Tuesday, 28 March 2017

The new £1 coin

The new £1 coin comes out today!

It has a lot of nice security features, making it hard to copy. Obviously not impossible to copy, but that is not what is needed. What is needed is something that it is not economical to copy.

All but one of these "features" are explained. They are quite clever, from micro writing to a lenticular feature that appears too change an image depending on the angle (described as "like a hologram").

But there has always been listed this one "special" security feature to make forgeries detectable.

The problem is that it appears to be "secret".

This is bad!

Firstly, it is a concern that they have to keep it secret. That suggests that if it was not secret then a forger could reproduce it. That makes it "security by obscurity" which never works. If a forger could not reproduce it even if they knew the secret, then why keep it a secret?

Secondly, how is anyone supposed to check the coin is not forged if they do not know what this secret security feature is. It may as well not be there if people cannot actually test it.

Thirdly, assuming some people get to know the secret so they can check it, that means the secret has to be distributed to a lot of people, even if it is "only banks", and so that means the secret will definitely get out.

Who thought any sort of "secret" security feature could possibly be a good idea?!?

And as if to prove a point: The secret is out!

http://www.telegraph.co.uk/news/2017/03/28/revealed-new-1-coins-hidden-security-feature-works/

19 comments:

  1. Maybe the secret security feature doesn't actually exist and it's just to try and scare less determined people into not even trying to forge the coins in the first place.

    ReplyDelete
  2. Maybe there *is* no secret. Maybe they're simply saying that to send potential forgers on a wild goose chase trying to figure out what the non-existent secret is.

    ReplyDelete
  3. The secret only has to be known to the mint and the people who make counterfeit-detection machines for the banks. The banks themselves don't need to know how the machines work.

    The EURion constellation (a pattern of five dots on banknotes that make color photocopiers refuse to copy the banknote) lasted about 6 years between first use and being figured out, and that was much easier to figure out because many generally-available copiers and printers had the detection code.

    Presumably the idea is that the publicly-known security features are good enough for people to decide whether to accept the coin. If someone manages to forge a pound coin including all the known security features, then the banks will detect this (since their coin checkers will detect this) and an investigation can be launched to try to catch the forgers.

    ReplyDelete
  4. A secret security feature is absolutely a good idea in this situation, for a couple of reasons.

    Firstly, by telling forgers there are secret security features it generates FUD that they are being tracked because they don't know if their work is immediately flagging the place they're spending when they're cashed in.

    Secondly, it allows for incremental roll-out of security features to end-user detection systems in future, once counterfeiters have mastered existing features. This allows the mint to make assertions about the coins that they know won't reject real coins from previous mintings. They can already roll out additional checks that will block forgeries by analysis of real and fake coins, but this significantly reduces the rate at which real coins are misidentified as forgeries.

    Security-by-obscurity is only a bad thing if it's the only security. Having additional security that isn't explicitly described to the public is defence in depth.

    ReplyDelete
  5. A problem with a secret feature is that people can accept coins in good faith having done all possible checks that are available to them, only to find themselves out of pocket when the bank refuses them.

    One good way of reducing forgery is to have just one damn design per coin, so that at least people know what the things are supposed to look like.

    ReplyDelete
    Replies
    1. I'll second that - a hidden security device can only protect banks (assuming they have detectors) and the counterfeiters themselves. Let's say I have no idea what this feature is, but forge a whole load of coins which look right. I palm them off to all and sundry a few at a time - they get into circulation and moved about to the point where nobody knows where they came from. Then Old Mrs Smith takes her collection of a hundred into the bank only to be told that chunk of them are worthless and that they're being confiscated. Who loses? Old Mrs Smith. Who wins? Me and the banks.

      Delete
    2. Given 3% of £1 coins are counterfeit at the moment, how is this any different? People aren't refusing easily identified forgeries, preparing a detector that can find hard-to-identify forgeries is just futureproofing.

      Delete
    3. The difference is that, at the moment, short of going through them one by one, banks don't check whether they're counterfeit or not and old Mrs Smith isn't diddled out of what should be hers!

