data management risks of radio frequency identification (rfid) · this thesis focuses on data...
TRANSCRIPT
-
Data Management Risks of Radio
Frequency Identification (RFID)
Master Thesis Information Systems and Management
R.H.L. Kanters
ANR: 319000
Tilburg University: 2007
-
Copyright
By
R.H.L. Kanters
2007
-
Data Management Risks of Radio Frequency Identification (RFID)
By
Ron Henricus Leonardus Kanters
ANR: 319000
Master Thesis
Presented to the Faculty of Economics and Business Administration
of Tilburg University
in fulfillment of the requirements
for the degree of
Information Systems and Management
Supervisor:
Weigand, Dr. H.
Tilburg University
February, 2007
-
Abstract
1
ABSTRACT
Radio-frequency identification (RFID), as an emerging technology, has generated
enormous amounts of interest in the supply chain arena. It can be used to significantly
improve the efficiency of business processes by providing the capability of automatic
identification and data capture. This automatic identification increases the volume of data
substantially as items leave a trail of data, while moving through different locations. Some
important challenges must be dealt with. How to handle all this new data? And what about the
reliability of the data? The quality of the data should be sufficient because business decisions
are made with these data. Another important issue is that business processes have to change
drastically as a result of implementing RFID. It is a complete new way of doing business,
which often needs a new approach.
The possibilities of RFID are handled in abundance in scientific literature. However
little attention is paid to the data management of RFID. This thesis focuses on data
management risks of RFID and provides risk mitigating actions for each identified risk. The
study can be described as a qualitative analysis. Literature search and some interviews are the
input for this qualitative study.
-
Preface
2
PREFACE
This thesis is written for the Tilburg University, in the Netherlands. In order to
successfully finish the last year of the study Information Systems and Management each
student is required to execute a last research, the Master Thesis. The study is part of the
faculty of Economics and Business Administration. The work has been done between October
2006 and February 2007.
I chose RFID as main topic to investigate in my Master Thesis. This topic is relatively
new in the retail industry, although it was already used in World War II. The reason for
choosing this research area is that it seemed very interesting to me. It has enormous
possibilities for improving the supply chain. After some general thinking I decided to specify
my research on the specific risks of data management of RFID, since I think this is
underexposed and widely spread. Much is written about all kinds of possibilities the
technology has, but RFID can only become a success if one understands the possible risks.
And as will be showed in this thesis, there are lots of risks regarding data management issues
in RFID.
For the accomplishment of this Master Thesis I received help from various persons. First
of all I would like to thank Hans Weigand, who was an excellent supervisor and answered my
questions whenever I asked some. Furthermore, I would like to thank Ruud Diekman (Phi
Data), Shintaro Nagaoka (Oracle) and Guido van Osch (Centric) for their participation in the
interviews. And finally I would like to thank Mr. Roberti, of the RFID journal, for answering
some specific questions about the technology.
Tilburg, 2007
Ron Kanters
-
Table of Contents
3
TABLE OF CONTENTS
List of Tables .........................................................................................................................5
List of Figures ........................................................................................................................5
Introduction............................................................................................................................6
Chapter 1: General Characteristics..........................................................................................8
1.1. Problem statement........................................................................................................8
1.2. Research question ........................................................................................................8
1.3. Research relevance ......................................................................................................9
1.4. Research goals .............................................................................................................9
1.5. Structure of the thesis.................................................................................................10
Chapter 2: Introduction to RFID ...........................................................................................11
2.1 What is RFID? ............................................................................................................11
2.2. Classification of RFID applications............................................................................12
2.3. How does it work? .....................................................................................................13
2.3.1. Tag characteristics...............................................................................................14
2.3.2. Reader characteristics..........................................................................................14
2.3.3. Enterprise system ................................................................................................14
2.4. RFID Standards .........................................................................................................15
2.5. The benefits of RFID .................................................................................................15
2.6. Successful case examples...........................................................................................16
2.6.1. Wal-Mart ............................................................................................................16
2.6.2. Johnson Controls.................................................................................................17
2.6.3. Vers Schakel .......................................................................................................17
Chapter 3: Methodology .......................................................................................................19
3.1. Literature search ........................................................................................................19
3.2. Interviews ..................................................................................................................20
3.2.1. Centric ................................................................................................................21
3.2.2. Phi Data BV........................................................................................................21
3.2.3. Oracle .................................................................................................................21
3.3. Fault Tree Analysis ....................................................................................................22
3.3.1. Introduction.........................................................................................................22
3.3.2. Fault Tree symbols..............................................................................................23
-
Table of Contents
4
Chapter 4: Risk Analysis ......................................................................................................24
4.1. Implementation failures .............................................................................................24
4.1.1. Introduction.........................................................................................................24
4.1.2. Factors influencing implementation failures ........................................................25
4.1.3. Visual presentation..............................................................................................26
4.2. Low reliability ...........................................................................................................27
4.2.1. Introduction.........................................................................................................27
4.2.2. Factors influencing low reliability .......................................................................27
4.2.3. Visual presentation..............................................................................................29
4.3. Data overload.............................................................................................................30
4.3.1. Introduction.........................................................................................................30
4.3.2. Factors influencing data overload........................................................................30
4.3.3. Visual presentation..............................................................................................31
4.4. Channel alignment failure ..........................................................................................32
4.4.1. Introduction.........................................................................................................32
4.4.2. Factors influencing channel alignment failure .....................................................32
4.4.3. Visual presentation..............................................................................................34
4.5 Differences in risk perception between literature search and the interviews.................35
Chapter 5: Risk Management................................................................................................37
5.1. Implementation failures .............................................................................................37
5.1.1. Phase 1: Orientation ............................................................................................37
5.1.2. Phase 2: Business case ........................................................................................38
5.1.3. Phase 3: Technical tests.......................................................................................39
5.1.4. Phase 4: Pilot and implementation.......................................................................39
5.1.5. Phase 5: Learning................................................................................................40
5.2. Low reliability ...........................................................................................................40
5.3 Data overload..............................................................................................................42
5.4 Channel alignment failure ...........................................................................................44
Chapter 6: Conclusions.........................................................................................................46
Chapter 7: Discussion and Future Work................................................................................48
Literature..............................................................................................................................50
Articles and Books ...........................................................................................................50
Internet sources.................................................................................................................53
Appendices...........................................................................................................................55
-
List of Tables and Figures
5
LIST OF TABLES
Table 1: RFID advantages over bar codes.............................................................................12
Table 2: Comparison of high and low frequency tags............................................................14
Table 3: Literature search approach used for answering the research question ......................20
Table 4: Differences in risk perception .................................................................................36
LIST OF FIGURES
Figure 1: Framework for classifying RFID applications........................................................13
Figure 2: A typical RFID system ..........................................................................................13
Figure 3: FTA model RFID failure .......................................................................................24
Figure 4: FTA model implementation failure ........................................................................26
Figure 5: FTA model low reliability .....................................................................................29
Figure 6: FTA model data overload ......................................................................................31
Figure 7: End-to-End Supply Chain Performance .................................................................32
Figure 8: The conceptual model of trust................................................................................33
Figure 9: FTA model channel alignment failure....................................................................35
Figure 10: Example of a SAN...............................................................................................43
-
Introduction
6
INTRODUCTION
Radio Frequency Identification (RFID) is a topic that is discussed more and more in the
past few years. It has the possibility to improve the supply chain, especially in the field of
retailing and logistics. By implementing RFID in a company, “process freedoms” and real-
time visibility is achieved (Angeles, 2005). RFID is the latest technology that is used for
precisely identifying objects. Radio waves are used to read an object’s markings in the form
of a unique identifying number stored on an attached or embedded chip (Borriello, 2005).
