In Depth

The 5 Myths of RFID

Big pharma's RFID trials aim to keep fake drugs out of your medicine cabinetbut the technology has significant limitations.

By Sarah D. Scalet

May 15, 2007CSO

For well over two years now, every single bottle of OxyContin that's bound for either Wal-Mart, the world's largest retailer, or H.D. Smith, a midsize drug wholesaler, has been slapped with a special label that's hailed as the solution to the world's counterfeit drug problem.

Hidden inside each ordinary-looking label is a radio frequency ID tag that is supposed to allow Purdue Pharma, manufacturer of the controversial painkiller, to track the drug's progress throughout the supply chainregardless of how many pills are poured into how many bottles and stacked into how many cardboard boxes whizzing by on a conveyor belt. The idea is that distributors could quickly scan all their bottles of OxyContin, learn the complete provenance, or "pedigree," of each one, and reject any that could not be traced back to Purdue.

"It's efficient, it's accurate, it does what we want it to do from a security perspective, and it doesn't bog down the distribution system," says Aaron Graham, VP and CSO of Purdue Pharma, adding that the infrastructure investment for the pilot project was $2 million and each tag costs between 30 and 50 cents.

If what Graham is saying sounds familiar, right down to the numbers he cites, that's because he's been saying the same thing for years. Yet even now, he can offer remarkably little detail about how the system has prevented counterfeit OxyContin from being sold. Purdue, after all, has never had a problem with counterfeit OxyContin. What the company has had instead is a problem with stolen and diverted OxyContin, along with pressure from the government to get better control over a highly addictive drug that has received much more media attention for its abuse than its use.

Indeed, Graham acknowledges that the main security advantage of Purdue's RFID system is that investigators can scan a seized bottle or box of OxyContin and pinpoint exactly where it came from. To really stop counterfeit drugs, Graham says, would require a central information clearing­house where every distributor and pharmacy checked and validated the pedigree of every druga far more complex task than tracking one type of drug going to two different outlets, as Purdue is doing.

The need to prevent counterfeit drugs from being introduced into the legitimate supply chain is acute. The World Health Organization has said that counterfeit drugs represent more than 10 percent of global sales, and they are responsible for some thousands of deaths each year. The problem is that decades after RFID technology was invented, and years after the U.S. Food and Drug Administration started touting it as the most promising way to authenticate drugs, RFID technology as an anticounterfeiting technology remains just that: "promising"yet far from proven.

RESOURCE CENTER
Loading...
VIRTUAL CONFERENCE
Data Center Directions Virtual Conference

Data Center VCAttend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.

» Learn more and register here

WHITE PAPER
Maximizing Site Visitor Trust Using Extended Validation SSL

VeriSignNow with Extended Validation (EV) SSL available from VeriSign, you can show your customers that they can trust your site. Learn about EV SSL benefits in the free VeriSign white paper.

» Read the Paper

Featured Sponsors
Sponsored Links

Manage your IT more effectively

Simplify your data center with Juniper Networks. View the webcast

Understanding Data Location is Imperative for Data Loss Prevention

CA's IT Security centralizes your identity management to turn security into a proactive, business-building tool

Any company can promise identity protection. Only Debix can prove it

7 Requirements of Data Loss Prevention

Information Security: Data Drains and How to Prevent Loss

How Are Open Source Development Communities Embracing Security Best Practices?

IDC Defines an Identity and Access Management Submarket

Using Likewise to Comply with PCI Data Security Standard

IDC Defines an Identity and Access Management Submarket for Managing Privileged User Accounts and Meeting GRC Requirements

Everything Today's CISO Needs to Know About Using SSO to Succeed in the Web 2.0 Era

The Case for Business Software Assurance ~ Securing Your Applications

Maximizing Site Visitor Trust Using Extended Validation SSL

Solving Online Credit Fraud Using Device Reputation

Get in Compliance With Government Data Regulations

Efficient - Flexible - Compliant

Enabling Compliance with Converged Mainframe Security and Storage

Taking the Botnet Threat Seriously

Secure your virtual and physical environments with the same software

E-LOAN Maintains Reputation as a Privacy Leader with Symantec

Data Loss Prevention: Keeping Sensitive Data Out of the Wrong Hands

Prudential Financial Protects its Brand with Symantec

Envision Identity-Based Access Control for the Datacenter

Digital Identity Protection and Data Security Get Personal

Welcome to the age of Service-Oriented Security (SOS)

When Customer Relationship is Everything, Businesses Bank on SSL Solutions

Managing SSL Security in Multi-Server Environments

The Latest Advancements in SSL Technology

How to Offer the Strongest SSL Encryption

Forrester Total Economic Impact (TEI) report: Save Millions in Fraud Losses.

5 Steps to Secure Outsourced Application Development