CHICAGO--Wal-Mart's suppliers still can't read tags on shipping containers carrying baby wipes. That's one reason Wal-Mart is backing off from its January 2005 deadline for the companies to place the tags on their containers and palettes.
The suppliers, including Procter & Gamble, Campbell Soup Co. and Kimberly-Clark, are now redesigning some of their packaging so the tags can work with fluids and other products that block radio signals.
But the suppliers have another unresolved problem: securing the data they gather from RFID readers.
Meeting this week at a conference about RFID for supply chain managers and IT professionals, Wal-Mart's suppliers conceded that they don't know whether hackers will be able to meddle with their radio tag data. The data gathered by RFID tag readers will be tempting to corporate snoops hoping to peek inside their competitors' warehouses.
RFID, an acronym for radio frequency identification, is expected to replace bar code labels on consumer goods in the supply chain over the next decade. The data gathered from RFID readers will allow companies to track each individual shampoo bottle or packet of razor blades, from the factory floor to so-called smart shelves in stores.
Hackers may try to access RFID-derived data with their own readers, or attempt to tap into XML databases containing item and manufacturer data, said some at the meeting, RFID Journal Live, in Chicago.
"Frankly, we haven't done a good job of defining the problem," said Mike O'Shea, director of corporate Auto-ID and RFID strategies and technologies at Kimberly-Clark. "We need to define the security requirements."
Security protocols protecting RFID data in the supply chain will come from EPCGlobal, the industry group which governs the RFID standards and policies companies will use to track consumer goods.
Kimberly-Clark is a member of EPCGlobal.
Many agree that the data from RFID tags, which will uniquely identify crates, palettes and individual items, will be meaningless unless they are matched with other data.
But EPCGlobal is pushing a plan to tie EPC codes to particular manufacturers and products, through a centrally-located Object Naming Service (ONS).
"This raises a few questions that still need to be worked out," said David Church, a consultant for BearingPoint Inc., a Los Angeles consultancy, which is also a member of EPCGlobal. "Who would own that data? Where would it reside? How would access to that data be governed?"
Companies risk exposure where they gather data from RFID readers, including the XML databases many vendors are selling as middleware that will bridge readers and warehouse management systems.
"As things become electronic and connected," said Dadong Wan, a researcher at Accenture Technology Labs in Chicago, "organizations will be need to be more vigilant making sure that only authorized individuals can access certain data."