With video cameras and undercover security guards providing some level of deterrence, will the cost benefit from slowing down the lanes be worth it? It seems unlikely until, regrettably, the growing incidence of fraud gets high enough to flip the ROI (return on investment) equation. "If the employee was measured on making those kinds of checks, it would be different. Are they even being rewarded for catching these kinds of things?" asks Bob Goodman, who tracks physical and IT security issues for The Yankee Group. "It seems to me to be a people issue primarily and a technology issue secondarily." The evitable question prompted by a case such as this is, "If thieves can replicate todays bar codes, cant we make bar codes that are much more difficult to replicate?" From a technology standpoint, the answer is "absolutely."Many such devices exist today—such as 2-D barcodes, covert ink and product-level RFID chips—but this gets back to the ROI question. How much more can a retailer justify spending on a low-priced—and razor-thin-margined—item?To read more about practical and technological hurdles that RFID faces in 2005, click here. The RFID argument is especially thin. First, those chips wont be ready to be widely deployed for several years. Secondly, their expected cost will likely make them not practical for low-priced items, and that is precisely where thieves will steal the bar codes from. But theyre not stealing the low-cost item, just its bar code. So, the rationale of RFID-tagging only the more expensive items—and leaving the other goods to be bar code-readable—is based on the premise that someone couldnt grab a $300 dehumidifier and slap a $2 stapler bar code on top of it. Clearly, the Wal-Mart case challenges that premise. But wait, you say. If the RFID tag is on the larger item, wouldnt that allow the scanning/reading device to identify it, regardless of whether someone has slapped a false bar code on top? With most RFID installations, the chip must be easily deactivated so the customer can leave the store without triggering alarms. There are relatively low-cost products today that fit on a PDA and can instantly deactivate an RFID tag, said Chase-Pitkins Dorsey. What happens when the RFID tag is deactivated? You guessed it: It defaults to the bar code that is already on the product. "Its already inherent in the whole supply-chain system. That would be the backup or fallback," Dorsey said. Its necessary because there will be faulty tags from time to time. In other words, even if retailers suddenly moved to item-level RFID tagging tomorrow, all that a theft ring would need to do is pull a PDA out of their pocket (they can pretend to be making a Treo phone call), deactivate the tag RFID, and theyre back in the bar-code world. So, thats not really going to resolve the problem. Its like the ill-fated Star Wars missile defense shield. It doesnt work yet, and by the time it does work, our enemies will have created better missiles. Technology marches on for everyone, good guys and bad guys alike. Next Page: The real fraud threat is giving the wrong incentives.