Home » Business Continuity » Supply Chain

The 5 Myths of RFID

Big pharma's RFID trials aim to keep fake drugs out of your medicine cabinetbut the technology has significant limitations.

Even as companies like Purdue continue to test the use of RFIDs, it remains unclear whether the technology can ever live up to its promisesnot only in the pharmaceutical industry, which is at the leading edge of testing this much-hyped technology, but also anywhere else. The reasons why go far beyond the technology, standards and privacy issues that are most often raised, and into the very nature of what RFID simply is and isn't, and what it will or won't ever be able to deliver to any anticounterfeiting program.

"We see this in other areas of security," says Roger Johnston, team leader of the Vulnerability Assessment Team at Los Alamos National Laboratory, who has done extensive research on RFID technology and concluded that it may not offer any better security than ordinary bar codes. "Providing good security is a tough challenge, and people are looking for silver bullets," he says. "The problem is that if you simply take an RF tag, slap it on and think somehow it'll magically provide security, you'd be quite mistaken."

Why? Here are five reasons. Behind each myth, as you'll see, is a much smaller dose of reality.

1. RFID tags are anticounterfeiting devices.

Call up most pharmaceutical companies and ask to speak with the group most involved in testing RFID technology, and chances are good the security department will not answer the phone. Consider the RFID efforts currently under way at the country's three largest drug wholesalers. At McKesson, the RFID initiative falls under the pharmaceutical distribution business. At AmerisourceBergen, the point person is in "integrated solutions," which encompasses the testing and implementation of new technologies. And at Cardinal Health, the task falls to healthcare supply chain services, which is part of operations. That's because an RFID tag is first and foremost a tracking device, not a security one.

Even the manufacturers of the RFID tags themselves, Johnston likes to grouse, are not security companies. "They're made by semiconductor companies for inventory purposes," he says.

True, an RFID tag has potential as a security device, when it's incorporated into a larger scheme. But it's not an anticounterfeiting device in the way that, say, a hologram label is supposed to be. An RF reader cannot simply read information on an RF tageven an encrypted oneand provide its owner assurance that the product is authentic. RFID technology is either a way of facilitating the documentation required to create a drug's electronic pedigree (the record of a drug's journey through the supply chain), or a component of a much more complicated system known as track and trace, which involves communication with the drug's source, or someone who knows it. Which brings us to point number two.