Implementing the RFID technology engenders a lot of potential risks. Literature search
showed that there is already much written about all kinds of risks. These are very divers in
nature, ranging from emotional to technical ones. Hulsebosch, Strating, Teeuw and Schaffers
(2006) say that the typical risks of RFID can be divided into technical, organizational, social
and economical risks. The next section gives a short overview of all kinds off risks per
category.
Technical risks are associated with possible problems of the equipment. It is important
that RFID produces reliable information, since business decisions are made on behalf of this
information. The security is also an important issue. Malicious people can cause damage to
the system. These attacks are relatively easy, since RFID works on radio waves. An example
is a radar detector, which can be used in a car. The machine sends interfering signals that
make it impossible to measure the speed of the car (Hulsebosch et al., 2006). Malicious
people can also clone less secured tags. This is especially possible in the case of a key as a tag
(Bono et al., 2005).
Organizational risks mainly deal with standards. They are an essential driver for the use
of RFID in open supply chain applications (Stam de Jonge, 2004). The problem is that many
different standards exist. Worldwide there are more than 120 different protocols in use for
reading the tags. The International Standard Organization (ISO) and EPCglobal (EPC) are
currently trying to create a structure in this (Hulsebosch et al., 2006). Other examples of
organizational risks are the health due to harmful radiation of radio waves, the health due to
consuming the tags by accident, nature damage due to the production of tags, the fall out of
tags and the fall out of the entire system (Hulsebosch et al., 2006).
The third category is social risks. Privacy issues are the most important in this category.
These arise when tags are attached to products or to individuals themselves. This way it is
possible to track individuals, anywhere, anytime. Buying patterns can be observed where a
customer has made multiple purchases. These are some reasons why RFID is often associated
with “big brother is watching you”. An often referenced case in this is Benetton. They were
-
Introduction
7
considering to put RFID tags in their clothing that can be read from a distance. CASPIAN
(Consumers Against Supermarket Privacy Invasion and Numbering) criticized Benetton’s
plans. Criticisms were: “People will know when I shop! What I bought…what size I wear!”.
Benetton decided to stop the trial. Another social risks is the negative atmosphere, since there
are many negative stories about RFID.
And finally there are the economical risks, which consist of system integration, data
management, costs and the growing differences between small and medium enterprises
(SME’s), and the “big companies”. The data management risk can be further split into two
categories. On the one hand Gonzalez, Han, Li and Klabjan (2004) recognize risks with the
volume of new data, since it is possible with RFID to track information on a single item level.
And on the other hand Yang and Jarvenpaa (2005) recognize risks with regard to the supply
chain view, since extending RFID beyond the organization is inevitable according to them.
The differences between SME’s and “big companies” originate because it are only the larger
companies that invest in RFID. Productivity differences will only increase as a result of the
use of RFID. Furthermore SME’s, as a supplier or buyer, are more or less forced to comply
with the RFID demands of the larger companies (Hulsebosch et al., 2006).
-
Chapter 1 General Characteristics
8
CHAPTER 1: GENERAL CHARACTERISTICS
This chapter describes the research that will be executed into detail. The first paragraph
discusses the problem statement. Next the research question will be handled, which will be
used in order to answer the problem statement. Also the demarcations of the research are
handled in this paragraph. The third and fourth section will subsequently handle the research
motive and goals of the research. The chapter will be concluded with the plan of research.
1.1. Problem statement
Data management of RFID is an important topic, since the technology creates enormous
amounts of data each day. It is important to handle this data in the right way. Only then it can
bring the expected business advantages. However this is not so straightforward, as RFID
increases the data amounts in a company strongly and business processes change drastically.
It is necessary to have the risks clear regarding data management, so that no unexpected
events can occur. Like already mentioned in the introduction, there are also RFID data
management risks regarding the supply chain view. Does this have consequences for the way
of handling the data? This is an important question to answer. Literature search showed a lack
of information regarding these topics. The following problem statement comes forward, as
input for this thesis:
“ RFID technology entails risks with regard to data management, which can have a
negative influence on the result of implementing the technology. ”
1.2. Research question
The following research question can logically be derived from the problem statement of
the first paragraph. This question will be the constant focus throughout this research.
“ What are data management risks in the field of RFID technology, and by what means
can these risks be reduced? ”
Some steps have to be taken successively in this report in order to be able to answer this
research question. These are:
1. What is RFID, and how does it work?
2. What are the reasons for using RFID?
3. What model will be used to answer the research question?
4. What are the data management risks of implementing RFID?
5. How to reduce these data management risks?
-
Chapter 1 General Characteristics
9
This thesis will only handle data management risks and ways to reduce these risks for
companies that use, or are planning to use the RFID technology. Risks for suppliers of RFID
and the government will be left out of consideration. Privacy risks are also not in the field of
interest for this paper. Furthermore, only risks for the retail sector are studied were goods are
followed throughout the supply chain.
1.3. Research relevance
More and more companies are considering to implement RFID in their company. This
appears from a report published at the end of December 2005, 2005 sales of RFID tags were
about 600 million, accounting for some $1.2 billion [1]. This number is expected to grow
considerably in the near future. In order to maximize the success one should be aware of all
risks. Privacy risks are handled in abundance with respect to the RFID question. However I
think the data management risk is underexposed and widely spread, as appeared from the
literature search I carried out. This thesis will provide new insights into the data management
problem. Important is the way the information should be managed in the individual company
and between companies along the supply chain.
1.4. Research goals
The potential benefits and features of implementing the RFID technology are handled by
many researchers. However I think it can only develop into a success if one looks also to the
potential risks of the technology. Companies should not only be obsessed by the promising
advantages it offers. If the risks of implementing the technology are known it is possible to
anticipate on these and to try to reduce these.
Implementing RFID brings on a wide scale of potential risks. The main interest of this
research is with regard to issues in data management. I think this is important, since the
volume of information generated by such systems can be enormous. Certainly if each item
will be tracked that moves through different locations. It is also of importance because RFID
is mostly used in a supply chain, with multiple suppliers and customers. An important
question is: how to handle the information in this chain effectively?
The research goal of this thesis is to give an overview of the data management risks of
RFID and to provide a framework for companies to minimize the risks of implementing the
RFID technology.
-
Chapter 1 General Characteristics
10
1.5. Structure of the thesis
This report consists of seven chapters. The second chapter gives an introduction into the
basics of RFID. What implies the technology? How does it work? And what are the potential
benefits for the company? These are the questions that will be answered in this chapter. Next,
chapter three will describe the used methodology, for answering the research question.
Chapter four will describe the data management risks of RFID into detail. And in the next
chapter a framework is provided to reduce these risks. Then, in chapter 6, the conclusions of
the thesis are provided. And finally, the thesis will be concluded with a discussion, in chapter
7. The future state of RFID is portrayed in this section.
-
Chapter 2 Introduction to RFID
11
CHAPTER 2: INTRODUCTION TO RFID
In this chapter the RFID technology will be introduced and explained. It will give a
good background for understanding the technology. The first paragraph handles the basic
principles of RFID. The second paragraph describes a framework for classifying RFID
applications. The third paragraph handles the components of the technology, and the way
RFID works. The fourth paragraph describes the possible benefits of it. And the chapter will
be concluded with some interesting case examples, for a better understanding of the working
of RFID in retail.
2.1 What is RFID?
Recently there is paid much attention to RFID, although it is not a totally new
technology as many people think. It was already used in World War II. Allied aircrafts carried
transponders that would acknowledge radar signals from friendly aircrafts (Chawathe, et al.,
2004). Since then it has followed considerable progression. The 50’s are known for the early
explorations of RFID. Developments of the theory were achieved in the 60’s together with the
start of field trials. Inventors were busy with RFID related inventions such as Robert
Richardson’s “Remotely activated radio frequency powered devices” in 1963 and J.H.
