Anti-counterfeit playbook for Shopify brands (2026)

What is counterfeiting and why is it growing?

Counterfeiting is selling fake products under your brand name. The traditional definition focused on luxury goods, but the modern version is broader. Anyone reselling a knockoff under a brand they did not make is counterfeiting, whether the original product is a $5,000 watch or a $40 t-shirt.

Three things have made counterfeiting easier in the last few years:

• Manufacturing has become more accessible. Small factories that used to make legitimate goods can be reconfigured to make convincing knockoffs at low volume.
• Marketplaces and social commerce have lowered the cost of distribution. A counterfeiter no longer needs a wholesale network. A few well-placed ads and a Shopify-like storefront reach the same buyers the original brand was hoping for.
• The visual gap between real and fake has narrowed. Modern printing, packaging, and stitching are good enough that side-by-side photos no longer settle the question.

The category that grew fastest in the 2022 to 2026 window: small-batch luxury (independent watch makers, indie jewelry, signed art prints, designer streetwear). These are exactly the categories where Shopify hosts a large and growing share of the legitimate brands.

Why are small brands at greater risk than big brands?

Counter-intuitive but true. Small brands face more risk per dollar of revenue than big brands. Three reasons:

1. Less legal budget. A big brand can afford to sue counterfeit operations into the ground. A small brand cannot. Counterfeiters know this and target accordingly.
2. Weaker authentication signals. Big brands invest in proprietary security features (engraved serial numbers, NFC chips, signed documentation). Small brands often have nothing beyond a hangtag, which is the easiest thing in the world to copy.
3. Less visibility into the secondary market. A big brand has a brand-protection team monitoring resale sites. A small brand finds out their work is being faked when a customer emails them a photo and asks if the version they bought elsewhere is real.

This is the part of the problem a Shopify-friendly anti-counterfeit setup can actually help with. The physical security features become accessible at small-brand budgets, and the digital certificate gives both you and your buyers a verification path that does not depend on legal teams or chargebacks.

What physical anti-counterfeit measures work in 2026?

Five physical features that are cheap, hard to fake, and easy to add to almost any product:

Tamper-evident packaging

A seal that breaks on first opening, leaving a visible mark. Cheap to produce, instantly diagnostic. The buyer knows whether the box has been opened before. Counterfeiters do not include this because it forces them to also produce convincing packaging, which adds cost they want to avoid.

Holographic foil stickers

Custom holograms with your brand mark, applied to the product or the certificate card. Small-batch print suppliers produce these starting at around $0.10 per sticker at modest volumes. Hard to reproduce without specialized equipment. Combined with a serial number printed underneath, the hologram becomes a tamper-evident layer.

Micro-engraving

Tiny laser engraving on the product itself, in a location only you know to look. For jewelry, this might be inside a ring band or on the underside of a clasp. For leather, a discreet edge mark. For ceramics, a stamp on the foot. Costs almost nothing to add at production and is essentially invisible at glance.

Foil-stamped certificate cards

Heavyweight card stock with foil-stamped brand mark, edition number, and a printed QR code. The foil makes photocopying obvious. The card itself becomes part of the artifact. Buyers keep these the way they keep paper COAs.

Color-shift inks

Inks that look one color under regular light and a different color under UV or at an angle. Used on banknotes for decades. Now available for small-batch printing on labels, hangtags, and certificate cards. Counterfeit printers usually cannot replicate without specialized presses.

Pick two of these. Three is overkill for most brands. One alone is fragile.

What digital anti-counterfeit measures work in 2026?

The digital layer is what lets your physical security features stay verifiable years after the original sale. Three components:

Hosted certificate page per piece

A unique URL for each numbered piece, hosted on your own domain. The page shows the piece details (origin, materials, edition number, year), a verification badge, and a timestamp. Buyers and resellers can land on the page and confirm the piece is real.

For a deeper look at the certificate format itself, see how to add a certificate of authenticity to Shopify products without NFTs.

QR code on a physical card

The card travels with the product. The QR encodes the certificate URL. The buyer scans with their phone camera, no app required, lands on the page in two seconds.

Unique cryptographic token in the URL

The certificate URL ends with a random token that cannot be guessed. Apps that use sequential IDs (/cert/1, /cert/2) leak every certificate to URL-walkers and make it trivial to forge a link. A cryptographically random token per edition (Editioned uses 10 characters from a 36-character alphabet, giving 2.8 trillion combinations) cannot be enumerated or predicted from samples.

The combination of these three creates a digital signal that is fast for legitimate buyers and structurally hard for counterfeiters to fake. A counterfeiter would need to forge not just the product and the packaging, but also a working URL on your domain. The latter is a much harder problem than the former.

Why did NFT-based anti-counterfeit systems fail?

From 2021 to 2023 the standard pitch for anti-counterfeit was to mint an NFT per piece. The pitch was: an NFT is unique, on a public chain, hard to fake. In practice the buyer-side experience killed it. To verify a piece, the buyer had to install a wallet, understand chains, and pay a gas fee. Most buyers did not. The NFTs got minted, the buyers never connected, and the authentication system functionally did not exist.

