data management risks of radio frequency identification (rfid) · this thesis focuses on data...

Data Management Risks of Radio

Frequency Identification (RFID)

Master Thesis Information Systems and Management

R.H.L. Kanters

ANR: 319000

Tilburg University: 2007

Copyright

By

R.H.L. Kanters

2007

Data Management Risks of Radio Frequency Identification (RFID)

By

Ron Henricus Leonardus Kanters

ANR: 319000

Master Thesis

Presented to the Faculty of Economics and Business Administration

of Tilburg University

in fulfillment of the requirements

for the degree of

Information Systems and Management

Supervisor:

Weigand, Dr. H.

Tilburg University

February, 2007

Abstract

1

ABSTRACT

Radio-frequency identification (RFID), as an emerging technology, has generated

enormous amounts of interest in the supply chain arena. It can be used to significantly

improve the efficiency of business processes by providing the capability of automatic

identification and data capture. This automatic identification increases the volume of data

substantially as items leave a trail of data, while moving through different locations. Some

important challenges must be dealt with. How to handle all this new data? And what about the

reliability of the data? The quality of the data should be sufficient because business decisions

are made with these data. Another important issue is that business processes have to change

drastically as a result of implementing RFID. It is a complete new way of doing business,

which often needs a new approach.

The possibilities of RFID are handled in abundance in scientific literature. However

little attention is paid to the data management of RFID. This thesis focuses on data

management risks of RFID and provides risk mitigating actions for each identified risk. The

study can be described as a qualitative analysis. Literature search and some interviews are the

input for this qualitative study.

Preface

2

PREFACE

This thesis is written for the Tilburg University, in the Netherlands. In order to

successfully finish the last year of the study Information Systems and Management each

student is required to execute a last research, the Master Thesis. The study is part of the

faculty of Economics and Business Administration. The work has been done between October

2006 and February 2007.

I chose RFID as main topic to investigate in my Master Thesis. This topic is relatively

new in the retail industry, although it was already used in World War II. The reason for

choosing this research area is that it seemed very interesting to me. It has enormous

possibilities for improving the supply chain. After some general thinking I decided to specify

my research on the specific risks of data management of RFID, since I think this is

underexposed and widely spread. Much is written about all kinds of possibilities the

technology has, but RFID can only become a success if one understands the possible risks.

And as will be showed in this thesis, there are lots of risks regarding data management issues

in RFID.

For the accomplishment of this Master Thesis I received help from various persons. First

of all I would like to thank Hans Weigand, who was an excellent supervisor and answered my

questions whenever I asked some. Furthermore, I would like to thank Ruud Diekman (Phi

Data), Shintaro Nagaoka (Oracle) and Guido van Osch (Centric) for their participation in the

interviews. And finally I would like to thank Mr. Roberti, of the RFID journal, for answering

some specific questions about the technology.

Tilburg, 2007

Ron Kanters

Table of Contents

3

TABLE OF CONTENTS

List of Tables .........................................................................................................................5

List of Figures ........................................................................................................................5

Introduction............................................................................................................................6

Chapter 1: General Characteristics..........................................................................................8

1.1. Problem statement........................................................................................................8

1.2. Research question ........................................................................................................8

1.3. Research relevance ......................................................................................................9

1.4. Research goals .............................................................................................................9

1.5. Structure of the thesis.................................................................................................10

Chapter 2: Introduction to RFID ...........................................................................................11

2.1 What is RFID? ............................................................................................................11

2.2. Classification of RFID applications............................................................................12

2.3. How does it work? .....................................................................................................13

2.3.1. Tag characteristics...............................................................................................14

2.3.2. Reader characteristics..........................................................................................14

2.3.3. Enterprise system ................................................................................................14

2.4. RFID Standards .........................................................................................................15

2.5. The benefits of RFID .................................................................................................15

2.6. Successful case examples...........................................................................................16

2.6.1. Wal-Mart ............................................................................................................16

2.6.2. Johnson Controls.................................................................................................17

2.6.3. Vers Schakel .......................................................................................................17

Chapter 3: Methodology .......................................................................................................19

3.1. Literature search ........................................................................................................19

3.2. Interviews ..................................................................................................................20

3.2.1. Centric ................................................................................................................21

3.2.2. Phi Data BV........................................................................................................21

3.2.3. Oracle .................................................................................................................21

3.3. Fault Tree Analysis ....................................................................................................22

3.3.1. Introduction.........................................................................................................22

3.3.2. Fault Tree symbols..............................................................................................23

Table of Contents

4

Chapter 4: Risk Analysis ......................................................................................................24

4.1. Implementation failures .............................................................................................24

4.1.1. Introduction.........................................................................................................24

4.1.2. Factors influencing implementation failures ........................................................25

4.1.3. Visual presentation..............................................................................................26

4.2. Low reliability ...........................................................................................................27

4.2.1. Introduction.........................................................................................................27

4.2.2. Factors influencing low reliability .......................................................................27


4.3. Data overload.............................................................................................................30

4.3.1. Introduction.........................................................................................................30

4.3.2. Factors influencing data overload........................................................................30


4.4. Channel alignment failure ..........................................................................................32

4.4.1. Introduction.........................................................................................................32

4.4.2. Factors influencing channel alignment failure .....................................................32


4.5 Differences in risk perception between literature search and the interviews.................35

Chapter 5: Risk Management................................................................................................37

5.1. Implementation failures .............................................................................................37

5.1.1. Phase 1: Orientation ............................................................................................37

5.1.2. Phase 2: Business case ........................................................................................38

5.1.3. Phase 3: Technical tests.......................................................................................39

5.1.4. Phase 4: Pilot and implementation.......................................................................39

5.1.5. Phase 5: Learning................................................................................................40

5.2. Low reliability ...........................................................................................................40

5.3 Data overload..............................................................................................................42

5.4 Channel alignment failure ...........................................................................................44

Chapter 6: Conclusions.........................................................................................................46

Chapter 7: Discussion and Future Work................................................................................48

Literature..............................................................................................................................50

Articles and Books ...........................................................................................................50

Internet sources.................................................................................................................53

Appendices...........................................................................................................................55

List of Tables and Figures

5

LIST OF TABLES

Table 1: RFID advantages over bar codes.............................................................................12

Table 2: Comparison of high and low frequency tags............................................................14

Table 3: Literature search approach used for answering the research question ......................20

Table 4: Differences in risk perception .................................................................................36

LIST OF FIGURES

Figure 1: Framework for classifying RFID applications........................................................13

Figure 2: A typical RFID system ..........................................................................................13

Figure 3: FTA model RFID failure .......................................................................................24

Figure 4: FTA model implementation failure ........................................................................26

Figure 5: FTA model low reliability .....................................................................................29

Figure 6: FTA model data overload ......................................................................................31

Figure 7: End-to-End Supply Chain Performance .................................................................32

Figure 8: The conceptual model of trust................................................................................33

Figure 9: FTA model channel alignment failure....................................................................35

Figure 10: Example of a SAN...............................................................................................43

Introduction

6

INTRODUCTION

Radio Frequency Identification (RFID) is a topic that is discussed more and more in the

past few years. It has the possibility to improve the supply chain, especially in the field of

retailing and logistics. By implementing RFID in a company, “process freedoms” and real-

time visibility is achieved (Angeles, 2005). RFID is the latest technology that is used for

precisely identifying objects. Radio waves are used to read an object’s markings in the form

of a unique identifying number stored on an attached or embedded chip (Borriello, 2005).