Volelman’s “Passive data transmission techniques utilizing radar beams” in 1968. In the 70’s
there is an explosion in the development of RFID. There was also a great deal of interest in
RFID from researchers, developers and academic institutions. Full implementations were
achieved. The greatest interest in the United States was for transportation and personnel
access. The 90’s were significant for the emergence of standards. An example of this is the
pan-European standard for tolling applications in Europe, were vehicles could pass toll
collection points without stopping. Video cameras were used for enforcement. An overview
of the history is presented in appendix 1 (Landt, 2001).
In its essence RFID is comparable with the traditional “Bar Code”. However RFID has
much more possibilities. These are stated in the table below.
Characteristic RFID Bar Codes Significance
“Line of sight”
or unobstructed
path between tag
and readers
Unnecessary Always
necessary
Labor is reduces when RFID
tags are applied to goods; they
need not be facing readers. Tags
can be read at great distances
without anyone running a
scanner over the tag as is
-
Chapter 2 Introduction to RFID
12
Characteristic RFID Bar Codes Significance
necessary with bar codes. This
makes it possible to instantly
take the inventory of a carton
without unpacking it
Effective range Varies with type
of tag
Limited High-frequency RFID readers
can operate at great distances
Processing speed Signals from
multiple tags are
received and
processed in
rapid succession
Reads one at a
time
RFID readers can process greater
quantities of goods much faster
Multiple
capabilities
Can “write”
information on
certain RFID
tags, as well as
“read” it
Not applicable In contrast to bar codes, certain
RFID tags with read/write
capabilities allow the
information on the tag to be
modified. For example,
quantities can be updated when
items are added or removed from
a pallet
Resistance to
adverse
conditions
Can read and
transmit data
through soot or
dust
Easily obscured RFID systems can be used
outdoors and in less-than –
optimal indoor conditions
Table 1: RFID advantages over bar codes (source: Davis and Luehlfing, 2004).
2.2. Classification of RFID applications
RFID is mainly used for identification (like access control), authentication (like the
payments of small amounts such as highway tolls), preventing shoplifting and tracking and
tracing (of products, people and animals). But the possibilities are going much further, like a
combination of RFID tags with sensors for measuring temperatures and humidity. An
example is the Schuitema case, where the temperature of perishable products is monitored
(see paragraph 2.6.3). RFID has the promise to unleash a revolution in the field of efficiency,
comfort and security (Schermer, 2006; Hulsebosch et al., 2006). Also it is possible to
implement the RFID chip in a human body. Currently the Dutch government is considering
equipping ‘TBS’ers’ with chips. This makes it possible to track them, if one tries to escape.
Figure 1 represents a framework for classifying RFID-applications.
-
Chapter 2 Introduction to RFID
13
Figure 1: Framework for classifying RFID applications (source: Asif and Mandiviwalla, 2005).
At present only the “big companies” are testing with the RFID technology. A major
reason for this is that the costs for implementing RFID are still relatively high. At current
prices it is not affordable for SME’s to use the technology. It is expected that prices will
decrease as manufacturing technologies improve. Roberts (2006) predicts that 10 billion tags
will be used annually by the end of 2007 (currently this is about 6 billion) and 1 trillion will
be used in 2015. Appendix 2 shows that the costs of tags are about $ 0.23 cents. In 2009 the
costs will drop to 5 cents per tag. This is the cut-off were RFID will be used on a wide scale,
according to Hulsebosch et al. (2006). By 2011 the costs of tags will drop to 1 cent. RFID will
then be used on a case level.
2.3. How does it work?
An RFID system allows data to be stored and modified, to provide the business with
intelligence. It uses radio waves to identify individual physical objects. Roberts (2006) says
that a typical RFID system consists of a tag, a reader and an enterprise system. This is
depicted in figure 2. The components are handled separately in the following sub-sections.
Figure 2: A typical RFID system (source: Roberts, 2006).
-
Chapter 2 Introduction to RFID
14
2.3.1. Tag characteristics
RFID tags can be passive, active or semi passive. Active tags use a battery. By using
this power source a tag is able to receive a weak radio signal and sent an answer over a larger
distance. A disadvantage of an active tag is the lifespan of the battery and the price per tag.
Passive tags on the other hand do not consist of a battery. This means that the tag is powered
by the electromagnetic waves sent out by a reader. A third category is the semi-passive tags.
These use both the battery and the waves sent out by the reader. They are particularly used to
improve the intelligence and capacity of the chip. Passive tags use lower frequencies than
active tags. Differences between high and low tag frequencies are:
Tag
frequency
Relative
range
Transmission
rates
Power
consumption
Relative
cost
Environmental
susceptibility
Low Shorter Lower Lower Lower Lower
High Longer Higher Higher Higher Higher
Table 2: Comparison of high and low frequency tags (source: Asif and Mandiviwalla, 2005).
The chip in a tag can either be read-write or read-only. Read only tags contain data that
can not be changed. A read-write tag can store new information on its chip. These tags are
more expensive, and are used for higher-value products (Angeles, 2006).
2.3.2. Reader characteristics
A reader is a machine that can read tags, by sending radio signals. Tags that are in the
range of distance can react to this signal. In order to read passive data, the reader sends radio
waves to them. The tags energize them and start broadcasting the data. The reader consists of
an antenna, which creates the magnetic field with the tag’s antenna. After receiving the
information from the tag, the reader checks, codes and saves RFID-data. RFID-readers can
both be attached to something, like a door or shelf, or they can be mobile, like a handheld or
PDA (Asif and Mandviwalla, 2005 ; Schermer, 2006).
2.3.3. Enterprise system
Finally, a RFID system consists of an Enterprise System (like ERP or CRM) were
employees can use the information gained with RFID. Before it is possible to use this
information the data needs to be filtered and prepared for use. For that often middleware-
solutions are being used. Middleware-tools are also used to manage RFID data by routing it
between tag readers and the systems within the businesses. Middleware solutions filter
duplicate, incomplete and erroneous information that it receives. They hide the complexity
and implementation details of RFID for the enterprise system. This allows users of the
-
Chapter 2 Introduction to RFID
15
analytical system to focus on the business implications of RFID. Analytical systems consist of
databases, to which the tags are linked. This happens through the EPC standard, as will be
described in the next paragraph. The enterprise systems contain valuable information for
making decisions. An example of this can be decisions for inventory management
(Karygiannis, 2006). Brown and Wiggers (2005) say that this is the layer at which
competitive advantage will be won or lost.
2.4. RFID Standards
As already mentioned in the introduction, there are many different standards for RFID.
These standards often differ per country and industry (Hulsebosch et al., 2006). Without
global standardization the growth of RFID will be limited. Generally there were two
organizations working on global standards for RFID, namely EPCglobal and ISO.
EPCglobal is an open standard and was first developed by the Auto-ID Center. The goal
is to lower the costs of using RFID, so that the technology can be used for single item tracking
(EPCglobal, 2006). Central in the EPCglobal standard is the universal unique identification of
individual items. This unique number is called the Electronic Product Code (EPC). The
connection of the unique EPC code to relating information is executed by an Object Name
Service (ONS). It directs computers to information about the item associated with the code.
EPCglobal is mainly active in developing standards for RFID frequencies, interfaces, RFID
identifiers, and the processing of RFID data.