There were two structural problems beyond the wallet UX:

• The certificate lived off the brand's domain. If the chain or marketplace shut down, the certificate stranded. Some early NFT-auth platforms have already shut down in 2025.
• Resale platforms did not adopt NFT verification at scale. The resale market kept doing physical authentication and ignored the NFT side.

For more on why the EU regulators reached a similar conclusion and chose a federated registry instead of a blockchain for the Digital Product Passport, see DPP vs blockchain provenance for fashion, craft and luxury brands.

How do you combine physical and digital protection?

A workable layered defense looks like this:

1. Physical signal one. A holographic foil sticker on the product or on the certificate card. Adds a printed serial number underneath.
2. Physical signal two. A micro-engraving on the product itself, in a discreet location. For jewelry, inside the band. For leather, an edge mark. For prints, a small stamp on the back.
3. Digital signal. A scannable QR code on the certificate card that resolves to a hosted certificate page on your Shopify domain. The page shows the piece details, edition number, and verification badge.
4. Token system. Each certificate URL ends with a cryptographically random token. Cannot be guessed or enumerated. Generated at edition creation.
5. Revocation flow. When a piece is returned, you mark it revoked in the admin. The old URL renders a revocation page. The edition number returns to inventory with a fresh token for the next buyer.

This stack is cheap enough for any small brand to deploy, hard enough to fake that counterfeiters move to easier targets, and verifiable enough that resale buyers trust the result.

What is the right anti-counterfeit setup for a Shopify brand?

Depends on your price tier and volume:

Under $200 per piece, high volume

• Hologram sticker on product or hangtag (cheapest physical signal)
• QR-coded certificate card in the package
• Hosted certificate page on your Shopify domain
• Skip the micro-engraving (cost-of-goods sensitive)

$200 to $2000 per piece, mid volume

• Hologram or foil stamp on certificate card
• Micro-engraving in a discreet location on the product
• Hosted certificate page with edition number tracking
• Revocation flow for returns

Over $2000 per piece, low volume

• Tamper-evident packaging (sealed box, custom adhesive)
• Foil-stamped heavyweight certificate card
• Micro-engraving with edition number on the piece itself
• Hosted certificate page with high-resolution piece imagery
• Optional: color-shift ink on the certificate card for extra security

How do you handle counterfeit reports when they happen?

You will get counterfeit reports eventually, especially as you grow. The right process:

1. Ask the customer to scan the QR code on the certificate card they received (if any)
2. Compare the certificate URL they land on to your hosted domain. A fake will resolve to a different URL or no URL at all
3. If the URL is yours, the piece is real. The customer's concern was a false alarm and you can reassure them with the verification page
4. If the URL is not yours, you have a confirmed counterfeit. Ask for the photos, the receipt, the seller name. Report to the platform where they bought it
5. If a customer bought a fake without a certificate at all, that is also useful information. The faker did not bother to replicate the certificate, which suggests they expected the buyer not to verify

A clean anti-counterfeit setup makes this process fast. Buyers get certainty in seconds. You collect evidence as a byproduct.

What about resale market authenticity?

Resale platforms have been improving their authentication for years, but the gap between original brand and platform authenticator is still meaningful. A scannable certificate per piece closes the gap:

• Resale buyer scans the QR code, lands on the brand's hosted certificate
• Resale buyer cross-references the edition number against the brand's published total
• If the certificate is valid and not revoked, the piece is real
• If the certificate URL fails or shows revoked, the piece is suspect

This works in any vertical with active resale: jewelry, watches, sneakers, streetwear, vinyl, art prints. The certificate becomes part of the resale value proposition for the original buyer.

How does Editioned fit into an anti-counterfeit stack?

Editioned handles the digital layer of the anti-counterfeit stack: numbered editions, hosted certificate per piece, cryptographically random tokens in the URL, scannable QR codes, auto-revoke on refund. The physical security features (holograms, foil, engraving, tamper-evident packaging) you source separately from your packaging supplier, but Editioned generates the certificate cards as a PDF batch ready for the printer.

Pricing is flat monthly with no per-certificate fees, so the marginal cost of issuing a certificate is zero. A Studio merchant generating 100,000 certificates a year pays the same $99 a month as one generating 100. Every install starts with 30 days of full Pro features free, no card required.

For technical detail on the token system specifically, see the token security section on the homepage. For the broader numbered-edition workflow, see numbered editions on Shopify: a practical guide.

The short version

A layered anti-counterfeit stack works. Two physical signals plus one digital signal plus revocation. The digital signal lives on your own domain, uses unguessable URLs, and resolves in seconds when a buyer scans. NFT-based systems failed because they put wallet onboarding between the buyer and verification. Wallet-free hosted certificates do not. Pick the right setup for your price tier, ship it once, and the maintenance burden is close to zero.