Two forces are pushing Indian brands toward anti-counterfeiting technology at the same time. The threat side: illicit trade across five key industries was estimated at ₹7.97 lakh crore in 2022-23 (FICCI CASCADE / TARI). The compliance side: India's Schedule H2 QR mandate already covers the top-300 drug brands and expands through 2027-28, while global retail moves to 2D barcodes at point of sale under GS1's Sunrise 2027 programme. The vendor landscape has grown accordingly — and the products differ far more than their brochures suggest. This guide is the evaluation framework we wish every buyer had.
Start with the problem, not the technology
"Counterfeiting" is four distinct problems, and features that solve one do little for another:
- Outright counterfeits — fake units in copied packaging. You need per-unit verification consumers can run, and clone detection behind it.
- Refill and relabel fraud — genuine empties refilled at retail (liquor, lubricants, cement). You need tamper-evident code placement and scan-lifecycle rules (a code scanned as "consumed" cannot pass again).
- Grey-market diversion — genuine product sold in the wrong region or channel. You need scan-geography analytics against distribution data, not just pass/fail verification.
- Warranty fraud — fake or duplicated proofs of purchase. You need serialized warranty registration bound to the unit's identity.
Rank these for your own portfolio before any demo. Vendor conversations get dramatically shorter when you can say which of the four you are buying against.
Know the technology options
The main families, briefly: holograms deter casual copying but are now widely imitated and verify nothing digitally; security inks and films raise the counterfeiter's cost but require controlled material supply chains and trained inspection; NFC/RFID gives strong per-unit identity at a meaningful per-tag cost, best where unit value justifies it; serialized QR gives every unit a unique, cryptographically signed digital identity at printed-label cost, verifiable by any phone. Most modern programmes anchor on serialized QR and add other layers where the category demands it. We've published a detailed QR vs holograms vs RFID comparison.
The ten questions to ask every vendor
- Is every unit serialized? Batch-level codes cannot detect cloning or support unit recalls.
- Are codes cryptographically signed, or just random? Random codes depend entirely on database secrecy; signed codes fail verification even if the format is guessed.
- How is a cloned code detected? Ask for the actual signals: scan velocity, impossible travel, geographic spread, lifecycle state.
- Do you support GS1 Digital Link? One code that scans at retail POS and verifies for the consumer — and keeps you ready for Sunrise 2027.
- Does verification need an app? App-required flows collapse consumer scan rates. Camera-and-browser should be the default.
- How do we integrate? ERP/API access for provisioning identities, importing print runs and streaming scan events — not just a dashboard.
- How is our data isolated? Multi-tenant platforms should isolate tenants at the database layer, not only in application code.
- Is the audit trail tamper-evident? For regulated categories, editable logs fail inspection. Hash-chained records prove nothing was altered.
- What does a recall look like? Minutes or days? Can you identify affected units by state — dispensed, in transit, on shelf — and flag them all at once?
- What is the pricing model — and the exit? Understand platform fee vs per-code vs scan-volume components, and confirm you can export your identities and scan history if you leave.
Red flags
- Claims of "unclonable" or "100% counterfeit-proof" codes — a printed code can always be photographed; the honest claim is detectable cloning.
- Proprietary code formats with no standards path (GS1, EPCIS) — quiet lock-in.
- No clone-detection story beyond "each code is unique".
- Verification that requires the consumer to install an app or create an account.
- No data-export commitment in the contract.
Understand the cost model
Serialized-QR programmes in this category are typically quoted, not list-priced, because volume, industries and integrations vary so much. Expect some combination of a platform fee, per-code generation pricing and usage components, plus one-time print-integration work on your side. The practical advice: price a realistic annual volume, not a launch batch, and get the overage rates in writing. (Qrynto's pricing works the same way — scoped to your products and volumes.)
Run a pilot that proves something
Pick one SKU and one production batch. Define success before you start: scan rate you can act on, at least one clone/diversion signal surfaced, print workflow that didn't slow the line, and distributor acceptance. Sixty days is usually enough to know. A pilot that only proves "codes printed fine" has not tested the part you are actually buying.
Frequently asked questions
Will a QR code spoil premium packaging design?
Codes now go down to small formats and integrate into label artwork; GS1 Digital Link also lets one code replace the separate barcode + marketing QR clutter, which usually leaves packs cleaner than before.
What consumer scan rate should we expect?
It varies widely by category and by how much reason you give consumers to scan — warranty registration, authenticity assurance on high-risk categories and loyalty hooks all move it. Be sceptical of vendors quoting universal benchmarks.
Do we need a GS1 membership?
For GTIN-based codes (retail POS scanning, Sunrise 2027), yes — GTINs come from GS1. Serialized verification can also run on native code formats without it; the right answer is usually both, per product line.