ISO is currently trying to create a structure in the big number of different protocols used
in the world. Its main focus is on standardizing the wireless interface between de tag and the
reader for different RFID frequencies. Aspects like data storage, structure of RFID identifiers
the physical implementation of tags and readers are not handled (Hulsebosch et al., 2006). In
the field of RFID frequencies, ISO and EPCglobal are currently closely cooperating.
2.5. The benefits of RFID
Implementing RFID offers a lot of benefits for companies. Brown and Wiggers (2005)
say that there are four primary reasons to adopt the technology:
1. Improved control of stock and other assets as they move within the organization: it is
possible to monitor goods constantly. In this way it is much easier to watch the number of
products in stock. Costs will drop considerably, because less stock is needed.
2. Improved efficiencies in the supply chain: the increase in efficiencies can be realized
because of the faster, more accurate and automated information exchanges between firms
across the supply chain.
-
Chapter 2 Introduction to RFID
16
3. Tracking of shipments: with RFID it is possible to track the shipment of goods through
the supply chain. This enables the companies and customers to track the location of
products. Customer can look to the time it takes before goods will arrive.
4. Reduced shrinkage / theft: tags can be attached to guard against theft. Reduced theft leads
to less material losses. This again leads to fewer insurance claims and less administrative
work.
Although it is not directly an advantage for companies, the article of Brown and
Wiggers (2005) name another reason to use RFID. Some major retailers want the whole
supply chain, including the smaller companies, to use the technology. A good example of this
is Wall Mart. They announced that it wants its top 100 suppliers to begin fitting their cases
and pallets with RFID tags.
2.6. Successful case examples
In this paragraph some successful cases will be presented. This gives a better insight
into the way RFID is used and the advantages that the technology can bring to a company.
2.6.1. Wal-Mart
Wal-Mart (the biggest retailer in the world) announced in 2003 that it wants its top 100
suppliers to fit RFID tags to their pallets and cases, as from January 2005. Estimated initial
savings and benefits were:
� $ 6.7 Billion in reduce labor costs (no barcode scanning is anymore allowed).
� $ 600 Million in out-of-stock supply chain cost reduction.
� $ 575 Million in theft reduction.
� $ 300 Million in improved tracking through warehousing and distribution centers.
� $ 180 Million in reduced inventory holding and carrying costs.
Two months after RFID was implemented on a large scale Linda Dillman, CIO at Wal-
Mart, confirmed that it was a big success. Only a few suppliers did not reach the deadline, due
to some technical issues. Recent research showed that out-of-stock is decreased with 16%.
The way it works: tagged pallets and cases of suppliers will arrive at the regional
distribution centers of Wal-Mart. Here, the readers at the dock doors will automatically scan
the tags. The scanned data will be passed to an application that will inform the retailer’s
operations and merchandising teams and the products’ suppliers that the specific shipment has
arrived. At the distribution centre cases will be removed from the pallets and processed. Next
-
Chapter 2 Introduction to RFID
17
cases are trucked to the Wal-Mart stores. When tagged cases arrive, they will be read and
automatically confirm the arrival of the shipment [2].
2.6.2. Johnson Controls
Johnson Controls produces automobile seats for New United Motor Manufacturers
Incorporated (NUMMI), which is a joint production facility of Toyota and General Motors.
NUMMI uses the Just-In-Time (JIT) method for producing their various vehicles, in order to
eliminate waste.
Because of this JIT method Johnson Controls has to make about 12 deliveries daily.
These deliveries must be in time. Every hour Johnson Controls receives seat orders, in the
form of a serial number list. This list is needed to determine the order in which the seats have
to be delivered, since different car types are produced on a single production line
successively. Before using RFID, Johnson Controls used an ID system that involved basic
clipboards and checklists, located with operators at each station of production, inventory and
production. RFID eliminated the human errors that existed in the old system. This was
necessary because NUMMI allowed only a certain amount of mistakes and Johnson Controls
was not far of this number. Also the time savings and flexibility improved impressively by
using RFID [3].
2.6.3. Vers Schakel
“Vers Schakel” is a project in the Netherlands in which the participants Schuitema
(central organization behind C1000, supermarkets), Heemskerk, Centraal Bureau
Levensmiddelenhandel (CBL), KPN, Capgemini and Wageningen University and
Researchcentrum (WUR) are participating. In 2005 they won the RFID innovation price,
because of the innovative character and the combination between RFID and temperature
measurement. René Bakker, manager of Logistics and IT of Schuitema and initiator of the
project, says the following:
“ We expect to increase our lead in logistics. Especially in the field of fresh vegetables we
think to improve the quality for customers of the C1000 supermarkets. “
The way it works: RFID chips are attached to CBL-crates, in which packages of freshly
cut vegetables of Heemskerk are transported. On a number of locations at Heemskerk and
their trucks, the distribution centre of Schuitema and the C1000 supermarkets RFID readers
are placed. The data that is produced will be send through the networks of KPN to a central
database. All participants can consult this data. Products can be followed to the shelves of
-
Chapter 2 Introduction to RFID
18
C1000. It is easy to check the shipment with the placed order wireless, even before the truck
is loaded. The WUR can predict the sell-by date on the basis of the temperature information
during the whole chain. This way the methodology First Expired First Out can be applied.
This means that the overall freshness of the products will increase [4].
-
Chapter 3 Methodology
19
CHAPTER 3: METHODOLOGY
This chapter is dedicated to the methodology used in this thesis. The data collection and
data analysis are being discussed, in order to answer the central research question. The report
is a form of external validity. This means that the results hold across different experimental
settings, procedures and participants [5]. Concretely, it can be said that de RFID risks hold for
all companies across the world, using the technology.
A qualitative study will be executed. This refers to gathering relevant information in a
narrative form, through literature search and interviews. The literature search is discussed in
the first paragraph. The second paragraph handles the interviews. And the chapter will be
concluded with an introduction into the Fault-Tree-Analysis (FTA). This is a methodology
that will be used in this thesis in order to analyze the risks of RFID.
3.1. Literature search
An important purpose of the literature review is to ensure that no important variable,
that has in the past have been found repeatedly to have had an impact on the problem, is
ignored (Sekeran, U. 2003). Analyzing case studies is an important input for this literature
search. This is a particular method of qualitative research. It involves an in-depth, longitudinal
examination of a single event: a case. However, it must be said that there are not much
business cases available of failures of RFID, as appeared from literature search and the
interviews. The literature search included a search in divers books used during my study and a
search on the World Wide Web, were international journals, some smaller journals and
general information were searched. On the Internet some relevant keywords were defined, for
finding the relevant information. Several search engines were used for this. This is
summarized in table 3.
Research strategy Description
Used key words “RFID”, “RFID risks”, “RFID data risks”, “RFID risk
management”, “RFID data management”, “RFID
supply chain risks”, “RFID implementation risks”,
“RFID reliability”, “RFID middleware”
Time period October 2006 until February 2007
Search engines www.google.com, www.altavista.com,
www.findarticles.com, www.rfidjournal.com
-
Chapter 3 Methodology
20
Research strategy Description
Scientific on-line literature
data bases
- Google Scholar
- Online Contents UVT
Table 3: Literature search approach used for answering the research question.
3.2. Interviews
As already said in the introduction of this chapter, some interviews are executed. The
focus in these interviews is on the particular risks RFID in data management, and on ways to
reduce these risks. A specific goal is to compare the results of the interviews with the
literature search. Interesting is to see if there are any differences between the two groups.
These differences are handled in paragraph 4.5.
I will use a form of non-probability convenience sampling for selecting the
interviewees. This refers to the collection of information from members of the population (all
companies using RFID) who are conveniently available to provide it (Sekeran, 2002). The
main reason to use this technique is because there is no necessity to obtain information from
specific target groups. Every company shares the same RFID risks.
