How are counterfeits identified? Failures? Other methods? (Using RFIDs or other methods?)
WICs, VICs, VWICs, NM Cards, and GBICs/SFPs are the overwhelming majority of counterfeit Cisco that we see. For a VWIC card for example, there are some very specific things to look for: 1) A valid serial number (check the Cisco CCO), 2) A correct serial number sticker (legit stickers are bar-code readable, and the bar code generally goes to the edge of the sticker itself, rather than being printed in the middle) that has a laminated surface (counterfeits often print the bar code directly on the plastic sticker, and it will rub off to the touch); 3) internal and printed serial numbers that match; 4) A Stewart RJ-45 jack that protrudes about 1/16th of an inch (counterfeits are often mounted flush or have a non-Stewart jack); 5) In a 'show diag', no visible errors, i.e., "FRU ... unknown," "RMA ... unknown," symbols used in the hex code, etc. We use about seven more softer criteria as well, and compare any suspect product to known good samples. There are many more "tricks of the trade" that vary by specific product.
Mike - I understand that most of the "new" WIC, PA and NM cards on eBay are actually fake/counterfeit. I complained to my eBay rep but they tell me that only Cisco has the right to complain because it is the "intellectual rights" owner. It looks like Cisco is totally ignoring the hundreds of fake items on eBay. Why do you think Cisco is ignoring this problem?
Type WIC-1ENET into eBay and look at the products sold, $15 each and "new in bulk pack", and at least one seller boasts of its "premier Cisco partner" status right on the posting. FYI, Cisco does not sell WICs in bulk packaging and my average cost used is over $60 each. So you are right, eBay's VERO program depends on the IP owner - Cisco - to police the site. I honestly do not know why these are allowed to exist - perhaps being able to sow fear and uncertainty about the secondary market is more valuable than eliminating the problem.
How big do you think the counterfeit market is for Cisco and is this a bigger problem for Cisco or the secondary market?
There were a lot of counterfeit products on the US market six or seven years ago. I think today, as long as you define the "market" as the upper end secondary market dealers - members of UNEDA for example, which I'll talk more about in a second - the presence of counterfeits is almost nil. eBay, Alibaba (which Cisco invested in) and other online sites are the main purveyors. So I think it's really a problem for Cisco. Channel partners typically end up with counterfeit equipment when they look to online auctions like eBay as a source for "new" equipment in an effort to reduce their cost - a practice NHR would not recommend to anyone. Channel partners are resellers of new equipment, not used gear, so it stands to reason that many are not equipped to screen equipment for authenticity. Their typical approach would be to receive a product, not open the packaging, and forward it along to a customer. If it is truly new direct from Cisco, that approach would be adequate, but when you are purchasing from other sources, rigorous testing is necessary.
For perspective, in Q1 of this year we received more than 35,000 items into our facilities worldwide and 0.45 per cent were quarantined as suspicious (including counterfeit, re-manufactured or badly repaired, or otherwise not a match to established standards).
I've heard at the end of July CCO is being retired, so therefore you won't be able to check serials there anymore. What then?
I have heard that only a Cisco partner will be able to check serials, and for them only a contract issued through them to the customer will show up - but again, as I am not Cisco, this is only what I've heard. We will have to wait and see. From the perspective of identifying counterfeits, serials are not terribly useful as good counterfeits have valid serials - the other criteria are more important.
What do you think of embedding other "covert" security information in the bar code to make the bar code more secure?
That's outside my area of expertise, but something like that - and if the identification of such were shared with the vendor community - it could help a lot, assuming they could be made difficult to counterfeit themselves.