Implementing the RFID technology engenders a lot of potential risks. Literature search

showed that there is already much written about all kinds of risks. These are very divers in

nature, ranging from emotional to technical ones. Hulsebosch, Strating, Teeuw and Schaffers

(2006) say that the typical risks of RFID can be divided into technical, organizational, social

and economical risks. The next section gives a short overview of all kinds off risks per

category.

Technical risks are associated with possible problems of the equipment. It is important

that RFID produces reliable information, since business decisions are made on behalf of this

information. The security is also an important issue. Malicious people can cause damage to

the system. These attacks are relatively easy, since RFID works on radio waves. An example

is a radar detector, which can be used in a car. The machine sends interfering signals that

make it impossible to measure the speed of the car (Hulsebosch et al., 2006). Malicious

people can also clone less secured tags. This is especially possible in the case of a key as a tag

(Bono et al., 2005).

Organizational risks mainly deal with standards. They are an essential driver for the use

of RFID in open supply chain applications (Stam de Jonge, 2004). The problem is that many

different standards exist. Worldwide there are more than 120 different protocols in use for

reading the tags. The International Standard Organization (ISO) and EPCglobal (EPC) are

currently trying to create a structure in this (Hulsebosch et al., 2006). Other examples of

organizational risks are the health due to harmful radiation of radio waves, the health due to

consuming the tags by accident, nature damage due to the production of tags, the fall out of

tags and the fall out of the entire system (Hulsebosch et al., 2006).

The third category is social risks. Privacy issues are the most important in this category.

These arise when tags are attached to products or to individuals themselves. This way it is

possible to track individuals, anywhere, anytime. Buying patterns can be observed where a

customer has made multiple purchases. These are some reasons why RFID is often associated

with “big brother is watching you”. An often referenced case in this is Benetton. They were

Introduction

7

considering to put RFID tags in their clothing that can be read from a distance. CASPIAN

(Consumers Against Supermarket Privacy Invasion and Numbering) criticized Benetton’s

plans. Criticisms were: “People will know when I shop! What I bought…what size I wear!”.

Benetton decided to stop the trial. Another social risks is the negative atmosphere, since there

are many negative stories about RFID.

And finally there are the economical risks, which consist of system integration, data

management, costs and the growing differences between small and medium enterprises

(SME’s), and the “big companies”. The data management risk can be further split into two

categories. On the one hand Gonzalez, Han, Li and Klabjan (2004) recognize risks with the

volume of new data, since it is possible with RFID to track information on a single item level.

And on the other hand Yang and Jarvenpaa (2005) recognize risks with regard to the supply

chain view, since extending RFID beyond the organization is inevitable according to them.

The differences between SME’s and “big companies” originate because it are only the larger

companies that invest in RFID. Productivity differences will only increase as a result of the

use of RFID. Furthermore SME’s, as a supplier or buyer, are more or less forced to comply

with the RFID demands of the larger companies (Hulsebosch et al., 2006).

Chapter 1 General Characteristics

8

CHAPTER 1: GENERAL CHARACTERISTICS

This chapter describes the research that will be executed into detail. The first paragraph

discusses the problem statement. Next the research question will be handled, which will be

used in order to answer the problem statement. Also the demarcations of the research are

handled in this paragraph. The third and fourth section will subsequently handle the research

motive and goals of the research. The chapter will be concluded with the plan of research.

1.1. Problem statement

Data management of RFID is an important topic, since the technology creates enormous

amounts of data each day. It is important to handle this data in the right way. Only then it can

bring the expected business advantages. However this is not so straightforward, as RFID

increases the data amounts in a company strongly and business processes change drastically.

It is necessary to have the risks clear regarding data management, so that no unexpected

events can occur. Like already mentioned in the introduction, there are also RFID data

management risks regarding the supply chain view. Does this have consequences for the way

of handling the data? This is an important question to answer. Literature search showed a lack

of information regarding these topics. The following problem statement comes forward, as

input for this thesis:

“ RFID technology entails risks with regard to data management, which can have a

negative influence on the result of implementing the technology. ”

1.2. Research question

The following research question can logically be derived from the problem statement of

the first paragraph. This question will be the constant focus throughout this research.

“ What are data management risks in the field of RFID technology, and by what means

can these risks be reduced? ”

Some steps have to be taken successively in this report in order to be able to answer this

research question. These are:

1. What is RFID, and how does it work?

2. What are the reasons for using RFID?

3. What model will be used to answer the research question?

4. What are the data management risks of implementing RFID?

5. How to reduce these data management risks?


9

This thesis will only handle data management risks and ways to reduce these risks for

companies that use, or are planning to use the RFID technology. Risks for suppliers of RFID

and the government will be left out of consideration. Privacy risks are also not in the field of

interest for this paper. Furthermore, only risks for the retail sector are studied were goods are

followed throughout the supply chain.

1.3. Research relevance

More and more companies are considering to implement RFID in their company. This

appears from a report published at the end of December 2005, 2005 sales of RFID tags were

about 600 million, accounting for some $1.2 billion [1]. This number is expected to grow

considerably in the near future. In order to maximize the success one should be aware of all

risks. Privacy risks are handled in abundance with respect to the RFID question. However I

think the data management risk is underexposed and widely spread, as appeared from the

literature search I carried out. This thesis will provide new insights into the data management

problem. Important is the way the information should be managed in the individual company

and between companies along the supply chain.

1.4. Research goals

The potential benefits and features of implementing the RFID technology are handled by

many researchers. However I think it can only develop into a success if one looks also to the

potential risks of the technology. Companies should not only be obsessed by the promising

advantages it offers. If the risks of implementing the technology are known it is possible to

anticipate on these and to try to reduce these.

Implementing RFID brings on a wide scale of potential risks. The main interest of this

research is with regard to issues in data management. I think this is important, since the

volume of information generated by such systems can be enormous. Certainly if each item

will be tracked that moves through different locations. It is also of importance because RFID

is mostly used in a supply chain, with multiple suppliers and customers. An important

question is: how to handle the information in this chain effectively?

The research goal of this thesis is to give an overview of the data management risks of

RFID and to provide a framework for companies to minimize the risks of implementing the

RFID technology.


10

1.5. Structure of the thesis

This report consists of seven chapters. The second chapter gives an introduction into the

basics of RFID. What implies the technology? How does it work? And what are the potential

benefits for the company? These are the questions that will be answered in this chapter. Next,

chapter three will describe the used methodology, for answering the research question.

Chapter four will describe the data management risks of RFID into detail. And in the next

chapter a framework is provided to reduce these risks. Then, in chapter 6, the conclusions of

the thesis are provided. And finally, the thesis will be concluded with a discussion, in chapter

7. The future state of RFID is portrayed in this section.

Chapter 2 Introduction to RFID

11

CHAPTER 2: INTRODUCTION TO RFID

In this chapter the RFID technology will be introduced and explained. It will give a

good background for understanding the technology. The first paragraph handles the basic

principles of RFID. The second paragraph describes a framework for classifying RFID

applications. The third paragraph handles the components of the technology, and the way

RFID works. The fourth paragraph describes the possible benefits of it. And the chapter will

be concluded with some interesting case examples, for a better understanding of the working

of RFID in retail.

2.1 What is RFID?

Recently there is paid much attention to RFID, although it is not a totally new

technology as many people think. It was already used in World War II. Allied aircrafts carried

transponders that would acknowledge radar signals from friendly aircrafts (Chawathe, et al.,

2004). Since then it has followed considerable progression. The 50’s are known for the early

explorations of RFID. Developments of the theory were achieved in the 60’s together with the

start of field trials. Inventors were busy with RFID related inventions such as Robert

Richardson’s “Remotely activated radio frequency powered devices” in 1963 and J.H.