There are different techniques for interviewing. I will use the non-scheduled technique.
These interviews are so labeled because the interviewer does not enter the interview setting
with a planned sequence of questions to be asked of the respondent, although some
preliminary issues will be brought to the surface. During the interviews it will be determined
what variables need further in-depth information. In this kind of interview technique it is
important to be well prepared. Therefore, the literature search should be carried out first.
Interviews can be held either face-to-face, over the telephone or online. In the research I
carried out one telephone interview, with Centric. And two face-to-face interviews, with Phi
Data and Oracle. The main advantage of these interviews is that I can adapt question, clarify
doubts, and ensure that the responses are properly understood, by repeating or rephrasing the
questions. It has the least biases. Because people have to be interviewed face-to-face it is
important that the companies are established in the Netherlands. Interviewees should not be
geographically to far away, because of costs and time available. The next sub-paragraphs give
an introduction into the interviewed companies. Except these two interviews, I also had E-
mail contact with Mr. M. Roberti, about some specific questions of risks and risk mitigating
factors. M. Roberti is the founder and editor of RFID Journal. This is an independent media
company devoted solely to RFID and its many business applications. Their mission is to help
companies use RFID technology to improve the way they do business.
-
Chapter 3 Methodology
21
3.2.1. Centric
The core activity of Centric is consultancy, IT solutions, software engineering, e-
business, systems integration, managed ICT Services and training. They offer these total
solutions for diverse branches, under which the government, financial services, housing
agency, trade businesses and industry. The solutions are provided together with renowned
partners, for the guarantee of high quality solutions and services. The company (established in
1978) has offices in the Netherlands, Belgium, Germany, and Norway. About 5.100 persons
work for Centric [6].
Centric does not implement RFID solutions at the moment in retail, wholesale and
transport, although they are following the technology very closely. They can be identified as a
knowledge base. Diverse companies, like Schuitema and Hema, triggered the company for
doing this. Centric is a member of the platform RFID Nederland, which shares knowledge in
the field of RFID. The interview was held on the 23rd of November 2006 with Mr. G. van
Osch, by telephone. He has set up a RFID Knowledge Center and initiated a research program
in the field of RFID. Centric owns a portal, in which they report to their customers about
RFID. For this thesis I got access to this portal. Some useful information was collected from
this. A summary of the conversation is reflected in appendix 6.
3.2.2. Phi Data BV
Phi Data can be described as a solution provider for customers requiring high quality
automatic identification- and print systems. The company was established in 1981, and has
nowadays offices in Woerden (Netherlands), Wemmel (Belgium) and Windhof
(Luxembourg). Business processes can be optimized with these products, and costs can be
reduced. Products range from barcode scanners and portables to radio frequency data
communication (RFDC) and RFID, and a wide range of printers. Because of intensive
cooperation with ERP / WMC suppliers, Phi Data is able to propagate the Solution Provider
Philosophy [7].
For this report I interviewed Mr. R. Diekman, face-to-face. He is a senior consultant,
and gives training sessions. His specialism is in divers RFID techniques. The conversation
was held on the 30th of November 2006, in Woerden. The conclusions are reflected in
appendix 7.
3.2.3. Oracle
Oracle’s core business is information – how to deal with it, use it, share it and secure it.
For almost three decennia Oracle (the largest supplier of business software in the world)
offers the software and services that make sure that organizations have the most actual and
accurate information present within their business systems. Three principles are central in
-
Chapter 3 Methodology
22
their vision for having the best information available. The first is simplification, which means
fast information transfer with integrated systems and only one database. The second is
standardization. This means less costs with open, simple accessible components. And the third
principle is automation, which means improvement of operational efficiency with technology
and good training [8].
Oracle transform retail supply chains with RFID into consumer-driven demand
networks, and improves efficiencies and business processes in industries ranging from
healthcare to defence. The difference with Phi Data is that Oracle concentrates on the
information systems, whereas Phi Data offers total solutions. The interviewee was Mr. S.
Nagaoka. He is Principal Product Sales Consultant of Oracle Netherlands. The interview was
face-to-face in De Meern, on the 2nd of January 2007. Appendix 8 gives an overview of the
interview.
3.3. Fault Tree Analysis
3.3.1. Introduction
In order to analyze the data management risks of RFID, a Fault Tree Analysis (FTA)
will be applied throughout this paper. Dugan et al. (2002) describe this approach as a top-
down analytical technique, whereby an undesired state of the system is specified, and the
system is then analyzed in the context of its environment and operation to find all realistic
ways in which the undesired event can occur. The approach reflects in visual models how
logical relationships between equipment failures, human errors, and external events can
combine to cause specific accidents.
Although FTA is highly effective, it must be said that the analysis has three limitations
[9]. The first is the narrow focus. FTA examines only one specific risk. If more risks are
analyzed, more fault trees must be developed. The second limitation is called art as well as
science. The level of detail varies per researcher. However, different analysts should produce
comparable results. And the third limitation is the complexity of making statistical predictions
about future performance. Only highly skilled researchers can perform such quantifications.
This last limitation does not apply in this thesis, since no statistical predictions will be made.
The procedure for performing a FTA consists of the following five steps [10]:
1. Define the system of interest: the fault tree analysis focuses on ways in which a system
can fail to perform a specific function. Clearly defining that function is an important first
step. This means specifying the problem of interest that the analysis will address. This is
the box at the top of the diagram.
2. Identify critical failures or ‘faults’ related to the component: determine events and
conditions that most directly lead to the TOP event. This should be a small step towards
-
Chapter 3 Methodology
23
the underlying contributors to the problem of interest. Avoid jumping into detail in this
stadium.
3. Identify causes for each fault: list all possible causes for faults below the faults.
4. Work towards a root cause: continue identifying causes for each fault until you reach a
root or controllable cause. The model is complete when each branch of the fault tree has
been pursued to the lowest level of resolution deemed necessary by the analyst.
5. Identify countermeasures for each root cause: create boxes for each countermeasure. Draw
the boxes below the appropriate root cause and link the countermeasure and cause.
3.3.2. Fault Tree symbols
The following symbols will be used for the fault tree analysis:
Basic event – A basic initiating fault requiring no further
development.
OR – Output fault occurs if at least one of the input faults occur.
AND
AND – Output fault occurs if all of the input faults occur.
Transfer in – Indicates that the tree is further developed, in another
section of the report.
Transfer out – Indicates that this portion of the tree must be attached
at the corresponding “transfer in”.
-
Chapter 4 Risk Analysis
24
CHAPTER 4: RISK ANALYSIS
Unfortunately, both change and complexity of RFID systems generate risk. The focus of
this chapter is on typical risks of data management in RFID. These risks are analyzed by using
the Fault Tree Analysis, as describe in paragraph 3.5. From the literature search and the
interviews it appeared that the risks of RFID can be classified into four main categories:
� Implementation failure: these are risks associated with “change” in a company.
Implementing the RFID technology means that the processes in a company will be
executed in a different way. What are the potential risks of implementing these new
processes?
� Low reliability: these are risks associated with the performance of the technology. What
potential factors can have a negative influence on the quality of the data?
� Data overload: these are risks associated with the huge amount of data. What are the
potential risks of the enormous increase in data on the network?
� Channel alignment failure: these are specific risks that come forward when RFID is
implemented between two or more companies. What are the potential risks of the supply
chain view, while implementing RFID?
The main FTA is depicted in figure 3. The following paragraphs, will handle each risk
separately.
Channel
alignment failureData overloadLow reliability
Implementation
failure
RFID failure
Figure 3: FTA model RFID failure.
