Royal Mail, the British postal and courier service began switching all snail mail stamps to barcoded stamps last year.
The purpose of the barcode was to enhance security, deter stamp reuse, and possibly prevent forgeries—which it has failed to do.
Fast forward to this year, several senders were left appalled to see their mail returned and being slapped with a £5 fine for use of "counterfeit stamps," despite the senders insisting that they had bought legitimate stamps.
China accused of flooding UK with 1 million stamps
As Royal Mail transitioned towards barcoded stamps last year, the public had until the end of July 2023 to swap out their old paper stamps with ones carrying a 2D data matrix barcode at no cost.
(Royal Mail)
"The move is part of [Royal Mail's] extensive and ongoing modernisation drive and will allow the unique barcodes to facilitate operational efficiencies, enable the introduction of added security features and pave the way for innovative services for customers," earlier explained an FAQ on the mail provider's website.
Ironically, "security features," such as these unique barcodes believed to prevent stamp re-use and forgeries in the future failed at just that.
Hundreds of senders saw their mail items returned by Royal Mail last month, and each had a "£5 penalty" notice slapped on them for the use of "counterfeit stamps."
This left senders surprised who did not understand why they were being penalized despite properly purchasing what they thought were legitimate stamps.
According to The Telegraph, the organization has been investigating to identify the "source of the problem."
"When a customer reports to us that they bought a stamp from a retailer that is subsequently found to be counterfeit, we will always look into the circumstances of that case," said a Royal Mail spokesperson.
"We also work closely with retailers and law enforcement agencies, and actively seek the prosecution of those who produce counterfeit stamps. We reaffirmed that policy to the minister today."
On Wednesday, however, an investigation led by the newspaper revealed that four major Chinese suppliers were offering to print up to one million forged Royal Mail stamps every week "for as little as 4p each – and deliver them to Britain within days."
Security experts and British MPs likened the large-scale forgeries to an "act of economic warfare" that is almost like "printing counterfeit money."
Predictably, a diplomatic row erupted with the Chinese government dismissing these claims as "baseless." Chinese officials suggested that Royal Mail should instead investigate its supply chains.
The blame game begins
Royal Mail has blamed the UK Border Force for failing to stop the counterfeit product from entering the UK—which is an interesting accusation given the simplistic nature of the product. Stamps are ultimately shipped as sheets of paper, making them harder to distinguish from letters or boxes of documents via conventional screening means.
A Royal Mail executive does admit that its "overly sensitive" machines can sometimes wrongly flag genuine stamps as fake, and has human experts thoroughly inspecting flagged mail items.
Even more interestingly, the penalized customers state that these stamps were purchased at Post Office branches and not Royal Mail.
Post Office often partners with Royal Mail to provide a variety of mail and collection services but remains a separate commercial entity.
The Post Office further claims that it receives these stamps directly from Royal Mail's secure printers.
Post-printing these stamps are kept in a warehouse and transported to Post Office branches via specialist delivery vans that also carry cash.
"Any allegation that fake stamps have been purchased at a Post Office are extremely serious," a Post Office spokesperson told The Telegraph in the same report.
"The implication of such an allegation is that one of our postmasters, or a member of their staff, has obtained fake stamps and has chosen to sell them to customers rather than selling legitimate stamps that have come from Royal Mail's secure printers. This is why we insist that any customer who thinks they may have purchased a fake stamp from a Post Office must produce an itemised receipt so that this can be looked into further."
It's been a tough year for Post Office as is with the company embroiled in the notorious Horizon IT scandal that involved hundreds of postmasters being wrongfully convicted and sentenced—all because of accounting flaws in Horizon, an IT system designed by Japanese company Fujitsu and used at Post Office branches.
Now, claims of counterfeit stamps circulating in the UK could risk relentlessly putting the spotlight on postal staff members and retailers once again.
Privacy groups remained silent on stamp roll out
Surprisingly, the rapid transition to barcoded stamps escaped the scrutiny of just about everyone—including leading privacy groups.
Along with tightened "security," these digitalised stamps arrived with a 'feature' for senders to attach videos using their smartphone that a recipient could then watch by scanning the stamp with their smartphone.