      Delete
    4. Do you have a source for the claim that banks currently do not check for forgeries? I think your premise that the as-yet private security feature is going to cost little old ladies money is very far-fetched. Again, current forgeries are easy to identify, but nobody bothers. There's no reason to expect that forgers will suddenly up their game to make coins that are indistinguishable to the public but easily identifiable to banks.

      Also, if the banks were immediately accepting or rejecting coins that fail this test, you've opened an oracle to forgers, letting them break that security a lot more easily.

      Finally, if your nightmare scenario did actually happen, people would just stop accepting £1 coins, like they did old £50's. Old Mrs Smith would hear down the bingo that there's lots of forgeries and get 50ps or £2 coins whenever she went to the shop. Given the huge amount that's been spent on the programme, rejecting forgeries that the public has no way of identifying and causing the coin to get shunned by everyone makes no economic sense.

      Delete
    5. They are even saying that vending machine manufacturers won't be able to use the new feature... Oddly they say it may glow under UV but the frequency is a secret, well, that will take 5 minutes with the right kit to find the frequency so again why the hell make that secret. As for the code it shows - how hard will be that to copy. Bear in mind the copy does not have to be durable, just a coating, so it lasts long enough not to be able to trace to source.

      Delete
  6. Why do the say encryption needs to have a back door and the security feature is 'secret'. Are the two not intertwined?

    ReplyDelete
  7. Do we know that the banks will very able to use this feature? I had assumed that the "secret" feature was secret to everybody. This way it could be openly shared a few years down the line and cause a drop in forgery akin to a new minting, while forgers figured out how to duplicate it, at little to no cost to the mint.

    ReplyDelete
  8. I think it was totally a marketing exercise, designed to titillate the secret spy fan in us, grab tabloid headlines, and get people talking about the coin, as you've done.

    ReplyDelete
  9. Assuming the forgery looks right, regardless of security features, the only group likely to get stung (apart from poor old Mrs Smith) is retailers when banking their surplus cash. That's assuming the banks have the special equipment. Even if shops got hold of an ultraviolet detection machine, how practical would it be to test every single coin at the point of sale? Come to that, how practical would it be for a bank to test, say, a bag of a hundred pound coins being banked by a retailer? Queues at shops and banks would become unmanageable. I'm assuming these machines need to test each coin individually, of course.

    ReplyDelete
  10. Maybe they want to keep it secret to stop other mints using the same feature without paying a licensing fee.

    ReplyDelete
  11. "Who thought any sort of "secret" security feature could possibly be a good idea?!?" This is much too simplistic view of what's going on and, as is sadly common around here, insults the intelligence and experience of the people who design these things.

    With a modern note/coin, there are a (large) number of security features. At the launch of the item, some are publicised widely, some are discretely shared with the people whose business is checking notes/coins, and some are not revealed at all.

    As forgers start to produce items which can no longer be distinguished using the publicly known features, further features are revealed to allow real and fake items to be distinguished.

    This goes on gradually until the list of un-revealed, un-forged features has dwindled. At that point it's time to start to work on a new note/coin.

    Nobody is trying to create something which cannot ever be forged, which they can then publicise completely (cf an encryption algorithm) - they're trying to delay the inevitable process and shrink the pool of people who can participate it.

    ReplyDelete
  12. How long before someone finds just the right UV light frequency and shares the code...

    That said, having the code doesn't sound like it's going to help in the forgery much as reproducing it must be very difficult

    ReplyDelete
  13. These are called "level 3 features" in the banknote world. While they are a closely guarded secret, the Dutch national bank has shared the details of two of them, AQUS and ISARD, in this paper: https://www.dnb.nl/binaries/Design%20methodology_tcm46-145687.pdf

    It's good reading for anyone interested in this. ISARD in particular is very interesting.

    ReplyDelete
  14. http://newsthump.com/2017/03/28/hidden-feature-of-new-pound-coin-revealed-to-be-that-its-now-only-worth-82p/

    This makes sense, as it's worth less, there is less profit to be made from copying it. If your production cost on your copies was 83p, you'll now be producing it at a loss!

    ReplyDelete