Volelman’s “Passive data transmission techniques utilizing radar beams” in 1968. In the 70’s

there is an explosion in the development of RFID. There was also a great deal of interest in

RFID from researchers, developers and academic institutions. Full implementations were

achieved. The greatest interest in the United States was for transportation and personnel

access. The 90’s were significant for the emergence of standards. An example of this is the

pan-European standard for tolling applications in Europe, were vehicles could pass toll

collection points without stopping. Video cameras were used for enforcement. An overview

of the history is presented in appendix 1 (Landt, 2001).

In its essence RFID is comparable with the traditional “Bar Code”. However RFID has

much more possibilities. These are stated in the table below.

Characteristic RFID Bar Codes Significance

“Line of sight”

or unobstructed

path between tag

and readers

Unnecessary Always

necessary

Labor is reduces when RFID

tags are applied to goods; they

need not be facing readers. Tags

can be read at great distances

without anyone running a

scanner over the tag as is


12

Characteristic RFID Bar Codes Significance

necessary with bar codes. This

makes it possible to instantly

take the inventory of a carton

without unpacking it

Effective range Varies with type

of tag

Limited High-frequency RFID readers

can operate at great distances

Processing speed Signals from

multiple tags are

received and

processed in

rapid succession

Reads one at a

time

RFID readers can process greater

quantities of goods much faster

Multiple

capabilities

Can “write”

information on

certain RFID

tags, as well as

“read” it

Not applicable In contrast to bar codes, certain

RFID tags with read/write

capabilities allow the

information on the tag to be

modified. For example,

quantities can be updated when

items are added or removed from

a pallet

Resistance to

adverse

conditions

Can read and

transmit data

through soot or

dust

Easily obscured RFID systems can be used

outdoors and in less-than –

optimal indoor conditions

Table 1: RFID advantages over bar codes (source: Davis and Luehlfing, 2004).

2.2. Classification of RFID applications

RFID is mainly used for identification (like access control), authentication (like the

payments of small amounts such as highway tolls), preventing shoplifting and tracking and

tracing (of products, people and animals). But the possibilities are going much further, like a

combination of RFID tags with sensors for measuring temperatures and humidity. An

example is the Schuitema case, where the temperature of perishable products is monitored

(see paragraph 2.6.3). RFID has the promise to unleash a revolution in the field of efficiency,

comfort and security (Schermer, 2006; Hulsebosch et al., 2006). Also it is possible to

implement the RFID chip in a human body. Currently the Dutch government is considering

equipping ‘TBS’ers’ with chips. This makes it possible to track them, if one tries to escape.

Figure 1 represents a framework for classifying RFID-applications.


13

Figure 1: Framework for classifying RFID applications (source: Asif and Mandiviwalla, 2005).

At present only the “big companies” are testing with the RFID technology. A major

reason for this is that the costs for implementing RFID are still relatively high. At current

prices it is not affordable for SME’s to use the technology. It is expected that prices will

decrease as manufacturing technologies improve. Roberts (2006) predicts that 10 billion tags

will be used annually by the end of 2007 (currently this is about 6 billion) and 1 trillion will

be used in 2015. Appendix 2 shows that the costs of tags are about $ 0.23 cents. In 2009 the

costs will drop to 5 cents per tag. This is the cut-off were RFID will be used on a wide scale,

according to Hulsebosch et al. (2006). By 2011 the costs of tags will drop to 1 cent. RFID will

then be used on a case level.

2.3. How does it work?

An RFID system allows data to be stored and modified, to provide the business with

intelligence. It uses radio waves to identify individual physical objects. Roberts (2006) says

that a typical RFID system consists of a tag, a reader and an enterprise system. This is

depicted in figure 2. The components are handled separately in the following sub-sections.

Figure 2: A typical RFID system (source: Roberts, 2006).


14

2.3.1. Tag characteristics

RFID tags can be passive, active or semi passive. Active tags use a battery. By using

this power source a tag is able to receive a weak radio signal and sent an answer over a larger

distance. A disadvantage of an active tag is the lifespan of the battery and the price per tag.

Passive tags on the other hand do not consist of a battery. This means that the tag is powered

by the electromagnetic waves sent out by a reader. A third category is the semi-passive tags.

These use both the battery and the waves sent out by the reader. They are particularly used to

improve the intelligence and capacity of the chip. Passive tags use lower frequencies than

active tags. Differences between high and low tag frequencies are:

Tag

frequency

Relative

range

Transmission

rates

Power

consumption

Relative

cost

Environmental

susceptibility

Low Shorter Lower Lower Lower Lower

High Longer Higher Higher Higher Higher

Table 2: Comparison of high and low frequency tags (source: Asif and Mandiviwalla, 2005).

The chip in a tag can either be read-write or read-only. Read only tags contain data that

can not be changed. A read-write tag can store new information on its chip. These tags are

more expensive, and are used for higher-value products (Angeles, 2006).

2.3.2. Reader characteristics

A reader is a machine that can read tags, by sending radio signals. Tags that are in the

range of distance can react to this signal. In order to read passive data, the reader sends radio

waves to them. The tags energize them and start broadcasting the data. The reader consists of

an antenna, which creates the magnetic field with the tag’s antenna. After receiving the

information from the tag, the reader checks, codes and saves RFID-data. RFID-readers can

both be attached to something, like a door or shelf, or they can be mobile, like a handheld or

PDA (Asif and Mandviwalla, 2005 ; Schermer, 2006).

2.3.3. Enterprise system

Finally, a RFID system consists of an Enterprise System (like ERP or CRM) were

employees can use the information gained with RFID. Before it is possible to use this

information the data needs to be filtered and prepared for use. For that often middleware-

solutions are being used. Middleware-tools are also used to manage RFID data by routing it

between tag readers and the systems within the businesses. Middleware solutions filter

duplicate, incomplete and erroneous information that it receives. They hide the complexity

and implementation details of RFID for the enterprise system. This allows users of the


15

analytical system to focus on the business implications of RFID. Analytical systems consist of

databases, to which the tags are linked. This happens through the EPC standard, as will be

described in the next paragraph. The enterprise systems contain valuable information for

making decisions. An example of this can be decisions for inventory management

(Karygiannis, 2006). Brown and Wiggers (2005) say that this is the layer at which

competitive advantage will be won or lost.

2.4. RFID Standards

As already mentioned in the introduction, there are many different standards for RFID.

These standards often differ per country and industry (Hulsebosch et al., 2006). Without

global standardization the growth of RFID will be limited. Generally there were two

organizations working on global standards for RFID, namely EPCglobal and ISO.

EPCglobal is an open standard and was first developed by the Auto-ID Center. The goal

is to lower the costs of using RFID, so that the technology can be used for single item tracking

(EPCglobal, 2006). Central in the EPCglobal standard is the universal unique identification of

individual items. This unique number is called the Electronic Product Code (EPC). The

connection of the unique EPC code to relating information is executed by an Object Name

Service (ONS). It directs computers to information about the item associated with the code.

EPCglobal is mainly active in developing standards for RFID frequencies, interfaces, RFID

identifiers, and the processing of RFID data.

