Development of a product-counterfeiting incident cluster tool

There is growing awareness of the increasing scope, scale, and threat of product counterfeiting. Awareness is also growing for the drafting of countermeasures that specifically address deceptive and non-deceptive counterfeiting. This research developed a method and tool to help review, understand, and cluster product-counterfeiting incidents. The intent is to assist brand owners and government agencies select effective countermeasures. The research builds upon earlier work that developed a typology of product counterfeiters, counterfeiting and offender groups, which is used here to create an original tool to organize and cluster the incidents. While incident data is often confidential or classified, several methods were used to access open-source information in order to apply the tool. First, a set of examples was selected from the literature to demonstrate the tool in principle. Second, in order to examine a complete data set of counterfeiting incidents, the open-source cases of the U.S. National Intellectual Property Rights Center were gathered, reviewed, coded, and analyzed to demonstrate the application of the tool. A Product-Counterfeiting Incident Cluster Tool was developed which is consistent with Routine Activity Theory and Situational Crime Prevention and is intended to identify efficient and effective countermeasures. It is important to establish the type of fraud and the fraudster when developing anti-counterfeit strategies. The insight gained from assessing the specific product-counterfeiting incidents will assist in the profiling and selection of effective industry and government countermeasures. The scientific basis for understanding product counterfeiting is broadened by applying the outlined concepts and describing incidences through the clustering tool.


Introduction
There is limited research on product counterfeiting though there is growing activity in the literature and through conference presentations and other events. Previous research has provided summaries of prosecution, the cost or public health impact of incidents, or considered broader fraud, business fraud, and product fraud concepts. There has been very limited, if any, research on applying current crime science theory to productcounterfeiting prevention. This research was conducted to support counterfeit prevention and assist in the selection of effective and efficient countermeasures.
In order to address the growing global problem of product counterfeiting, we previously created a theoretical foundation that included the development of a typology for counterfeiters, types of counterfeiting, and offender organizations (Spink et al. 2013). With a productcounterfeiting typology established, this research expands on intelligence gathering of the counterfeiting incidents with the aim of developing a product-counterfeiting incident cluster tool intended to help organize product counterfeit incidents.

Background
Product counterfeiting is growing in scope, scale, and threat (US Food and Drug Administration [FDA] 2006, 2010 2007, World Health Organization [WHO] 2007, Organization for Economic Co-operation and Development [OECD] 2007, INTERPOL 2007. Product counterfeiting is a major source of funding for criminal organizations and there is evidence that it has funded terrorist activities. The exact estimates of the impact of product counterfeiting are elusive and considered by some to be unknowable (Spink and Fejes 2012). There is a general estimate that 7 to 10 percent of all world trade is fraudulent to some degree, which would equate to over $1 trillion (Counterfeiting Intelligence Bureau [CIB] 1997[CIB] , 2007. What is often surprising is that only 5 to 10 percent of the counterfeit products are luxury goods (Phillips 2005). In addition, the public health vulnerability or threat of counterfeit products is diverse and wide-spread. Examples include lethal doses of melamine in milk, carcinogenic additives in sauces, medicine with no active ingredients or toxic levels of the correct ingredient, substandard counterfeit aircraft parts, and household appliances that catch fire (Hopkins et al. 2003).
Several basic crime science concepts are important to understanding the threat and the selection of countermeasures. Routine Activity Theory (RAT) and Situational Crime Prevention are pertinent to product counterfeiting (Clarke 1980(Clarke , 1997(Clarke , 2004Eck 1993, Eck andLiu 2008;Felson M., 1998, Felson andClarke 1997;Heinonen JA 2010). RAT identifies the elements that must converge in space and time in order to make crime possible (Cohen and Felson 1979). The 'chemistry of crime' and the 'crime triangle' model the elements of a motivated offender, a suitable victim, and the lack of a capable guardian (for applications to product fraud, among others, see Spink & Moyer 2011a. Counterfeiting prevention requires the manipulation of one or more of these elements in order to reduce the potential for product counterfeiting. The synthesis of these theories will be discussed in more detail later related to the development of the clustering tool. There is precedence in the field of crime science for developing typologies (Spink et al. 2013). A typology furthers crime prevention by defining common terms and concepts including the types of counterfeiters, counterfeiting, and offender groups that will help in the selection of countermeasures. There are a range of countermeasures that include management, market monitoring, supply chain integrity, and product protection (Spink 2012b). Product Protection includes traceability and other security features such as electronic article surveillance, authentication, and tamper-resistant packaging. The optimal selection is based on addressing specific fraud opportunities of specific types of counterfeiting, counterfeiters, and offender organizations.

