By John Wolfe · CEO, NovaVera · April 2026 · 6 min read
Download the PDFA framework for evaluating authentication
There are two questions worth asking about any authentication technology.
- Can it be replicated?
- Is it being replicated right now, on the open market?
Evidence 01 · Holograms
Sold by the roll. Customized in a week.
Custom security holograms with QR codes, tamper-evident "VOID" patterns, and logo lockups are sold openly on industrial marketplaces, to anyone with a credit card. They are the same product category that brands buy to put on their own packaging.
Source: Alibaba security hologram listings, verified Apr 2026
Evidence 02 · Serialized QR Codes
A real serial number on a fake product still scans.
A serialized QR is just printed ink. Photograph a real one, reprint it on a counterfeit, and the scanner reads valid, because the database confirms the serial exists, not that this physical box is the one that exists.
Sources: Pharmaceutical Security Institute, 2024 incident trends; arXiv 2404.07831 on protected QR
Evidence 03 · Phosphor Security Inks
"Anti-counterfeit" phosphor sold by the gram.
Upconversion phosphors marketed for security applications (IR-excited, visible-emission) are wholesale commodities. Once a counterfeiter knows the wavelength your reader checks, they can buy compatible chemistry off-the-shelf and approximate the signature.
Source: Alibaba anti-counterfeiting phosphor listings, verified Apr 2026
Evidence 04 · RFID + NFC Tags
The chip is genuine. The product isn't.
Encrypted NFC chips raise the cost of cloning at the chip level. But the chip is still attached to packaging, and packaging gets peeled from genuine units and re-applied to fakes. The reader confirms the chip. Nothing confirms the contents.
Source: NXP NTAG 424 DNA datasheet; industry literature on chip-to-product separation
The Pattern
Anything applied is anything replicated.
If a security feature can be bought, copied, or transferred, it sits on top of the product, not inside it.
The Alternative
Embedded markers sit inside the material.
An embedded marker is incorporated into the substrate during manufacturing. Into the ink. Into the fiber. Into the plastic, film, or coating. There is no surface to peel, no label to swap, no chip to transfer, because there is no separate component.
- Nothing on top. Nothing to peel.
- Nothing visible. Nothing to copy.
- Nothing separable. Nothing to transfer.
Engineering Reference
How embedded authentication is implemented in practice.
Sub-micron crystal taggants are dispersed into the substrate during manufacturing: into ink, fiber, polymer, or coating. They are not a layer applied on top of the product. They are part of the product. Field and lab readers detect them at parts-per-million to parts-per-trillion sensitivity, returning a quantitative signal rather than a visual yes-or-no.
Three things to take from this
What this brief tried to make visible.
- The most common authentication technologies (holograms, serialized QR, security phosphors, RFID) can be replicated.
- Replication isn't theoretical. It's an active marketplace, often on the same wholesale platforms as the products being protected.
- A feature that can be peeled, copied, or transferred sits on the product. A feature that cannot is part of the product.
References
Alibaba security hologram listings, verified Apr 2026 · Pharmaceutical Security Institute, 2024 incident trends · arXiv 2404.07831 on protected QR · Alibaba anti-counterfeiting phosphor listings, verified Apr 2026 · NXP NTAG 424 DNA datasheet