---
# System prepended metadata

title: 'Counterfeit Detection System: Problem Landscape, Solutions, and Action Plan'

---

# Counterfeit Detection System: Problem Landscape, Solutions, and Action Plan

This document explains in plain language what our counterfeit detection system is designed to solve, how it solves it, and what it can and cannot do. After reading this, you will understand — without any technical background — which part of the counterfeiting problem our system covers and where its capability boundaries lie.

---

## The World We Operate In

According to an OECD and EUIPO report from 2025, global trade in counterfeit goods reached $467 billion in 2021, accounting for 2.3% of global imports. Apparel, footwear, and leather goods combined account for 62% of all seized counterfeits. More alarming is the rapid rise of AI-generated imagery and dark social commerce, which has rendered traditional manual monitoring increasingly inadequate.

Counterfeiters operate across a wide spectrum — from crude operators who simply steal brand photographs to sophisticated ones who use AI to generate product images that don't physically exist. Brand legal teams currently rely on human reviewers to patrol platforms one by one, a process that is slow, limited in reach, and prone to missing violations.

In one sentence, our system does this: it helps brand legal teams shift from "reviewing every image manually" to "the system pre-screens, and people only review the most suspicious items."

One important commitment: the core visual matching engine runs locally and independently. Reference images uploaded by clients are used only to extract mathematical features; they are never uploaded to public cloud infrastructure or used to train external AI models, eliminating any risk of trade secret exposure at the source.

---

## What Are Brands Actually Protecting? — Unpacking the Word "Counterfeit"

Before discussing specific scenarios, we need to address a fundamental question: when a brand says "someone is counterfeiting us," what exactly is being counterfeited? The answer is more complex than it might seem.

"The thing being counterfeited" can be broken into several major categories, each with different detection methods and difficulty levels. The mind map below shows the complete taxonomy of protected elements and the detection tools that correspond to each.

```mermaid
mindmap
  root((What Brands Protect))
    Brand Logos
      Pure graphic marks
        Google Logo Detection
        Azure Custom Vision
      Wordmarks
        OCR + string matching
        Logo Detection
      Composite marks
        Logo Detection + OCR dual-track
      Embossed / debossed marks
        CLIP holistic visual understanding
        Azure Custom Vision custom training
      Multi-version variants
        All versions added to training
    Copyrighted Images
      Brand photography
        pHash fingerprint matching
        Reverse image search
      Original illustrations and patterns
        pHash for direct copies
        CLIP similarity matching
      Licensed character imagery
        CLIP similarity matching
        Azure Custom Vision character detection
    Product Appearance Design
      Product form
        CLIP / FashionCLIP
      Surface patterns
        CLIP effective for large coverage
        Teachable Machine classifier
      Product colorways
        OpenCV color analysis
        Auxiliary signal only
      Packaging design
        pHash + CLIP
    Overall Visual Impression
      Combination of specific elements
        Multi-signal fusion verdict
      Pure style imitation
        Beyond system capability
```

Each category is explained in detail below.

### Category 1: Brand Logos

This is the most intuitive form of protection. Brand logos can be further broken down into several types.

Pure graphic marks: no text, only a graphic. Examples include Nike's swoosh, Apple's apple silhouette, Adidas's three stripes. Counterfeiters may copy them exactly or make small modifications (reversing the direction of the swoosh, removing a stripe).

Wordmarks: the brand name itself is the mark. Examples include Supreme's red-box-white-text block, Coca-Cola's script lettering, ZARA's letter arrangement. Counterfeiters may use the exact same typeface and layout, or a very similar but not identical version.

Composite marks: a graphic and text combined into a single complete mark. Starbucks is a classic example — the mermaid figure, the outer ring of text, and the circular border together form the complete Starbucks logo; remove any one element and it is no longer complete. Counterfeiters may copy the full combination or use only the graphic portion or only the text portion.

Embossed or debossed marks: logos pressed into leather goods or metal accessories. Their visual representation in photographs is entirely different from a printed logo — they appear through light, shadow, and texture rather than color contrast.

Multi-version marks: a single brand may have several logo versions — full color, single color, horizontal layout, vertical layout, simplified version. Every version needs to be detectable.

How the system handles these: for well-known brands, Google's Logo Detection recognizes most versions. For smaller brands or cases requiring higher precision, we use Azure Custom Vision to train a dedicated model — the brand provides various logo versions as training material and the system learns to recognize all of them. Graphic and text elements are treated separately: graphics go through logo detection, text goes through OCR, and the two channels complement each other.

### Category 2: Copyrighted Images

This category covers all visual works in which the brand holds copyright — a much broader scope than logos.