No one questioned whether this could be invasive for privacy reasons and be the death of anonymous mail.
BleepingComputer understands there are several scenarios in which every barcoded stamp could, in theory at least, be associated with its purchaser (the sender) and make anonymous snail mail a thing of the past.
At the time of the rollout, we tested several such new stamps. We noticed each such stamp had a unique string identifier stored in the data matrix barcode which looks like this:
XXXX F0XXXXXXXXXXXXXX01
(That's three sets of text strings separated by spaces—56 characters in total. The 'X' represents different digits)
Last year, BleepingComputer also contacted leading UK and international privacy groups to get their understanding on the matter—none responded.
Royal Mail told us at the time that barcoded stamps do not provide end-to-end public facing tracking, such as via the website, but did not rule out these being internally traceable, e.g. for law enforcement purposes.
"The barcodes will not provide end-to-end public facing tracking. It is not possible to track items using these stamps as current regulation does not permit this on services offered under the Universal Service Obligation (USO)," a Royal Mail spokesperson had earlier told BleepingComputer in an email interview.
"Tracked services are already available, details of which are on our website."
The Royal Mail spokesperson further explained that although the barcode made each stamp unique, "no personal data is held on the stamp," which was also obvious in our tests.
That still does not imply whether the unique identifier contained in these barcodes could not be associated with a sender's identity in other ways, such as when they purchase these using digital payment methods or use their smartphones to "attach" videos to them.
With the forged stamps now infiltrating the country, the benefits these new stamps were designed to provide have largely been rendered void.
Comments
XSp - 1 week ago
Did the Royal Mail get Fujitsu's expert opinion on this matter too?
I mean, isn't it weird that after all the scandal, the UK government still seems very eager to close all sorts of contracts with the company and all?
https://www.theguardian.com/business/2024/feb/10/fujitsu-won-14bn-government-contracts-court-ruling-post-office-horizon-software-bugs
https://www.standard.co.uk/news/tech/fujitsu-uk-digital-id-scheme-post-office-scandal-b1149433.html
https://www.lbc.co.uk/news/fury-as-fujitsu-awarded-government-contract-despite-post-office-scandal/
Something rotten not in the state of Denmark
14547438 - 1 week ago
I don't get this reaction to a perfectly reasonable attempt to prevent crime, and I find it offensive.
It's untrue to say the UK is "flooded" with fake postage stamps. Although most of my mail is franked anyway, as far as I'm aware I've never seen a forged stamp. But there's the thing - how would I even know? Now I can find out, and indeed if it's a fake that's been posted to me, somebody will probably tell me. Nobody ever has, and if they did I'd probably just refuse to pay the fiver and let them keep any mail with forged stamps.
It's also untrue to say that the benefits of the new stamps have been rendered void. If you do happen to come across a fake stamp, then (1) it's now very easy to tell that it's fake and (2) if you follow the advice, and get a receipt when you buy them (and why wouldn't you do that?), then they can be traced to their source and the source dealt with in appropriate ways.
A first class stamp now costs more than a pound. Once upon a time I would often have several banknotes of *half* that value in my wallet. Would you prefer not to have serial numbers on banknotes?
Yes, the stamps probably could be prettier without a QR code, but they are after all basically nothing more than a receipt for payment. A document, if you like. If by making a small aesthetic concession we can, through better documentation, stick it to some Chinese criminals who are making literally *millions* out of the people of the UK (and apparently with the connivance of the Chinese authorities) then I, for one, am very happy to make the sacrifice.
U_Swimf - 1 week ago
If you're interested in learning more about bar code and other image validations, data code, matrixes, upc and such.. There used to be a free and open API which allowed lookups of any barcode immaginable. You just had to identify which code your code belonged to by guessing various check digit numbers which the api would usually get for you if you were able to identify by eye the GTIN number. From there, you could learn a lot about the entity who's code it belonged to with everyone who touches it inbetween.
Search' GS1 GEPIR api search' and youll find the company websites, but unfortunately it's not free to use anymore. They used to give free courses too. Very educational, totally worthless now .