset-based transportation, logistics, and warehousing provider, operating more than 7.3 million square feet of consolidation warehouse space in the transportation hubs of Chicago and Dallas and employing 1,900 people. RJW says it partners with over 850 CPG brands and delivers to more than 180 retailers nationwide. According to the company, its retail logistics solutions save cost, improve visibility, and achieve industry-leading On-Time, In-Full (OTIF) performance. Those improvements drive increased in-stock rates and sales, benefiting both CPG brands and their retailer partners, the firm says.
"After several years of mitigating inflation, disruption, supply shocks, conflicts, and uncertainty, we are currently in a relative period of calm," John Paitek, vice president, GEP, said in a release. "But it is very much the calm before the coming storm. This report provides procurement and supply chain leaders with a prescriptive guide to weathering the gale force headwinds of protectionism, tariffs, trade wars, regulatory pressures, uncertainty, and the AI revolution that we will face in 2025."
A report from the company released today offers predictions and strategies for the upcoming year, organized into six major predictions in GEP’s “Outlook 2025: Procurement & Supply Chain” report.
Advanced AI agents will play a key role in demand forecasting, risk monitoring, and supply chain optimization, shifting procurement's mandate from tactical to strategic. Companies should invest in the technology now to to streamline processes and enhance decision-making.
Expanded value metrics will drive decisions, as success will be measured by resilience, sustainability, and compliance… not just cost efficiency. Companies should communicate value beyond cost savings to stakeholders, and develop new KPIs.
Increasing regulatory demands will necessitate heightened supply chain transparency and accountability. So companies should strengthen supplier audits, adopt ESG tracking tools, and integrate compliance into strategic procurement decisions.
Widening tariffs and trade restrictions will force companies to reassess total cost of ownership (TCO) metrics to include geopolitical and environmental risks, as nearshoring and friendshoring attempt to balance resilience with cost.
Rising energy costs and regulatory demands will accelerate the shift to sustainable operations, pushing companies to invest in renewable energy and redesign supply chains to align with ESG commitments.
New tariffs could drive prices higher, just as inflation has come under control and interest rates are returning to near-zero levels. That means companies must continue to secure cost savings as their primary responsibility.
The move delivers on its August announcement of a fleet renewal plan that will allow the company to proceed on its path to decarbonization, according to a statement from Anda Cristescu, Head of Chartering & Newbuilding at Maersk.
The first vessels will be delivered in 2028, and the last delivery will take place in 2030, enabling a total capacity to haul 300,000 twenty foot equivalent units (TEU) using lower emissions fuel. The new vessels will be built in sizes from 9,000 to 17,000 TEU each, allowing them to fill various roles and functions within the company’s future network.
In the meantime, the company will also proceed with its plan to charter a range of methanol and liquified gas dual-fuel vessels totaling 500,000 TEU capacity, replacing existing capacity. Maersk has now finalized these charter contracts across several tonnage providers, the company said.
The shipyards now contracted to build the vessels are: Yangzijiang Shipbuilding and New Times Shipbuilding—both in China—and Hanwha Ocean in South Korea.
Specifically, 48% of respondents identified rising tariffs and trade barriers as their top concern, followed by supply chain disruptions at 45% and geopolitical instability at 41%. Moreover, tariffs and trade barriers ranked as the priority issue regardless of company size, as respondents at companies with less than 250 employees, 251-500, 501-1,000, 1,001-50,000 and 50,000+ employees all cited it as the most significant issue they are currently facing.
“Evolving tariffs and trade policies are one of a number of complex issues requiring organizations to build more resilience into their supply chains through compliance, technology and strategic planning,” Jackson Wood, Director, Industry Strategy at Descartes, said in a release. “With the potential for the incoming U.S. administration to impose new and additional tariffs on a wide variety of goods and countries of origin, U.S. importers may need to significantly re-engineer their sourcing strategies to mitigate potentially higher costs.”
A measure of business conditions for shippers improved in September due to lower fuel costs, looser trucking capacity, and lower freight rates, but the freight transportation forecasting firm FTR still expects readings to be weaker and closer to neutral through its two-year forecast period.
Bloomington, Indiana-based FTR is maintaining its stance that trucking conditions will improve, even though its Shippers Conditions Index (SCI) improved in September to 4.6 from a 2.9 reading in August, reaching its strongest level of the year.
“The fact that September’s index is the strongest since last December is not a sign that shippers’ market conditions are steadily improving,” Avery Vise, FTR’s vice president of trucking, said in a release.
“September and May were modest outliers this year in a market that is at least becoming more balanced. We expect that trend to continue and for SCI readings to be mostly negative to neutral in 2025 and 2026. However, markets in transition tend to be volatile, so further outliers are likely and possibly in both directions. The supply chain implications of tariffs are a wild card for 2025 especially,” he said.
The SCI tracks the changes representing four major conditions in the U.S. full-load freight market: freight demand, freight rates, fleet capacity, and fuel price. Combined into a single index, a positive score represents good, optimistic conditions, while a negative score represents bad, pessimistic conditions.