ISO is currently trying to create a structure in the big number of different protocols used

in the world. Its main focus is on standardizing the wireless interface between de tag and the

reader for different RFID frequencies. Aspects like data storage, structure of RFID identifiers

the physical implementation of tags and readers are not handled (Hulsebosch et al., 2006). In

the field of RFID frequencies, ISO and EPCglobal are currently closely cooperating.

2.5. The benefits of RFID

Implementing RFID offers a lot of benefits for companies. Brown and Wiggers (2005)

say that there are four primary reasons to adopt the technology:

1. Improved control of stock and other assets as they move within the organization: it is

possible to monitor goods constantly. In this way it is much easier to watch the number of

products in stock. Costs will drop considerably, because less stock is needed.

2. Improved efficiencies in the supply chain: the increase in efficiencies can be realized

because of the faster, more accurate and automated information exchanges between firms

across the supply chain.


16

3. Tracking of shipments: with RFID it is possible to track the shipment of goods through

the supply chain. This enables the companies and customers to track the location of

products. Customer can look to the time it takes before goods will arrive.

4. Reduced shrinkage / theft: tags can be attached to guard against theft. Reduced theft leads

to less material losses. This again leads to fewer insurance claims and less administrative

work.

Although it is not directly an advantage for companies, the article of Brown and

Wiggers (2005) name another reason to use RFID. Some major retailers want the whole

supply chain, including the smaller companies, to use the technology. A good example of this

is Wall Mart. They announced that it wants its top 100 suppliers to begin fitting their cases

and pallets with RFID tags.

2.6. Successful case examples

In this paragraph some successful cases will be presented. This gives a better insight

into the way RFID is used and the advantages that the technology can bring to a company.

2.6.1. Wal-Mart

Wal-Mart (the biggest retailer in the world) announced in 2003 that it wants its top 100

suppliers to fit RFID tags to their pallets and cases, as from January 2005. Estimated initial

savings and benefits were:

� $ 6.7 Billion in reduce labor costs (no barcode scanning is anymore allowed).

� $ 600 Million in out-of-stock supply chain cost reduction.

� $ 575 Million in theft reduction.

� $ 300 Million in improved tracking through warehousing and distribution centers.

� $ 180 Million in reduced inventory holding and carrying costs.

Two months after RFID was implemented on a large scale Linda Dillman, CIO at Wal-

Mart, confirmed that it was a big success. Only a few suppliers did not reach the deadline, due

to some technical issues. Recent research showed that out-of-stock is decreased with 16%.

The way it works: tagged pallets and cases of suppliers will arrive at the regional

distribution centers of Wal-Mart. Here, the readers at the dock doors will automatically scan

the tags. The scanned data will be passed to an application that will inform the retailer’s

operations and merchandising teams and the products’ suppliers that the specific shipment has

arrived. At the distribution centre cases will be removed from the pallets and processed. Next


17

cases are trucked to the Wal-Mart stores. When tagged cases arrive, they will be read and

automatically confirm the arrival of the shipment [2].

2.6.2. Johnson Controls

Johnson Controls produces automobile seats for New United Motor Manufacturers

Incorporated (NUMMI), which is a joint production facility of Toyota and General Motors.

NUMMI uses the Just-In-Time (JIT) method for producing their various vehicles, in order to

eliminate waste.

Because of this JIT method Johnson Controls has to make about 12 deliveries daily.

These deliveries must be in time. Every hour Johnson Controls receives seat orders, in the

form of a serial number list. This list is needed to determine the order in which the seats have

to be delivered, since different car types are produced on a single production line

successively. Before using RFID, Johnson Controls used an ID system that involved basic

clipboards and checklists, located with operators at each station of production, inventory and

production. RFID eliminated the human errors that existed in the old system. This was

necessary because NUMMI allowed only a certain amount of mistakes and Johnson Controls

was not far of this number. Also the time savings and flexibility improved impressively by

using RFID [3].

2.6.3. Vers Schakel

“Vers Schakel” is a project in the Netherlands in which the participants Schuitema

(central organization behind C1000, supermarkets), Heemskerk, Centraal Bureau

Levensmiddelenhandel (CBL), KPN, Capgemini and Wageningen University and

Researchcentrum (WUR) are participating. In 2005 they won the RFID innovation price,

because of the innovative character and the combination between RFID and temperature

measurement. René Bakker, manager of Logistics and IT of Schuitema and initiator of the

project, says the following:

“ We expect to increase our lead in logistics. Especially in the field of fresh vegetables we

think to improve the quality for customers of the C1000 supermarkets. “

The way it works: RFID chips are attached to CBL-crates, in which packages of freshly

cut vegetables of Heemskerk are transported. On a number of locations at Heemskerk and

their trucks, the distribution centre of Schuitema and the C1000 supermarkets RFID readers

are placed. The data that is produced will be send through the networks of KPN to a central

database. All participants can consult this data. Products can be followed to the shelves of


18

C1000. It is easy to check the shipment with the placed order wireless, even before the truck

is loaded. The WUR can predict the sell-by date on the basis of the temperature information

during the whole chain. This way the methodology First Expired First Out can be applied.

This means that the overall freshness of the products will increase [4].

Chapter 3 Methodology

19

CHAPTER 3: METHODOLOGY

This chapter is dedicated to the methodology used in this thesis. The data collection and

data analysis are being discussed, in order to answer the central research question. The report

is a form of external validity. This means that the results hold across different experimental

settings, procedures and participants [5]. Concretely, it can be said that de RFID risks hold for

all companies across the world, using the technology.

A qualitative study will be executed. This refers to gathering relevant information in a

narrative form, through literature search and interviews. The literature search is discussed in

the first paragraph. The second paragraph handles the interviews. And the chapter will be

concluded with an introduction into the Fault-Tree-Analysis (FTA). This is a methodology

that will be used in this thesis in order to analyze the risks of RFID.

3.1. Literature search

An important purpose of the literature review is to ensure that no important variable,

that has in the past have been found repeatedly to have had an impact on the problem, is

ignored (Sekeran, U. 2003). Analyzing case studies is an important input for this literature

search. This is a particular method of qualitative research. It involves an in-depth, longitudinal

examination of a single event: a case. However, it must be said that there are not much

business cases available of failures of RFID, as appeared from literature search and the

interviews. The literature search included a search in divers books used during my study and a

search on the World Wide Web, were international journals, some smaller journals and

general information were searched. On the Internet some relevant keywords were defined, for

finding the relevant information. Several search engines were used for this. This is

summarized in table 3.

Research strategy Description

Used key words “RFID”, “RFID risks”, “RFID data risks”, “RFID risk

management”, “RFID data management”, “RFID

supply chain risks”, “RFID implementation risks”,

“RFID reliability”, “RFID middleware”

Time period October 2006 until February 2007

Search engines www.google.com, www.altavista.com,

www.findarticles.com, www.rfidjournal.com


20

Research strategy Description

Scientific on-line literature

data bases

- Google Scholar

- Online Contents UVT

Table 3: Literature search approach used for answering the research question.

3.2. Interviews

As already said in the introduction of this chapter, some interviews are executed. The

focus in these interviews is on the particular risks RFID in data management, and on ways to

reduce these risks. A specific goal is to compare the results of the interviews with the

literature search. Interesting is to see if there are any differences between the two groups.

These differences are handled in paragraph 4.5.

I will use a form of non-probability convenience sampling for selecting the

interviewees. This refers to the collection of information from members of the population (all

companies using RFID) who are conveniently available to provide it (Sekeran, 2002). The

main reason to use this technique is because there is no necessity to obtain information from

specific target groups. Every company shares the same RFID risks.

