Industry

NFC for Wine and Spirits Authentication

Anti-Counterfeiting and Consumer Engagement

| 5 min read

NFC for Wine and Spirits Authentication

Wine, whisky, and premium spirits are among the most counterfeited luxury goods — estimated at 10–30% of premium-segment sales in high-risk markets. NFC authentication addresses three distinct threat models: outright counterfeiting (fake bottles), refilling (authentic bottles refilled with inferior product), and diversion (bottles sold in unapproved markets).

Threat Model

Threat Description NFC Defence
Counterfeit bottle Fake label, fake bottle Originality signature on tag UID
Refill attack Authentic bottle, fake liquid Tamper-evident tag + cap seal
Parallel import Authentic product in wrong market Per-market NDEF URL with geo-validation
Label swap Downgrade label → premium bottle Inlay bonded inside capsule

Tag Placement Options

Position Tamper Evidence Consumer Access Notes
Under capsule (foil) Excellent — breaks on opening Read before opening Most common for fine wine
Inside label Good if wet-process label Always accessible Spirits with paper labels
Glass-embedded (OIV certified) Excellent — integral with bottle Always accessible Premium collectibles
Cork (resin-encased) Good — destroyed on extraction Before opening only Single-use seal

For collectibles and auction wine, glass-embedded NFC (e.g., Selinko's IntelliVin) provides the strongest evidence of an unbroken seal because the tag cannot be transferred to a different bottle.

For premium spirits authentication, NTAG 424 DNA with SDM (Secure Dynamic Messaging) is the technical standard of choice:

  • Each tap generates a unique SUN message containing an AES-CMAC over the UID and a read counter
  • The backend validates the MAC and detects if the same MAC is presented twice (indicating a cloned tag)
  • The read counter creates a tamper-history log: a bottle in cold storage since bottling should show very low scan counts
  • Originality signature provides cryptographic proof of genuine NXP silicon

Alternative for lower price points: NTAG213 with a unique serial number registered in a brand database. Less secure (no dynamic authentication) but adequate when the threat model is casual counterfeiting rather than sophisticated attacks.

Use the Chip Selector to compare NTAG 424 DNA against NTAG213/216 for your deployment budget.

NDEF Encoding for Wine Tags

A complete wine authentication tag carries multiple NDEF records:

NDEF Message
├── Record 1: URI (NFC-A Well-Known U)
│   └── https://verify.brand.com/bottles/{encoded-sdm-data}
├── Record 2: MIME (application/vnd.brand.bottle)
│   └── JSON: {"vintage": 2018, "appellation": "Pauillac", "bottled": "2019-05"}
└── Record 3: Text (locale: en)
    └── "Château Example — Grand Cru Classé 2018"

The URI record carries the SDM-generated dynamic URL. The MIME and Text records provide offline-readable information when no internet connection is available. Verify the encoding with the NDEF Encoder.

Backend Verification Architecture

Consumer scans tag
    ↓
NFC tag generates SUN URL:
https://verify.brand.com/v1/?e=<UID_mirror>&c=<counter>&m=<AES-CMAC>
    ↓
Backend receives GET request
    ↓
1. Look up UID in product database — bottle registered?
2. Validate AES-CMAC against stored key for this UID
3. Check counter is expected value (not replayed, not skipped)
4. Check scan location vs registered market (geo-fence)
    ↓
Return: ✓ Authentic / ✗ Suspicious + reason + product details

The AES key for each NTAG 424 DNA is personalised during tag manufacturing and stored in a hardware security module (HSM) at the tag manufacturer or brand's security provider. Consumer-facing apps call a REST API; the raw AES key never leaves the HSM.

Collector and Auction Use Cases

For high-value collectibles (rare whisky, first-growth wine), additional provenance data is valuable:

  • Scan history: Each time the bottle is scanned, the backend logs timestamp, geolocation (if permitted), and device identifier. A bottle with a scan history consistent with cellar storage is more credible than one with anomalous scan patterns.
  • Transfer of ownership: When a bottle is sold at auction, the new owner registers their wallet/account with the brand platform. Subsequent scans show the chain of custody.
  • Cellar management apps: Apps like CellarTracker and Vivino integrate with brand NFC backends to automatically log bottle acquisitions and track drinking windows.

Physical Tamper Evidence

NFC alone does not prevent physical attacks — a sophisticated attacker can remove the tag from the original capsule and reapply it to a fake bottle if the adhesive allows.

Defences: - Destructive labels: Label adhesive that leaves a void pattern on removal, making reapplication visible - Fragile substrate: Inlay on brittle PET that tears on removal - Capsule integration: NFC antenna wound around the metal capsule — removal destroys the antenna continuity - Tamper evidence byte: NTAG DNA TagTamper variant has an external loop connection; breaking the loop changes a status byte readable over NFC

The strongest deployments combine SDM authentication + a tamper-evident physical format + a back-end scan-history check — making both digital and physical reuse of a legitimate tag economically unviable for counterfeiters.

Regulatory Considerations

  • EU DPP (Digital Product Passport): From 2026, EU regulations require digital passports for certain product categories including wine/spirits for the sustainability data. NFC is an approved carrier technology.
  • GS1 Digital Link: Many brands use GS1 DL URIs in the NDEF tag so the same NFC tap that triggers authentication also resolves to a GS1 product data page — satisfying retailer and customs data requirements without multiple tags.

See also: NFC Anti-Counterfeiting | NFC Retail | NFC Logistics and Supply Chain | NDEF Specification Deep Dive

Terms in This Guide

Originality Signature SUN (Secure Unique NFC) SDM (Secure Dynamic Messaging) NTAG DNA (Technology)