Inexto’s Counterfeiting Problem for Taxes and Customs

Background on Inexto

Inexto, a serialization and tracking took originally developed by big tobacco and recently sold in in order to try and convince the Health Commission that it is a viable tool within the WHO FCTC framework, claims to do many things. Below are some screenshots from recent branding material they are pushing online.

I have covered extensively in the past what many of the well known flaws of Inexto. It is important to note here that these flaws date back to when Inexto was called Codentify and under direct and blatant control of big tobacco. As far as we know these issues still exist in Inexto, perhaps because they are convenient for their primary client and overlord, big tobacco.

Looking to Codentify’s flaws

I’ll remind you how Inextos product authentication works via an excerpt from this blog post of mine from May 2015:
Let’s suppose your cigarette tastes funny and you want to confirm they are an authentic product and not counterfeit. You can submit the Codentify 12-digit code printed on the pack via SMS / Call to the hotline or use their mobile app. The system then checks if your code has been verified before. If it has not then the system will derive what factory the pack came from, that is it! The system can easily produce a false positive. It has no way of confirming that my cigarette is genuine only that the code number has never been checked before. On the other hand it can also produce a false negative. Let’s say someone has already received confirmation that their code is genuine on a counterfeit pack and I then check the code on my real pack, the system will respond by telling me mine is in fact the fraudulent pack as the code was already submitted by someone else.
This procedure might be sufficient to catch counterfeiters that copy a single code to a large amount of packages, so that if for example there are thousands of packs with the same code, it would be checked more than once, and therefore mark it as suspicious product.
Although, if a counterfeiter copies let’s say a thousand codes only once or twice, the probability the same pack would be checked twice decreases significantly, and the probability it would be checked enough times to raise a flag and get someone to investigate it drops nearly to zero.

Why Inexto is bad for customs

For both customs and tax officials, as well as the general EU populous whom they serve, this should raise extreme concerns. There is a known and easily overlooked flaw here that could allow counterfeiters or rouge factory personnel produce many hundreds of single or double copies of individual codes and the chances that we could catch them in the act is minimal.

What contributes to this further is the fact that there is no central database which stores codes and so there is no central way of even verifying if a code was printed more than once. My sources have indicated that big tobacco highlights this feature as a positive aspect because there is no database to hack and steal codes. The problem is you don’t even need to hack a database to create duplicates, you can simply produce a duplicate on the spot or replicate a genuine code after the fact and you will likely not be caught.

The potential in lost tax revenue here is huge. Inexto will completely revolutionize the counterfeiting industry and not in Europe’s favor.


Thanks Samantha for contributing to this article.