There are different techniques for interviewing. I will use the non-scheduled technique.

These interviews are so labeled because the interviewer does not enter the interview setting

with a planned sequence of questions to be asked of the respondent, although some

preliminary issues will be brought to the surface. During the interviews it will be determined

what variables need further in-depth information. In this kind of interview technique it is

important to be well prepared. Therefore, the literature search should be carried out first.

Interviews can be held either face-to-face, over the telephone or online. In the research I

carried out one telephone interview, with Centric. And two face-to-face interviews, with Phi

Data and Oracle. The main advantage of these interviews is that I can adapt question, clarify

doubts, and ensure that the responses are properly understood, by repeating or rephrasing the

questions. It has the least biases. Because people have to be interviewed face-to-face it is

important that the companies are established in the Netherlands. Interviewees should not be

geographically to far away, because of costs and time available. The next sub-paragraphs give

an introduction into the interviewed companies. Except these two interviews, I also had E-

mail contact with Mr. M. Roberti, about some specific questions of risks and risk mitigating

factors. M. Roberti is the founder and editor of RFID Journal. This is an independent media

company devoted solely to RFID and its many business applications. Their mission is to help

companies use RFID technology to improve the way they do business.


21

3.2.1. Centric

The core activity of Centric is consultancy, IT solutions, software engineering, e-

business, systems integration, managed ICT Services and training. They offer these total

solutions for diverse branches, under which the government, financial services, housing

agency, trade businesses and industry. The solutions are provided together with renowned

partners, for the guarantee of high quality solutions and services. The company (established in

1978) has offices in the Netherlands, Belgium, Germany, and Norway. About 5.100 persons

work for Centric [6].

Centric does not implement RFID solutions at the moment in retail, wholesale and

transport, although they are following the technology very closely. They can be identified as a

knowledge base. Diverse companies, like Schuitema and Hema, triggered the company for

doing this. Centric is a member of the platform RFID Nederland, which shares knowledge in

the field of RFID. The interview was held on the 23rd of November 2006 with Mr. G. van

Osch, by telephone. He has set up a RFID Knowledge Center and initiated a research program

in the field of RFID. Centric owns a portal, in which they report to their customers about

RFID. For this thesis I got access to this portal. Some useful information was collected from

this. A summary of the conversation is reflected in appendix 6.

3.2.2. Phi Data BV

Phi Data can be described as a solution provider for customers requiring high quality

automatic identification- and print systems. The company was established in 1981, and has

nowadays offices in Woerden (Netherlands), Wemmel (Belgium) and Windhof

(Luxembourg). Business processes can be optimized with these products, and costs can be

reduced. Products range from barcode scanners and portables to radio frequency data

communication (RFDC) and RFID, and a wide range of printers. Because of intensive

cooperation with ERP / WMC suppliers, Phi Data is able to propagate the Solution Provider

Philosophy [7].

For this report I interviewed Mr. R. Diekman, face-to-face. He is a senior consultant,

and gives training sessions. His specialism is in divers RFID techniques. The conversation

was held on the 30th of November 2006, in Woerden. The conclusions are reflected in

appendix 7.

3.2.3. Oracle

Oracle’s core business is information – how to deal with it, use it, share it and secure it.

For almost three decennia Oracle (the largest supplier of business software in the world)

offers the software and services that make sure that organizations have the most actual and

accurate information present within their business systems. Three principles are central in


22

their vision for having the best information available. The first is simplification, which means

fast information transfer with integrated systems and only one database. The second is

standardization. This means less costs with open, simple accessible components. And the third

principle is automation, which means improvement of operational efficiency with technology

and good training [8].

Oracle transform retail supply chains with RFID into consumer-driven demand

networks, and improves efficiencies and business processes in industries ranging from

healthcare to defence. The difference with Phi Data is that Oracle concentrates on the

information systems, whereas Phi Data offers total solutions. The interviewee was Mr. S.

Nagaoka. He is Principal Product Sales Consultant of Oracle Netherlands. The interview was

face-to-face in De Meern, on the 2nd of January 2007. Appendix 8 gives an overview of the

interview.

3.3. Fault Tree Analysis

3.3.1. Introduction

In order to analyze the data management risks of RFID, a Fault Tree Analysis (FTA)

will be applied throughout this paper. Dugan et al. (2002) describe this approach as a top-

down analytical technique, whereby an undesired state of the system is specified, and the

system is then analyzed in the context of its environment and operation to find all realistic

ways in which the undesired event can occur. The approach reflects in visual models how

logical relationships between equipment failures, human errors, and external events can

combine to cause specific accidents.

Although FTA is highly effective, it must be said that the analysis has three limitations

[9]. The first is the narrow focus. FTA examines only one specific risk. If more risks are

analyzed, more fault trees must be developed. The second limitation is called art as well as

science. The level of detail varies per researcher. However, different analysts should produce

comparable results. And the third limitation is the complexity of making statistical predictions

about future performance. Only highly skilled researchers can perform such quantifications.

This last limitation does not apply in this thesis, since no statistical predictions will be made.

The procedure for performing a FTA consists of the following five steps [10]:

1. Define the system of interest: the fault tree analysis focuses on ways in which a system

can fail to perform a specific function. Clearly defining that function is an important first

step. This means specifying the problem of interest that the analysis will address. This is

the box at the top of the diagram.

2. Identify critical failures or ‘faults’ related to the component: determine events and

conditions that most directly lead to the TOP event. This should be a small step towards


23

the underlying contributors to the problem of interest. Avoid jumping into detail in this

stadium.

3. Identify causes for each fault: list all possible causes for faults below the faults.

4. Work towards a root cause: continue identifying causes for each fault until you reach a

root or controllable cause. The model is complete when each branch of the fault tree has

been pursued to the lowest level of resolution deemed necessary by the analyst.

5. Identify countermeasures for each root cause: create boxes for each countermeasure. Draw

the boxes below the appropriate root cause and link the countermeasure and cause.

3.3.2. Fault Tree symbols

The following symbols will be used for the fault tree analysis:

Basic event – A basic initiating fault requiring no further

development.

OR – Output fault occurs if at least one of the input faults occur.

AND

AND – Output fault occurs if all of the input faults occur.

Transfer in – Indicates that the tree is further developed, in another

section of the report.

Transfer out – Indicates that this portion of the tree must be attached

at the corresponding “transfer in”.

Chapter 4 Risk Analysis

24

CHAPTER 4: RISK ANALYSIS

Unfortunately, both change and complexity of RFID systems generate risk. The focus of

this chapter is on typical risks of data management in RFID. These risks are analyzed by using

the Fault Tree Analysis, as describe in paragraph 3.5. From the literature search and the

interviews it appeared that the risks of RFID can be classified into four main categories:

� Implementation failure: these are risks associated with “change” in a company.

Implementing the RFID technology means that the processes in a company will be

executed in a different way. What are the potential risks of implementing these new

processes?

� Low reliability: these are risks associated with the performance of the technology. What

potential factors can have a negative influence on the quality of the data?

� Data overload: these are risks associated with the huge amount of data. What are the

potential risks of the enormous increase in data on the network?

� Channel alignment failure: these are specific risks that come forward when RFID is

implemented between two or more companies. What are the potential risks of the supply

chain view, while implementing RFID?

The main FTA is depicted in figure 3. The following paragraphs, will handle each risk

separately.

Channel

alignment failureData overloadLow reliability

Implementation

failure

RFID failure

Figure 3: FTA model RFID failure.