4.1. Implementation failures
4.1.1. Introduction
Products that are equipped with RFID tags can be identified easily, at a distance. A
result is that business processes can be executed more efficient, safer, and more effective.
-
Chapter 4 Risk Analysis
25
However implementing RFID entails a lot of potential risks in the field of implementation the
technology itself. These risks are handled in the next section.
The risks of implementing RFID is bigger if a direct link to the mission of the
organization is present (Karygiannis et al., 2006). Organizations whose core business is
logistics stand the most to lose when their supporting RFID systems fail. If an organizations
primary mission is outside these areas, the impact is much less important. An example is a
hospital whose primary mission is patient care.
4.1.2. Factors influencing implementation failures
The following factors have an influence on the implementation risks:
� Stuck to current business processes: Existing business processes have to be considered
before implementing RFID. Implementing this technology means that these business
processes will change drastically, and new business processes will be created. To take full
advantage of the potential of RFID companies should re-examine how supply chain
decisions are made and reengineer processes which will require a deeper understanding of
how RFID impacts supply chain dynamics and decision making (interview Centric). Firms
that have unpredictable equipment, unreliable manufacturing processes, long supplier
lead-times, and facilities with long and variable flow times should not start implementing
RFID. Hallwirth and Kogelnig (2005) say that RFID is not just a cure for worse
performing business processes. RFID may even make things worse, since companies have
to deal with new processes and lots of new data. Companies must be able to collect large
volume of data effectively to create “information”. It must be absorbed in the company
efficiently to use it to its full capacity.
Another pitfall that should be taken into consideration is that many IT implementations
fail because people won’t change their “way of working”. This is important since RFID
requires to modify business practices that probably have been in place for a very long time
(Asif and Mandiviwalla, 2005).
� Problems in Integration with existing applications: RFID technology brings on a lot of
new technology in a company. This equipment has to be integrated with existing
applications for the tracking and monitoring of products, like ERP systems (Wang and
Liu, 2005). These ERP systems should provide the companies with knowledge. Therefore,
Mr. Nagaoka (interview Oracle) thinks these information systems are the main business
driver of RFID. An example of a failure is the ‘Vers Schakel’ case. They chose a
relatively small company as a partner, since they already realized a successful comparable
case. However the ERP-system did not work as expected (interview Oracle).
-
Chapter 4 Risk Analysis
26
� Low maturity of technology: A hardware survey, carried out by Logica CMG (2005),
showed that the market for RFID technology is widely spread. There is no mature market
at the moment. The current vendor landscape is difficult to understand for end-users. The
reason for this is the variety in RFID components required and different vendor strategies.
The survey also showed that the availability of technical expertise about RFID technology
is limited, because of the early stages of the market. Paul Stam de Jonge (2004) and Gale
et al. (2006) agree with this statement. They say that large-scale implementations have not
been carried out yet. There is a lack of referenced case studies that document failures and
lessons learned. Mr. van Osch (interview Centric) also addressed this problem. He says
that “success stories” are currently missing. There are lots of pilots, but not many working
systems.
� Absence of management commitment: This risk is closely related to the first risk (current
business processes). The commitment of management is often a challenge in the adoption
of a new technology. Without their support it is not likely that RFID will become a
success (Gale, et al., 2006). The interviewees don’t see this as a problem. The reason is
that the RFID trigger should come from the companies themselves. If companies decide to
implement RFID, the commitment should not be an issue.
4.1.3. Visual presentation
Figure 4 shows the FTA model for the implementation failures.
OR
OR
OR
Figure 4: FTA model implementation failure.
-
Chapter 4 Risk Analysis
27
4.2. Low reliability
4.2.1. Introduction
The reliability is an important issue for businesses to engage in RFID. In brief,
reliability has to do with the total performance of RFID equipment. Visser and Goor (1999)
say that the reliability improves strongly, if the number of human mistakes is reduced. In
practice, it appeared that this error rate is highly dependent on entering the same information
at different places (supplier, transporter, buyer). RFID should overcome this problem. A 100
% reliability is strived for. However the equipment often does not work well enough at the
moment. The accuracy of some readers is even below 90 % [11].
4.2.2. Factors influencing low reliability
The reliability of the data produced by RFID depends on a number of factors. Generally
these can be divided into two subgroups, namely malicious attacks and risks of the technology
itself. The malicious attacks are handled first.
Many organizations know who might attack their RFID application in the future. They
also see the need to implement countermeasures against these malicious attacks. An example
of an adversary is an employee who was fired in the past. However, other organizations
should proceed with caution because for them it is not known who may be an adversary in the
future. It must also be said that organizations with a high public profile are more likely to be
targeted by malicious individuals or groups (Karygiannis et al., 2006). Factors influencing the
reliability are:
� Corporate espionage: this means the interception of RFID transmissions, with directional
antennas. Distances between 10 and 100 meters are possible. Corporate espionage makes
it possible for competitors, media, private investigators or information brokers to track the
inventory (Roberts, 2006).
� Destroying tags: Australian researchers succeeded in destroying RFID tags, by sending
lots of signals on different radio frequencies. Sending these signals meant that the tags
could not reach the scanners. The attacker should however send the signals within the
range of only a few meters [13]. Hulsebosch et al. (2006) discusses other ways of
destroying tags. First, by sending high frequency signals, tags can got burned. And
Second, by sending deactivation codes to the tags.
� Jamming: this is a term for sending interfering signals. Because the system uses the
electromagnetic spectrum, it is relatively easy to jam. By this means it is possible to
disturb business processes. The damage can be bigger as a company is more dependent on
using RFID [14].
-
Chapter 4 Risk Analysis
28
The second category concerns reliability risks associated with the use of the RFID
technology. An important question is: is the technology implemented to its full capabilities?
The factors that can have a negative effect on the result of using RFID should be familiar.
These are:
� False reads: This category can be further split into two categories. The first is called
‘false positive’. This occurs when a tag passes within the range of the reader, but it was
not intended to be read (Laddhad, 2006). It is for example possible that one tag is read 50
times as it moves through a portal. Another example is that a reader on conveyer 1 reads
tags from conveyer 2.
And the second category is ‘false negative’. This one occurs when a valid tag passes
within the range of an RFID reader, but the reader does not read the tag [15]. One of the
main reasons for the false negatives is the reflection and absorption of the radio waves.
Only working tags are part of this category. Damaged tags are handled separately, farther
on in this paragraph. Cornelissen (2005) names five variables which influence the
readability of RFID-tags. These factors came forward at a RFID pilot health at a
distribution centre in Tilburg of Sony. The factors are:
1. The reflection capability of packaging materials.
2. The absorption capability of packaging materials.
3. The distance between the tags and the antennas.
4. The corner between tag and antenna.
5. The place of the tag on the product or package.
Literature search showed another factor, namely ‘interference’. This is a form of “denial
of service” that is caused by the interference with other radio signals. The reader is not
able to read the tags (Roberts, 2006).
� Collisions: Collisions can be split into reader collisions and tag collisions. Reader
collisions occur when signals from one reader interfere with signals from another reader
when their coverage overlaps (Angeles, 2005). Tag collisions occur when many tags are
present in a small area. The reader is not able to process this (Hulsebosch et al., 2006).
� Damaged tags: Tag performance is a major concern to companies nowadays, as
manufacturers still produce faulty tags. Failure rates in early RFID pilots have been as
high as 20% to 30%, while a 100% reliability is strived for [15]. Another survey [12] also
reported about this problem. It concludes that many chips are damaged at the moment of
attaching them to the antenna. Because of these high fall out rates, one should not talk
about the price of tags but about the working tag price. Many factors have an influence on
this tag-performance, like weather conditions (temperature or humidity), abrasion and
production errors.