Types of counterfeiters
Researchers have defined many criminals by their activities and their organizational infrastructure. Our previous research, which identified the types of criminals that were associated with product-counterfeiting incidents ranging from recreational to professional, are defined in Table 1 (Spink and Moyer 2011b;Spink et al. 2013).

Types of counterfeiting
The different types of counterfeiting, ranging from adulteration to counterfeit (IPR), are defined in Table 2. The term 'counterfeit' has several definitions based on case law or description of incidents. In the broad sense the term counterfeit can cover most types of product fraud. In other applications counterfeit is narrowly defined as intellectual property rights (IPR or IP) infringement, which for products or material goods would include a trademark, patent, or copyright.
It is important to note that the concepts are often more generally referred to as fraud since in many situations the incidents are not a violation of intellectual property rights laws or not technically the violation of a criminal statute (Spink et al. 2013). Considering fraud as the threat is a holistic and all-encompassing concept. There is precedence to using the term fraud, and fraudster, by the US Food and Drug Administration, World Health Organization, International Standards Organization, and others. To be consistent with the general use of terms, the core incident is referred to as the 'fraud opportunity'. Note: Although previously included by the authors in previous research and publications, the 'Ideological' type was removed since the motivation is not economic gain. The ideological type included anarchists, terrorists, disgruntled employees, and others who are trying to physically, economically, or emotionally harm a person or entity.

Types of offender organizations
Lastly, the types of offender organizations are defined in Table 3. A key differentiator is a member and a supporter ((US Federal Bureau of Investigation [FBI] 2011) in (US National Intellectual Property Rights Center [IPR Center] 2011c)). A member may have known ties to a larger criminal organization but is acting separately for the operation of the fraud. (For example, a member of a gang may be producing and selling counterfeit products with or without this being a formal activity of the gang.) A supporter may agree with the ideology of a group, but does not participate in their group activities, and provides some type of product or service such as funding. (For example, a supporter of a terrorist organization may be producing and selling counterfeit products and then donating some of the proceeds to that terrorist organization).

Deceptive and non-deceptive counterfeits
Another key attribute is the identification of deceptive or non-deceptive counterfeit products. Deceptive products are intended to deceive the consumer into believing they are purchasing genuine product (OECD 2007). Non-deceptive products are not intended to deceive consumersin many instances products are promoted as 'fakes' , 'knock-offs' , or 'counterfeits'. When selecting countermeasures, it is important to understand the difference and to know whether consumers are seeking genuine or counterfeit product since this will affect the Table 2 Types of counterfeiting (Adapted from [Spink 2007[Spink , 2009b)

Term Definition
Adulteration A component of the legitimate finished product is fraudulent.

Tamper
Legitimate product and package are used in a fraudulent way.
Over-run Legitimate product is made in excess of production agreements.

Theft
Legitimate product is stolen and passed off as legitimately procured.

Diversion
The sale or distribution of legitimate product outside of intended markets.

Simulation
Illegitimate product is designed to look like but not exactly copy the legitimate product.
Counterfeit (IPR) All aspects of the fraudulent product and package are fully replicated, specifically intellectual property rights infringement of violating trademark, patent, and copyright laws.
Note: In each case, fraudsters may not be following the regulatory definitions of Good Manufacturing Practices (GMPs), Good Agricultural Practices (GAPs), or Good Hygiene Practices (GHPs). Table 3 Specific definitions of counterfeiting and piracy groups (IPR Center 2011c) Individual/Small Groups: "Although there are IPR cases involving solo or small groups of individuals who operate out of their homes, garages, or small storage facilities, there is little reporting and no actual analysis of the relative importance of such operators to the threat. … This lack of reporting and analysis may be a reflection of the fact that individuals and small operations are a less attractive target for law enforcement than larger enterprises engaging in more significant infringing activity or also committing other more serious offenses."

General Criminal Enterprises (Members):
An example used to identify this group is "an Asian criminal enterprise of 30 defendants charged with smuggling into the United States counterfeit cigarettes worth approximately $40 million and other counterfeit goods, including pharmaceuticals worth several hundred thousand dollars." Organized Crime Members (Members): "Organized crime groups are a specialized subset of criminal enterprises that maintain their position through the use of actual or threatened violence, corrupt public officials, graft, or extortion. For example, members of the Lim Organization, an Asian organized crime group in New York, trafficked in counterfeit goods and were charged with attempted murder and conspiracy to commit murder." A challenge of deterring this group is their use of violence and the risk of retaliation to a company or investigators (e.g., violence or sabotage).