4.1. Implementation failures

4.1.1. Introduction

Products that are equipped with RFID tags can be identified easily, at a distance. A

result is that business processes can be executed more efficient, safer, and more effective.


25

However implementing RFID entails a lot of potential risks in the field of implementation the

technology itself. These risks are handled in the next section.

The risks of implementing RFID is bigger if a direct link to the mission of the

organization is present (Karygiannis et al., 2006). Organizations whose core business is

logistics stand the most to lose when their supporting RFID systems fail. If an organizations

primary mission is outside these areas, the impact is much less important. An example is a

hospital whose primary mission is patient care.

4.1.2. Factors influencing implementation failures

The following factors have an influence on the implementation risks:

� Stuck to current business processes: Existing business processes have to be considered

before implementing RFID. Implementing this technology means that these business

processes will change drastically, and new business processes will be created. To take full

advantage of the potential of RFID companies should re-examine how supply chain

decisions are made and reengineer processes which will require a deeper understanding of

how RFID impacts supply chain dynamics and decision making (interview Centric). Firms

that have unpredictable equipment, unreliable manufacturing processes, long supplier

lead-times, and facilities with long and variable flow times should not start implementing

RFID. Hallwirth and Kogelnig (2005) say that RFID is not just a cure for worse

performing business processes. RFID may even make things worse, since companies have

to deal with new processes and lots of new data. Companies must be able to collect large

volume of data effectively to create “information”. It must be absorbed in the company

efficiently to use it to its full capacity.

Another pitfall that should be taken into consideration is that many IT implementations

fail because people won’t change their “way of working”. This is important since RFID

requires to modify business practices that probably have been in place for a very long time

(Asif and Mandiviwalla, 2005).

� Problems in Integration with existing applications: RFID technology brings on a lot of

new technology in a company. This equipment has to be integrated with existing

applications for the tracking and monitoring of products, like ERP systems (Wang and

Liu, 2005). These ERP systems should provide the companies with knowledge. Therefore,

Mr. Nagaoka (interview Oracle) thinks these information systems are the main business

driver of RFID. An example of a failure is the ‘Vers Schakel’ case. They chose a

relatively small company as a partner, since they already realized a successful comparable

case. However the ERP-system did not work as expected (interview Oracle).


26

� Low maturity of technology: A hardware survey, carried out by Logica CMG (2005),

showed that the market for RFID technology is widely spread. There is no mature market

at the moment. The current vendor landscape is difficult to understand for end-users. The

reason for this is the variety in RFID components required and different vendor strategies.

The survey also showed that the availability of technical expertise about RFID technology

is limited, because of the early stages of the market. Paul Stam de Jonge (2004) and Gale

et al. (2006) agree with this statement. They say that large-scale implementations have not

been carried out yet. There is a lack of referenced case studies that document failures and

lessons learned. Mr. van Osch (interview Centric) also addressed this problem. He says

that “success stories” are currently missing. There are lots of pilots, but not many working

systems.

� Absence of management commitment: This risk is closely related to the first risk (current

business processes). The commitment of management is often a challenge in the adoption

of a new technology. Without their support it is not likely that RFID will become a

success (Gale, et al., 2006). The interviewees don’t see this as a problem. The reason is

that the RFID trigger should come from the companies themselves. If companies decide to

implement RFID, the commitment should not be an issue.

4.1.3. Visual presentation

Figure 4 shows the FTA model for the implementation failures.

OR

OR

OR

Figure 4: FTA model implementation failure.


27

4.2. Low reliability

4.2.1. Introduction

The reliability is an important issue for businesses to engage in RFID. In brief,

reliability has to do with the total performance of RFID equipment. Visser and Goor (1999)

say that the reliability improves strongly, if the number of human mistakes is reduced. In

practice, it appeared that this error rate is highly dependent on entering the same information

at different places (supplier, transporter, buyer). RFID should overcome this problem. A 100

% reliability is strived for. However the equipment often does not work well enough at the

moment. The accuracy of some readers is even below 90 % [11].

4.2.2. Factors influencing low reliability

The reliability of the data produced by RFID depends on a number of factors. Generally

these can be divided into two subgroups, namely malicious attacks and risks of the technology

itself. The malicious attacks are handled first.

Many organizations know who might attack their RFID application in the future. They

also see the need to implement countermeasures against these malicious attacks. An example

of an adversary is an employee who was fired in the past. However, other organizations

should proceed with caution because for them it is not known who may be an adversary in the

future. It must also be said that organizations with a high public profile are more likely to be

targeted by malicious individuals or groups (Karygiannis et al., 2006). Factors influencing the

reliability are:

� Corporate espionage: this means the interception of RFID transmissions, with directional

antennas. Distances between 10 and 100 meters are possible. Corporate espionage makes

it possible for competitors, media, private investigators or information brokers to track the

inventory (Roberts, 2006).

� Destroying tags: Australian researchers succeeded in destroying RFID tags, by sending

lots of signals on different radio frequencies. Sending these signals meant that the tags

could not reach the scanners. The attacker should however send the signals within the

range of only a few meters [13]. Hulsebosch et al. (2006) discusses other ways of

destroying tags. First, by sending high frequency signals, tags can got burned. And

Second, by sending deactivation codes to the tags.

� Jamming: this is a term for sending interfering signals. Because the system uses the

electromagnetic spectrum, it is relatively easy to jam. By this means it is possible to

disturb business processes. The damage can be bigger as a company is more dependent on

using RFID [14].


28

The second category concerns reliability risks associated with the use of the RFID

technology. An important question is: is the technology implemented to its full capabilities?

The factors that can have a negative effect on the result of using RFID should be familiar.

These are:

� False reads: This category can be further split into two categories. The first is called

‘false positive’. This occurs when a tag passes within the range of the reader, but it was

not intended to be read (Laddhad, 2006). It is for example possible that one tag is read 50

times as it moves through a portal. Another example is that a reader on conveyer 1 reads

tags from conveyer 2.

And the second category is ‘false negative’. This one occurs when a valid tag passes

within the range of an RFID reader, but the reader does not read the tag [15]. One of the

main reasons for the false negatives is the reflection and absorption of the radio waves.

Only working tags are part of this category. Damaged tags are handled separately, farther

on in this paragraph. Cornelissen (2005) names five variables which influence the

readability of RFID-tags. These factors came forward at a RFID pilot health at a

distribution centre in Tilburg of Sony. The factors are:

1. The reflection capability of packaging materials.

2. The absorption capability of packaging materials.

3. The distance between the tags and the antennas.

4. The corner between tag and antenna.

5. The place of the tag on the product or package.

Literature search showed another factor, namely ‘interference’. This is a form of “denial

of service” that is caused by the interference with other radio signals. The reader is not

able to read the tags (Roberts, 2006).

� Collisions: Collisions can be split into reader collisions and tag collisions. Reader

collisions occur when signals from one reader interfere with signals from another reader

when their coverage overlaps (Angeles, 2005). Tag collisions occur when many tags are

present in a small area. The reader is not able to process this (Hulsebosch et al., 2006).

� Damaged tags: Tag performance is a major concern to companies nowadays, as

manufacturers still produce faulty tags. Failure rates in early RFID pilots have been as

high as 20% to 30%, while a 100% reliability is strived for [15]. Another survey [12] also

reported about this problem. It concludes that many chips are damaged at the moment of

attaching them to the antenna. Because of these high fall out rates, one should not talk

about the price of tags but about the working tag price. Many factors have an influence on

this tag-performance, like weather conditions (temperature or humidity), abrasion and

production errors.