-
Chapter 4 Risk Analysis
29
4.2.3. Visual presentation
The FTA for reliability risks is depicted in figure 5.
2.5 Tag read of
wrong conveyor
2.4 Many reads
of 1 tag
Low reliability
Malfunction of
RFID technology
Maliscious
attacks
2.3 Jamming2.2 Destroying
tags
2.1 Corporate
espionage
2.11 Interference
Damaged tagsCollisionsFalse reads
1.10 Failure as a
result of place of
tag on a package
2.9 Failure as a
result of the
corner between
tag and reader
2.8 Failure as a
result of the
distance between
tag and reader
2.7 Absorption
capability of
packaging
material
2.6 Reflection
capability of
packaging
material
False negativeFalse Positive 2.13 Tag collision2.12 Reader
collision
2.15 Abrasion2.16 Production
errors
2.14 Weather
conditions
Figure 5: FTA model low reliability.
-
Chapter 4 Risk Analysis
30
4.3. Data overload
4.3.1. Introduction
By placing RFID readers it is possible to track the movement of individual items or
pallets. This makes it possible to carry out business processes much more efficiently.
However this has a major drawback. RFID readers are continuously reading the data on tags
at periodic instances. This means that data is growing enormously, what can lead to data
overload. This data overload causes troubles to information infrastructures for storing,
transmitting, and processing data (Hallwirth and Kogelnig, 2005 ; Wiggers, 2005). The old-
fashioned bar codes did not have these problems, since they only scan information when
someone passes a printed label in front of a reader.
Wal-Mart is one of the biggest companies that is using RFID for some time now.
Laddhad (2006) reported about a survey, executed by Venture Development Corporation
(VDC), in which they predict that 7 terabytes of data is generated every single day at Wal-
Mart.
Hulsebosch et al. (2006) present another simple example of a sum: A big retailer uses
RFID tags on a product level. The number of products that has a tag attached is 1 billion. One
tag produces 12 bytes. This means that the number of scanned data for these products
amounts for 12 Gbytes (1 billion * 12 bytes). If products are scanned every 10 minutes for
tracking and tracing purposes, per day there will be 720 Gbytes generated (12 Gbytes * 6 time
per hour * 10 hours a day). A lot of this data will be double and thrown away. But the fact is
that everything has to be processed (revise, throw away, react, etc.).
4.3.2. Factors influencing data overload
Unwanted network traffic in RFID comes from several sources and often contributes to
unnecessary processing by devices throughout the network affecting the “open highway” for
users. Network traffic is closely related to the data problem. It is a result of all information
sent over the network. Brown and Wiggers (2005) identify three causes that directly affect the
network traffic:
� Tracking level too low: the object where the tag is placed on can have a major influence
on the amount of data captured. Tracking at item level generates for example more
information than tracking on pallet level, or container level. Although it has nothing to do
with the risks of data amounts there is one issue that should be addressed. RFID is capable
of tracking pallets of inventory, but most firms work with mixed pallets. RFID does not
address this business concern (Palamides, 2004).
� Too many trigger actions: RFID systems often generate business events, where scanning
of a tag causes an alert in the system. Communication to existing ERP systems is needed
-
Chapter 4 Risk Analysis
31
ideally in real-time [16]. An example is notifying a customer of the status of a shipment.
These events also increase the volume of data carried over the network.
� Poor network performance: the volume of data flowing over the network is not just a
factor of the number of tags in circulation. The tags often contain only a location (EPC) of
the related information that is stored elsewhere on the network. This means that a tag read
can generate the sourcing and retrieval of data stored elsewhere on the network, known as
object tracking. In this architecture, data processing occurs on the supporting systems to
which RFID is connected. Karygiannis (2006) says object tracking in combination with
network capacity has a negative influence on the network performance. This makes
accessing data on tags a more reliable approach.
Wang and Liu identify another cause. They say that “too many readers” have a negative
effect on data overload risks. Each reader is uniquely identified in a process. The number of
readers is a factor in the amount of data. Companies have to decide on which tactical locations
to place them. Too many readers lead to much dynamic data, which changes often. Dynamic
data contains data for tracking items through the supply chain (Wang and Liu, 2005).
4.3.3. Visual presentation
The FTA for the data overload risk looks as follows:
OR
AND
Figure 6: FTA model data overload.
-
Chapter 4 Risk Analysis
32
4.4. Channel alignment failure
4.4.1. Introduction
Supply chain management (SCM) is an often mentioned factor in RFID. It offers the
potential to improve supply chain performance due to its ability to provide rich and timely
information that increases visibility and control over the supply chain (Gale, Rajamani and
Sriskandarajah, 2006). The end-to-end supply chain can be defined as a network of entities
(like retailers, distributors, transporters storage facilities and suppliers) that work together to
fulfill a customer request (through the production, delivery and sale) of a product or service.
Appendix 5 shows key supply chain performance metrics. RFID can help in improving these.
The supply chain focus is on two aspects. The first is improving coordination of
physical and financial flows in order to reduce cash cycles. And second extending supply
chain optimization efforts to external partners (Österle, Fleisch and Alt, 2001). In this paper
the focus is on the last point. The supply chain view is also called an open system, since the
control is not under one organization. Halwirth and Kogelnig (2005) show that the risks of
failure in business processes increases when RFID is used across functions and organizations.
Ibrahim (2006) estimates the failure rate to be 50 percent of interorganizational relationships.
Therefore the implementation of RFID must be handled carefully.
Supply Chain performance depends on channel alignment. This is the coordination of
pricing, transportation, planning and ownership between the various actors across the supply
chain. Figure 7 shows an end-to-end supply chain performance.
Figure 7: End-to-End Supply Chain Performance (source: Gale, Rajamani and Sriskandarajah, 2006).
4.4.2. Factors influencing channel alignment failure
As already mentioned, the risks of failure increases as RFID is applied between more
entities. Factors influencing this are:
-
Chapter 4 Risk Analysis
33
� Low level of trust: as RFID is more a collective action, related companies need to adopt
the technology simultaneously in order to benefit most of it. Only if everyone is involved,
from the producer to the retailer, it can become a success. However, it must be said that
such collective actions are very complicated, because of different attitudes and
perceptions that companies have about the technology, and about each other (Yang and
Jarvenpaa, 2005). So, collective actions generate uncertainties about the belief of the
actions of other participating companies. Palamides (2004) names another factor in the
low level of trust. He says that shipping information is often competitive information.
There is no willingness between companies along the supply chain to share this
information. And therefore RFID will not smooth the process. The confidence in the
performance of other companies, and the willingness to share information can be defined
as collective trust.
Yang and Jarvenpaa (2005) presented a conceptual model of the role of trust in RFID.
This is presented in figure 8.
Figure 8: The conceptual model of trust (source: Yang and Jarvenpaa, 2005).
They say that the level of collective trust is important in the willingness to adopt RFID.
This collective trust increases if the alliance members have a history of repeatedly joining
the same alliances. It is possible that not every company is involved in the adoption of
RFID. This is expressed by the variable “user candidates vs. non-user candidates”. If the
subgroup of user candidates is a minority, then the collective trust among RFID user
candidates is higher than when the subgroup is a majority. If this is the case, they should
have higher trust among them and behave cooperatively with each other. When the
subgroup of user-candidates is higher than the non-user candidates, it is too large to
maintain homogeneity. Smaller salient groups become active, such as “reader users vs. tag
users”. The formation of these smaller social categories has a negative effect on
development of collective trust (Yang and Jarvenpaa, 2005).