Terrorist Organizations (Supporters):
"Terrorist supporters have used intellectual property crime as one method to raise funds. Central to this judgment is the distinction between terrorist supporters who merely provide funding and resources to a terrorist organization versus terrorist organization members who engage in the actual terrorist activities of violence. … It is widely reported terrorist supporters may use IPR crimes to provide indirect financial support to terrorist organizations, but little current evidence suggests terrorists are engaging directly in IPR crimes to fund their activities." There are many confirmed cases of product counterfeiting for funding terrorist acts.

Gangs (Supporters):
"According to the National Gang Intelligence Center (NGIC), there are three subtypes of gangs: street gangs, prison gangs, and outlaw motorcycle gangs. Of these three groups, street gangs most often engage in and profit from IP theft, therefore this analysis focuses exclusively on this subtype." Foreign Government Offenders: The primary motivation in this offender group is the theft of sensitive United States information including trade secrets and economic espionage.
There are examples of state-sponsored counterfeits of branded products.
Warez Groups: "[A] less common motivation for committing IPR [infringement] is personal fame and notoriety. These individuals are often members of Warez groups, sophisticated and hierarchical criminal groups operating in the United States and abroad that specialize in distributing infringing movies, music, and software via the Internet." countermeasures chosen. With deceptive counterfeits, the consumer may not be aware there are counterfeit products in the marketplace: Increasing awareness through publicity may lead the consumer to not buy the genuine brand or product which would not satisfy the brand owner. With non-deceptive counterfeits, the consumer is seeking illegal product, so identifying a product as 'fake' would not deter the sale.

Methods
A review of previous research highlighted the need for a Counterfeiting Incident Cluster Tool to help organize information and assist in decision-making. Specifically the tool was developed to analyze case study data from incidents including the types of counterfeiters and counterfeiting offender organizations into one summary cluster analysis.
Gathering case study data on product counterfeiting is often hampered by data confidentiality from either brandowners, law enforcement agencies or both. For these reasons open-source information was gathered from the research literature and from the U.S. National Intellectual Property Rights Center (IPR Center). All gathered data were then reviewed and coded using the productcounterfeiting typology. The final step in this research was data analysis and incidence clustering. Current methods and practices were reviewed to develop and determine the most effective tool. The product-counterfeiting variables are presented together in an original Counterfeiting Incident Cluster Tool. The case study of incidents is presented to demonstrate the application of the tool.
The tool was developed by the authors and refined with expert elicitation of scholars and practitioners through presentations and at workshops including the IPR Center. Examples of product-counterfeiting incidents were identified to demonstrate the use of the tool. A case study further supplemented the review and demonstrated the application.

Results and discussion
This section presents the Product-Counterfeiting Incident Cluster Tool and an application. The functionality of the tool is illustrated through several examples of counterfeiting and potential countermeasures. The application of the tool is then further demonstrated through the case study. By effectively clustering the incidents, generalizations can be made about the incidents. Once the generalizations are understood, effective and efficient countermeasures can be selected.

Product-counterfeiting incident cluster tool
The Product-Counterfeiting Incident Cluster Tool is intended to help organize counterfeit product opportunities by the type of counterfeiter, counterfeiting, and offender organization as in Figure 1. Specific incident details are used to populate the tool. This then enables the logical selection of an effective countermeasure(s) and an optimal solution.
The Product-Counterfeiting Incident Cluster Tool is similar to the Problem Classification Scheme, in its underlying theory, operation and goals (Eck 2003, Eck andClarke 2003). Drawing upon routine activity theory, they created the problem classification scheme. This twodimensional scheme specifies various crime problems including the setting of the offense and the behaviors of offenders and victims. Altogether, eleven settings and six behaviors result in 66 discrete problem types (e.g., appliance theft from home constructions sites is a predatory behavior in a transitional setting). Identifying problems in this way highlights their harms, the victim/offender relationship, offender intent and facilitating environments, which all help decision-makers find effective responses more quickly (Eck 2003).
Likewise, the tool draws on routine activity theory, but focuses on different characteristics of offenders such as the types and groups of counterfeiters and their counterfeiting techniques. It also focuses on techniques rather than settings, which is useful for researching product counterfeiting because different aspects of single incidents occur across a variety of places (e.g., manufacturing facilities versus point-of-sale locations) and geographic areas (i.e. spanning state, national, and international borders), making it difficult to isolate a single setting. Despite this difference, the tool functions similarly and has the same aim. It allows users to refine information about a complex situation into a more basic risk, from which appropriate responses can be better identified. Another important difference is that the problem classification scheme is designed to classify general crime problems, whereas this applies to product-counterfeiting incidents (see (Eck 2003) and (Eck and Clarke 2003)).
This tool aims to provide a simple two-dimensional classification as recommended by Eck and Clarke. They state "The purpose of a problem-classification scheme is to improve the practice of problem solving and research into problems and their solutions" (Eck and Clarke 2003, pg. 28). The tool should help "problem solvers in their daily work" (Eck and Clarke 2003, pg. 28).