29


The FTA for reliability risks is depicted in figure 5.

2.5 Tag read of

wrong conveyor

2.4 Many reads

of 1 tag

Low reliability

Malfunction of

RFID technology

Maliscious

attacks

2.3 Jamming2.2 Destroying

tags

2.1 Corporate

espionage

2.11 Interference

Damaged tagsCollisionsFalse reads

1.10 Failure as a

result of place of

tag on a package

2.9 Failure as a

result of the

corner between

tag and reader

2.8 Failure as a

result of the

distance between

tag and reader

2.7 Absorption

capability of

packaging

material

2.6 Reflection

capability of

packaging

material

False negativeFalse Positive 2.13 Tag collision2.12 Reader

collision

2.15 Abrasion2.16 Production

errors

2.14 Weather

conditions

Figure 5: FTA model low reliability.


30

4.3. Data overload

4.3.1. Introduction

By placing RFID readers it is possible to track the movement of individual items or

pallets. This makes it possible to carry out business processes much more efficiently.

However this has a major drawback. RFID readers are continuously reading the data on tags

at periodic instances. This means that data is growing enormously, what can lead to data

overload. This data overload causes troubles to information infrastructures for storing,

transmitting, and processing data (Hallwirth and Kogelnig, 2005 ; Wiggers, 2005). The old-

fashioned bar codes did not have these problems, since they only scan information when

someone passes a printed label in front of a reader.

Wal-Mart is one of the biggest companies that is using RFID for some time now.

Laddhad (2006) reported about a survey, executed by Venture Development Corporation

(VDC), in which they predict that 7 terabytes of data is generated every single day at Wal-

Mart.

Hulsebosch et al. (2006) present another simple example of a sum: A big retailer uses

RFID tags on a product level. The number of products that has a tag attached is 1 billion. One

tag produces 12 bytes. This means that the number of scanned data for these products

amounts for 12 Gbytes (1 billion * 12 bytes). If products are scanned every 10 minutes for

tracking and tracing purposes, per day there will be 720 Gbytes generated (12 Gbytes * 6 time

per hour * 10 hours a day). A lot of this data will be double and thrown away. But the fact is

that everything has to be processed (revise, throw away, react, etc.).

4.3.2. Factors influencing data overload

Unwanted network traffic in RFID comes from several sources and often contributes to

unnecessary processing by devices throughout the network affecting the “open highway” for

users. Network traffic is closely related to the data problem. It is a result of all information

sent over the network. Brown and Wiggers (2005) identify three causes that directly affect the

network traffic:

� Tracking level too low: the object where the tag is placed on can have a major influence

on the amount of data captured. Tracking at item level generates for example more

information than tracking on pallet level, or container level. Although it has nothing to do

with the risks of data amounts there is one issue that should be addressed. RFID is capable

of tracking pallets of inventory, but most firms work with mixed pallets. RFID does not

address this business concern (Palamides, 2004).

� Too many trigger actions: RFID systems often generate business events, where scanning

of a tag causes an alert in the system. Communication to existing ERP systems is needed


31

ideally in real-time [16]. An example is notifying a customer of the status of a shipment.

These events also increase the volume of data carried over the network.

� Poor network performance: the volume of data flowing over the network is not just a

factor of the number of tags in circulation. The tags often contain only a location (EPC) of

the related information that is stored elsewhere on the network. This means that a tag read

can generate the sourcing and retrieval of data stored elsewhere on the network, known as

object tracking. In this architecture, data processing occurs on the supporting systems to

which RFID is connected. Karygiannis (2006) says object tracking in combination with

network capacity has a negative influence on the network performance. This makes

accessing data on tags a more reliable approach.

Wang and Liu identify another cause. They say that “too many readers” have a negative

effect on data overload risks. Each reader is uniquely identified in a process. The number of

readers is a factor in the amount of data. Companies have to decide on which tactical locations

to place them. Too many readers lead to much dynamic data, which changes often. Dynamic

data contains data for tracking items through the supply chain (Wang and Liu, 2005).


The FTA for the data overload risk looks as follows:

OR

AND

Figure 6: FTA model data overload.


32

4.4. Channel alignment failure

4.4.1. Introduction

Supply chain management (SCM) is an often mentioned factor in RFID. It offers the

potential to improve supply chain performance due to its ability to provide rich and timely

information that increases visibility and control over the supply chain (Gale, Rajamani and

Sriskandarajah, 2006). The end-to-end supply chain can be defined as a network of entities

(like retailers, distributors, transporters storage facilities and suppliers) that work together to

fulfill a customer request (through the production, delivery and sale) of a product or service.

Appendix 5 shows key supply chain performance metrics. RFID can help in improving these.

The supply chain focus is on two aspects. The first is improving coordination of

physical and financial flows in order to reduce cash cycles. And second extending supply

chain optimization efforts to external partners (Österle, Fleisch and Alt, 2001). In this paper

the focus is on the last point. The supply chain view is also called an open system, since the

control is not under one organization. Halwirth and Kogelnig (2005) show that the risks of

failure in business processes increases when RFID is used across functions and organizations.

Ibrahim (2006) estimates the failure rate to be 50 percent of interorganizational relationships.

Therefore the implementation of RFID must be handled carefully.

Supply Chain performance depends on channel alignment. This is the coordination of

pricing, transportation, planning and ownership between the various actors across the supply

chain. Figure 7 shows an end-to-end supply chain performance.

Figure 7: End-to-End Supply Chain Performance (source: Gale, Rajamani and Sriskandarajah, 2006).

4.4.2. Factors influencing channel alignment failure

As already mentioned, the risks of failure increases as RFID is applied between more

entities. Factors influencing this are:


33

� Low level of trust: as RFID is more a collective action, related companies need to adopt

the technology simultaneously in order to benefit most of it. Only if everyone is involved,

from the producer to the retailer, it can become a success. However, it must be said that

such collective actions are very complicated, because of different attitudes and

perceptions that companies have about the technology, and about each other (Yang and

Jarvenpaa, 2005). So, collective actions generate uncertainties about the belief of the

actions of other participating companies. Palamides (2004) names another factor in the

low level of trust. He says that shipping information is often competitive information.

There is no willingness between companies along the supply chain to share this

information. And therefore RFID will not smooth the process. The confidence in the

performance of other companies, and the willingness to share information can be defined

as collective trust.

Yang and Jarvenpaa (2005) presented a conceptual model of the role of trust in RFID.

This is presented in figure 8.

Figure 8: The conceptual model of trust (source: Yang and Jarvenpaa, 2005).

They say that the level of collective trust is important in the willingness to adopt RFID.

This collective trust increases if the alliance members have a history of repeatedly joining

the same alliances. It is possible that not every company is involved in the adoption of

RFID. This is expressed by the variable “user candidates vs. non-user candidates”. If the

subgroup of user candidates is a minority, then the collective trust among RFID user

candidates is higher than when the subgroup is a majority. If this is the case, they should

have higher trust among them and behave cooperatively with each other. When the

subgroup of user-candidates is higher than the non-user candidates, it is too large to

maintain homogeneity. Smaller salient groups become active, such as “reader users vs. tag

users”. The formation of these smaller social categories has a negative effect on

development of collective trust (Yang and Jarvenpaa, 2005).