� High dependence on external organizations: Hallwirth and Kogelnig (2005) name this
dependence as an important risk-increasing factor in RFID. It is closely related to the first
variable (trust), since trust encourages the commitment in a work environment with
-
Chapter 4 Risk Analysis
34
multiple partners. The difference is in the fact that only the factor ‘trust’ is no guarantee
for a success. A company can never look into the future and see how partners perform and
what actions they take. Ibrahim (2006) defines dependence as follows: “dependence of
actor A upon actor B is (1) directly proportional to A’s motivational investment in goals
mediated by B and (2) inversely proportional to the availability of those goals outside of
the A-B relationship.” The dependence of an organization on a partner is determined by
the importance of the required resource in terms of utility and the substitutability of the
other organization in obtaining that resource.
� Low Maturity of RFID technology between companies: besides the dependence on
external organizations, Hallwirth and Kogelnig (2005) name another risk-increasing
factor. They say that the maturity of RFID applications at an intracompany level is very
low, and the process complexity will increase considerably. Also the know-how is very
limited because many projects in this field are only at a pilot stage. Guido van Osch
(interview Centric) confirms this. He says that there are very limited business cases of this
kind. This low maturity is closely related to the low maturity as described in paragraph
4.1.2. The difference is that the maturity is even less as RFID is implemented between two
or more companies.
� No efficient data sharing: a final risk in channel alignment can be the efficiency of sharing
data between partners. Until recently, no one really thought about the specifics of how to
efficiently share data between partners (over a Wide Area Network). The challenge is that
companies can access real-time data along the supply chain by sharing EPC. Today many
pilots use EDI (Electronic Data Interchange). The main problem of EDI is that only the
two connected parties can see the information. New partners can not join the partnership.
The goal would be to develop an architecture that makes information available for as
many partners in the chain as needed and authorized to view it [21].
4.4.3. Visual presentation
Figure 9 presents the FTA model for channel alignment failure.
-
Chapter 4 Risk Analysis
35
OR
OR
OR
Figure 9: FTA model channel alignment failure.
4.5 Differences in risk perception between literature search and the interviews
Literature search showed all possible data management risks that can occur in
implementing RFID. However this research method did not rank the importance of the risks.
The interviews with Centric, Phi Data and Oracle showed what they think are important risks.
Some differences are visible between the companies. The main reasons is the difference in
work they perform for customers. Centric is currently not yet implementing the technology, as
described in paragraph 3.2. And therefore they are more in line with literature search. Phi
Data is a solution provider, and Oracle aims at the Information Systems. The following table
gives an overview of the differences in risk perception between literature search and the
interviews.
Risk Centric Phi Data Oracle
1. Implementation failure
1.1 Missing capability to integrate new information X X X
1.2 Worse performing business processes X X X
1.3 Resistance to change X X
1.4 Problems in implementation with existing
applications
X
1.5 No mature market X X X
1.6 Missing technical expertise X X
1.7 Missing business cases X X X
-
Chapter 4 Risk Analysis
36
Risk Centric Phi Data Oracle
1.8 Absence of management commitment
2. Low reliability
2.1 Corporate espionage X X
2.2 Destroying tags X X
2.3 Jamming X X
2.4 Many reads of 1 tag X X X
2.5 Tag read of wrong conveyor X X X
2.6 Reflection capability of packaging material X X X
2.7 Absorption capability of packaging material X X X
2.8 Failure as a result of the distance between tag and
reader
X X X
2.9 Failure as a result of the corner between tag and
reader
X X X
2.10 Failure as a result of place of tag on a package X X X
2.11 Interference X X X
2.12 Reader collision X X X
2.13 Tag collision X X X
2.14 Weather conditions X X X
2.15 Abrasion X X X
2.16 Production errors X X
3. Data overload
3.1 Tracking level too low X X X
3.2 Too many trigger actions X
3.3 Too much object tracking X X
3.4 Low network capacity
3.5 Too many readers
4. Channel alignment failure
4.1 Low belief of actions of participating companie(s)
4.2 Sharing of competitive information X
4.3 High dependence on external organizations X X X
4.4 No mature market X X X
4.5 Missing technical expertise X X
4.6 Missing business cases X X X
4.7 No efficient data sharing X X X
Table 4: Differences in risk perception.
-
Chapter 5 Risk Management
37
CHAPTER 5: RISK MANAGEMENT
The former chapter handled the risks of data management in RFID. It is important to
consider these before one implements the technology. Kopelchick [17] names some key
questions the internal auditor should consider. The following should be clear right now:
� Have key business environment risks been identified in the organization’s decision to
implement RFID?
� Have risks regarding data management and integrity been identified?
� Have key risks regarding network been identified?
� Are change management risks understood?
� Are current business processes mapped and understood prior to implementing any changes
made possible by RFID?
If the risks are clear, it is possible to take measures to mitigate these, in order to realize
the numerous benefits that RFID has to offer. This chapter offers a framework, in which risk
reducing possibilities are presented, so RFID can become a success. The Fault Tree Analysis
will be used, as described in paragraph 3.3. Step one to four of the FTA are already handled in
chapter 4. Only the last step has to be executed, which is called “Identify countermeasures for
each root cause”. This means that countermeasures will be described for each root cause in
the FTA models in chapter 4. One action points can be the input for more than one risk. The
risks of each of the four categories (implementation challenges, reliability, data overload and
channel alignment) will be handled separately in the following paragraphs. For clarity,
Appendix 10 gives a short overview of the root causes for each risk, and the accompanying
countermeasure(s).
5.1. Implementation failures
RFID offers lots of possibilities to improve the efficiency, reliability and the ease of
business processes. However, to use RFID to its full potential the implementation phase has to
be executed very carefully. Van Trier and Rietdijk (2004) name 4 phases (orientatation,
business case, technical tests and pilot & implementation) in the successful implementation of
RFID. Tidd, Bessant and Pavitt (2005) mention a fifth phase (learn). The phases will be used
as the starting point, for mitigating the risks as described in paragraph 4.1. The phases are
handled in the next sub-sections:
5.1.1. Phase 1: Orientation
In this phase, there is a first idea that RFID can be interesting for implementation in
your company. This is often the beginning of many internal discussions on the technology,
-
Chapter 5 Risk Management
38
whether to use it, and how to use it. Schermer (2006) names some important questions that
show up in this phase:
� What problems to solve with RFID in the company?
� What processes to improve with RFID?
� What new possibilities does RFID offer for the enterprise?
Appendix 5 names key performance metrics and related objectives. These can be the
input for the above mentioned questions. This phase should also give a realistic perception of
the technology, like the costs and the consequences of the implementation. The internet,
newsletters specialist journals, seminars and workshops offer a good input for being up to data
about all relevant information.
An important pitfall can be the management commitment, with the result that no budget
will become available for implementation. Van Trier and Rietdijk (2004) say that involving
them in the first phase is therefore of importance. Keep them up to data, give presentations,
and ask them for resources for the first phase (risk 1.8).
5.1.2. Phase 2: Business case
After the orientation, the business case can be build. The economic feasibility has to be
examined, since RFID asks for big investments. This is often very difficult. There are
currently not yet many success stories available, as mentioned in chapter 4. Van Trier and
Rietdijk (2004) name the following topics to be taken into consideration in this phase:
� The contribution of RFID to company goals: RFID can have four major company goals,
which are: higher profits, reduction of operational costs, improvement of quality and
security, and optimalisation of asset management. Before a prediction can be made of this,
it is important to consider the as-is process. What are the causes for the current
bottlenecks, or how can the as-is process be optimized. Gale et al. (2006) say that
companies will have to reexamine how supply chain decisions are made, and reengineer
processes, which will require a deeper understanding of how RFID impacts supply chain
dynamics and decision making (risk 1.2).
� The advantages it brings specifically to your company: the general advanta