Product-counterfeiting incidents
The details of known or suspected specific counterfeit incidents can be organized and categorized within the tool. This permits the methodical organization of the oftendiverse information. The incidents in Figure 1 show the level of professionalism, intention and planning in the type of counterfeiters' category and the level of violence, systemization and international operation in the type of counterfeiting. This enables relevant organizations to assess risk more reliably and aid the development of bespoke countermeasures against each profiled attack.
The counterfeit product incidents were selected and profiled for inclusion to demonstrate how they fit into the tool: A) Cigarette Product Fraud by Known Terrorist (Hsu 2009, Spink 2011a): An identified 'Hezbollah weapons-procurement officer' was contributing to their terrorist operations by smuggling counterfeit and genuine non-taxed cigarettes into the US and affixing fake tax-stamps. This example is especially helpful for demonstrating the use of the tool since there are multiple types of actions. For clarity in the tool, this is case example ' A' and the diversion is noted as ' A1' and counterfeiting (IPR) is noted as ' A2'. This example identifies an especially important nuance where the type of counterfeiter is a professional but the type of offender organization is a terrorist. The classification is: professional (and not ideological since the counterfeiting was to support the terrorism operations which were separate from the terrorist activities), diversion (smuggling) (' A1') and counterfeiting (' A2'), and terrorist (as identified in the source documents). B) Prescription Cancer Medicine up-Labeling (Rudolf and Bernstein 2004, Janssen Products, 2003, Eban 2005: A group of local criminals illegally procured low dose products. They relabeled the vials as products having higher doses and then illegally returned them to a rogue pharmacy for credit of the higher dose and higher priced product. The classification is professional, tampering, and general criminal enterprise. C) Counterfeit Packaged Candy Product and Package (Pham 1995): This was fully counterfeited in a local US market for distribution through the counterfeiter's parallel legitimate supply chain. The classification is occupational, counterfeiting, and individual/small group. D) Movie Counterfeiting by Organized Crime Group (DOJ 2009a(DOJ , 2009b: An organized crime group was identified to be importing, distributing, and selling counterfeit movie DVDs in the legitimate supply chain (counterfeited packaging, labels, inserts, disks, and the movie recorded on the disk). The classification is professional, counterfeiting, and organized crime. E) Stolen Goods Re-selling (IPR Center 2011a): A convenience-store chain owner organized a boosting ring to shoplift mass quantities of over-the-counter medicines (e.g., aspirin, cough medicine, or antibiotic cream) that were then sold in their own stores. The sterility and efficacy could not be confirmed so the product was considered by the US Food and Drug Administration as 'adulterated' and illegal to sell (FDA 2004(FDA , 2007. The product was presented to consumers as genuine, legitimately procured product. The lack of supply chain or logistics transparency creates a fraud opportunity where counterfeit products could enter the market. This stretches the definition of counterfeiting from a purely intellectual property rights perspective, but it is definitely fraudulent. The classification is occupational, theft, and general criminal enterprise. F) Fake Botox Parties (Liang 2006, Coleman and Zilinskas 2010): A medical Doctor was administering cosmetic injections in at-home 'Botox Parties' with product that had counterfeit product and packaging. The classification is: occupational, counterfeit, and individual/small group. G) Gray Market Watches (IPR Center 2011b): A watch retailer was procuring genuine watches and parts from outside the authorized supply chain. The brokers often co-mingle counterfeits or substandard products with the genuine diverted products. The classification is occupational, diversion, and individual/small group.