� High dependence on external organizations: Hallwirth and Kogelnig (2005) name this

dependence as an important risk-increasing factor in RFID. It is closely related to the first

variable (trust), since trust encourages the commitment in a work environment with


34

multiple partners. The difference is in the fact that only the factor ‘trust’ is no guarantee

for a success. A company can never look into the future and see how partners perform and

what actions they take. Ibrahim (2006) defines dependence as follows: “dependence of

actor A upon actor B is (1) directly proportional to A’s motivational investment in goals

mediated by B and (2) inversely proportional to the availability of those goals outside of

the A-B relationship.” The dependence of an organization on a partner is determined by

the importance of the required resource in terms of utility and the substitutability of the

other organization in obtaining that resource.

� Low Maturity of RFID technology between companies: besides the dependence on

external organizations, Hallwirth and Kogelnig (2005) name another risk-increasing

factor. They say that the maturity of RFID applications at an intracompany level is very

low, and the process complexity will increase considerably. Also the know-how is very

limited because many projects in this field are only at a pilot stage. Guido van Osch

(interview Centric) confirms this. He says that there are very limited business cases of this

kind. This low maturity is closely related to the low maturity as described in paragraph

4.1.2. The difference is that the maturity is even less as RFID is implemented between two

or more companies.

� No efficient data sharing: a final risk in channel alignment can be the efficiency of sharing

data between partners. Until recently, no one really thought about the specifics of how to

efficiently share data between partners (over a Wide Area Network). The challenge is that

companies can access real-time data along the supply chain by sharing EPC. Today many

pilots use EDI (Electronic Data Interchange). The main problem of EDI is that only the

two connected parties can see the information. New partners can not join the partnership.

The goal would be to develop an architecture that makes information available for as

many partners in the chain as needed and authorized to view it [21].


Figure 9 presents the FTA model for channel alignment failure.


35

OR

OR

OR

Figure 9: FTA model channel alignment failure.

4.5 Differences in risk perception between literature search and the interviews

Literature search showed all possible data management risks that can occur in

implementing RFID. However this research method did not rank the importance of the risks.

The interviews with Centric, Phi Data and Oracle showed what they think are important risks.

Some differences are visible between the companies. The main reasons is the difference in

work they perform for customers. Centric is currently not yet implementing the technology, as

described in paragraph 3.2. And therefore they are more in line with literature search. Phi

Data is a solution provider, and Oracle aims at the Information Systems. The following table

gives an overview of the differences in risk perception between literature search and the

interviews.

Risk Centric Phi Data Oracle

1. Implementation failure

1.1 Missing capability to integrate new information X X X

1.2 Worse performing business processes X X X

1.3 Resistance to change X X

1.4 Problems in implementation with existing

applications

X

1.5 No mature market X X X

1.6 Missing technical expertise X X

1.7 Missing business cases X X X


36

Risk Centric Phi Data Oracle

1.8 Absence of management commitment

2. Low reliability

2.1 Corporate espionage X X

2.2 Destroying tags X X

2.3 Jamming X X

2.4 Many reads of 1 tag X X X

2.5 Tag read of wrong conveyor X X X

2.6 Reflection capability of packaging material X X X

2.7 Absorption capability of packaging material X X X

2.8 Failure as a result of the distance between tag and

reader

X X X

2.9 Failure as a result of the corner between tag and

reader

X X X

2.10 Failure as a result of place of tag on a package X X X

2.11 Interference X X X

2.12 Reader collision X X X

2.13 Tag collision X X X

2.14 Weather conditions X X X

2.15 Abrasion X X X

2.16 Production errors X X

3. Data overload

3.1 Tracking level too low X X X

3.2 Too many trigger actions X

3.3 Too much object tracking X X

3.4 Low network capacity

3.5 Too many readers

4. Channel alignment failure

4.1 Low belief of actions of participating companie(s)

4.2 Sharing of competitive information X

4.3 High dependence on external organizations X X X

4.4 No mature market X X X

4.5 Missing technical expertise X X

4.6 Missing business cases X X X

4.7 No efficient data sharing X X X

Table 4: Differences in risk perception.

Chapter 5 Risk Management

37

CHAPTER 5: RISK MANAGEMENT

The former chapter handled the risks of data management in RFID. It is important to

consider these before one implements the technology. Kopelchick [17] names some key

questions the internal auditor should consider. The following should be clear right now:

� Have key business environment risks been identified in the organization’s decision to

implement RFID?

� Have risks regarding data management and integrity been identified?

� Have key risks regarding network been identified?

� Are change management risks understood?

� Are current business processes mapped and understood prior to implementing any changes

made possible by RFID?

If the risks are clear, it is possible to take measures to mitigate these, in order to realize

the numerous benefits that RFID has to offer. This chapter offers a framework, in which risk

reducing possibilities are presented, so RFID can become a success. The Fault Tree Analysis

will be used, as described in paragraph 3.3. Step one to four of the FTA are already handled in

chapter 4. Only the last step has to be executed, which is called “Identify countermeasures for

each root cause”. This means that countermeasures will be described for each root cause in

the FTA models in chapter 4. One action points can be the input for more than one risk. The

risks of each of the four categories (implementation challenges, reliability, data overload and

channel alignment) will be handled separately in the following paragraphs. For clarity,

Appendix 10 gives a short overview of the root causes for each risk, and the accompanying

countermeasure(s).

5.1. Implementation failures

RFID offers lots of possibilities to improve the efficiency, reliability and the ease of

business processes. However, to use RFID to its full potential the implementation phase has to

be executed very carefully. Van Trier and Rietdijk (2004) name 4 phases (orientatation,

business case, technical tests and pilot & implementation) in the successful implementation of

RFID. Tidd, Bessant and Pavitt (2005) mention a fifth phase (learn). The phases will be used

as the starting point, for mitigating the risks as described in paragraph 4.1. The phases are

handled in the next sub-sections:

5.1.1. Phase 1: Orientation

In this phase, there is a first idea that RFID can be interesting for implementation in

your company. This is often the beginning of many internal discussions on the technology,

Chapter 5 Risk Management

38

whether to use it, and how to use it. Schermer (2006) names some important questions that

show up in this phase:

� What problems to solve with RFID in the company?

� What processes to improve with RFID?

� What new possibilities does RFID offer for the enterprise?

Appendix 5 names key performance metrics and related objectives. These can be the

input for the above mentioned questions. This phase should also give a realistic perception of

the technology, like the costs and the consequences of the implementation. The internet,

newsletters specialist journals, seminars and workshops offer a good input for being up to data

about all relevant information.

An important pitfall can be the management commitment, with the result that no budget

will become available for implementation. Van Trier and Rietdijk (2004) say that involving

them in the first phase is therefore of importance. Keep them up to data, give presentations,

and ask them for resources for the first phase (risk 1.8).

5.1.2. Phase 2: Business case

After the orientation, the business case can be build. The economic feasibility has to be

examined, since RFID asks for big investments. This is often very difficult. There are

currently not yet many success stories available, as mentioned in chapter 4. Van Trier and

Rietdijk (2004) name the following topics to be taken into consideration in this phase:

� The contribution of RFID to company goals: RFID can have four major company goals,

which are: higher profits, reduction of operational costs, improvement of quality and

security, and optimalisation of asset management. Before a prediction can be made of this,

it is important to consider the as-is process. What are the causes for the current

bottlenecks, or how can the as-is process be optimized. Gale et al. (2006) say that

companies will have to reexamine how supply chain decisions are made, and reengineer

processes, which will require a deeper understanding of how RFID impacts supply chain

dynamics and decision making (risk 1.2).

� The advantages it brings specifically to your company: the general advanta

data management risks of radio frequency identification (rfid) · this thesis focuses on data...

Documents