Case study
Additional information was acquired from press releases from the IPR Center, which were reviewed and coded. The time period covered December 2010 through November 2011. The IPR Center focuses on intellectual property violations covering trademark, patent, copyright, and trade secrets. This includes cases that are much broader than consumer or industrial products or packaged goods. Copyright infringement is referred to as piracy. This provides a set of information that includes details of the counterfeiting, counterfeiters, and offender organizations. While these IPR cases were identified, prosecuted, and published, it should be noted that there is no detail available on the quantity of product or cases that were pursued for non-IP violations such as smuggling or false documentation or that were just not pursued for further enforcement and prosecution. Cases may be dropped or not pursued for many reasons. This data set of completed cases may be just the incidents that were the easiest to catch and prosecute, or the criminal enterprises that were sloppy or not corrupt enough to avoid capture. Brand owners should not base their product-counterfeiting fraud opportunity solely on this data set. The review found 97 press releases in this time period, where 46 were for specific cases, 44 were not applicable (either announcements or summaries of operations that did not include details for specific counterfeiters), and 7 were duplicates. Of the 46 specific cases: Counterfeit product was involved in 42 cases while the remainder involved stolen or diverted goods. Counterfeit packaging was involved in 29 cases including 4 that could have utilized counterfeit packaging later in the incident. The primary activity involved counterfeiting in 34 cases, piracy in 7, smuggling in 4, and stolen goods in 1. Deceptive product was involved in 25 cases, non-deceptive in 19, and not applicable in 2. In 9 of the 42 product-counterfeiting cases, the perpetrator was identified as having a previous criminal history. There were 4 cases where the perpetrator fled or was still at large.
The small size of the sample in this study means that it is problematic to conduct quantitative analysis.
To demonstrate the use of the Product-Counterfeiting Incident Cluster Tool and not provide so much data that might unduly complicate the demonstration of the tool, the IPR Center information was entered in the tool for only the products of ' Apparel, Shoes, Jewelry, Sunglasses, Accessories' and 'Health and Beauty Aids, Perfume.' These two were selected since the type of counterfeiting and counterfeiters potentially include similar countermeasures.
In Figure 2 you can see the type of counterfeiter is clustered around Occupational and Professional. The type of counterfeiting is counterfeit (IP) product (it should be noted that the cases drew upon information from an organization that focused on intellectual property and counterfeiting enforcement). The Counterfeiting (IP) incidents were equally distributed between deceptive and non-deceptive products, so the consumers are equally seeking genuine and counterfeit product. The prosecuted criminals were all suppliers who were providing non-deceptive counterfeits other than one that was distributing co-mingled product. Each of these conclusions helps determine the optimal countermeasure component and function.
Through the use of the tool, the complex information has been organized to help support the determination of the most effective anti-counterfeit strategy. By understanding how the counterfeiters and counterfeiting incidents are clustered, countermeasures can be selected to efficiently address the most prevalent problems. Including the type of offender organization contributes to the identification of the extent of the network, use of violence, penetration into the legitimate market, systemization and international operation that the counterfeiters may have to overcome, and the safety of those who may confront the fraudsters.

Conclusion
This research aimed to develop a method and a tool to review, profile, understand, and cluster productcounterfeiting incidents which would then facilitate the organization of a complex set of information intended to assist in explaining the opportunity structure of the problem based on the type of counterfeiting, counterfeiter, and offender organization. Understanding the type of fraud and the fraudster are important when developing anti-counterfeit strategies and prior to selecting effective and efficient anti-counterfeit countermeasures. Our tool will help brand owners and government agencies select countermeasures.
Product-counterfeiting prevention is a complex and unique process that benefits from applying evidencebased crime science theory. The lack of available incident data and details are seemingly a major limitation.
The nature of relatively few incidents, and ever-changing fraud opportunities, reduces the usefulness of large data sets or traditional probabilistic risk assessment. The most useful data for selecting countermeasures could be derived from a relatively very small but complete data set of specific incidents that occurred against a specific product or situation. Because each product-counterfeiting fraud opportunity is unique to the victim, fraudster, and the guardian, the review of detailed incident data supports specific prevention and can deter specific fraudsters. This is important since prevention is the focus of effective and efficient countermeasures.
The development of the definitions of counterfeiters, counterfeiting and offender organizations, along with this incident clustering tool, will allow more structured and theoretically based incident reviews.

Competing interests
The authors declare that they have not competing interests.

Authors' contributions
The authors all collaborated throughout the development of this concept through editing the final draft. JS was lead writer and DM was involved in crafting the original manuscripts. DM was instrumental in the early definitions of product fraud and specifically food counterfeiting which is evident in the number of previous publication. HP was instrumental in working with JS on the basic definitions especially through collaboration with the International Standards Organization Technical Committee 247 on Fraud Countermeasures and Controls. HP also specifically contributed to the review of other crime theories. JH has been a constant collaborator on a range of related typology projects and specifically contributed to the review of applying crime theories to the research question. All authors read and approved the final manuscript.