Brand product photography: official product images, lifestyle shots, and model photographs commissioned by the brand. These photographs are protected by copyright regardless of whether a brand logo appears in them; unauthorized use is infringement.

Original illustrations and graphic patterns: original pattern designs, print designs, and packaging illustrations commissioned by the brand. A fashion brand may release new print patterns each season, and each pattern is an independent copyrightable work.

Licensed character imagery: character depictions that the brand has licensed for use on its products — comic characters, animated characters, game characters. A phone case brand may have licensed a certain character to print on its cases. A counterfeiter printing the same character on their cases without a license infringes both the phone case brand's trademark and the character copyright holder's copyright.

How the system handles these: stolen brand photography — pHash fingerprint matching and reverse image search handle this directly (Scenarios 1 and 2). Original patterns reproduced on counterfeits — if the counterfeiter copied the original image directly, pHash will catch it; if they redrew their own "similar but not identical" version, CLIP detects visual similarity but the system cannot determine whether it legally constitutes "substantial similarity" — that requires a legal professional. Licensed character imagery — same approach as original patterns; CLIP detects "this character looks very similar," but whether it constitutes infringement requires confirming the licensing relationship.

An important limitation: the system can detect that "these two images look alike" but cannot make legal determinations about fair use, parody, or independent creation. Those legal judgments must be made by humans.

### Category 3: Product Appearance Design

This category refers to the physical form and visual design of the product itself, independent of any logo or pattern printed on it.

Product form: the three-dimensional shape and structural design of the product. Examples include the distinctive silhouette created by Yonex's racquet frame shape and weight distribution, Dyson's hollow ring hair dryer form, or the distinctive profile of a specific shoe last. Counterfeiters may produce imitations that look almost identical.

Surface patterns: repeating patterns printed across product surfaces. Examples include Burberry's classic check, Louis Vuitton's Monogram, Gucci's interlocking GG. These patterns typically cover large surface areas and are among the most recognizable visual elements of a brand.

Brand colorways: colors or color combinations a brand uses on specific products. Some brands register specific colors as trademarks — Tiffany blue, Louboutin's red sole, 3M's yellow Post-it note.

Packaging design: the appearance of product packaging — box shape, color, patterns, and text layout. For luxury brands, the packaging is itself a part of the brand experience.

How the system handles these: product form — CLIP can compare "how closely does this item's overall silhouette and appearance match the genuine product." For fashion categories, FashionCLIP performs better. Surface patterns — if the pattern covers a large surface area, CLIP can effectively detect it; if it appears only in a small section, detection drops. A Teachable Machine classifier trained on the specific pattern can supplement this. Colorways — OpenCV can extract dominant colors from an image and compare them against registered brand colors, but lighting conditions affect accuracy, making this an auxiliary signal only. Packaging — same CLIP approach as product appearance.

### Category 4: Overall Visual Impression — The Most Ambiguous and Difficult Category

This is the most contentious category. A brand sometimes says: "that product just looks like it's copying us" — not that a specific logo was copied, not that a specific pattern was copied, but that the overall "feel" is an imitation.

Combinations of specific elements — what the system can handle: "overall visual impression" can often be decomposed into combinations of specific elements. Take Starbucks: its "iconic visual" is the mermaid graphic, plus the green color, plus the circular border, plus the specific typography — four elements, each individually concrete and detectable. The system can separately check whether the logo was copied, the color was copied, the text was copied, then synthesize those signals. The same logic applies to other products: if counterfeiters copied specific illustrations, specific title typography, and a specific color scheme, each of these is a concrete element detectable on its own.

Pure style imitation — what the system cannot do: if a counterfeiter copied none of the specific elements — no logo, no pattern, no color, no text — but the overall layout style, visual atmosphere, and design language "feel like a tribute," that level of stylistic similarity is beyond the reach of all existing image comparison technology. Even human designers disagree about "does this count as copying style?" Legal protection for pure style is also limited (unless it can be proven to constitute Trade Dress infringement).

The system's approach: decompose "feels like" into detectable specific elements — logo, text, pattern, color — detect each separately, then cross-validate. If multiple elements match simultaneously, even if no single element is a perfect copy, the combined signal strength may still trigger a high-confidence flag. But if a counterfeiter is truly sophisticated and changes each element enough that no individual signal fires, the system's aggregate score will not be high. "Pure style imitation" is a domain where no current AI technology can reliably detect infringement.

---

## Chapter 1: The Most Common and Most Tractable Scenarios — Someone Stole Your Photos

### Scenario 1: Identical Image Theft

**Factor combination**: Protected element = brand photography, product appearance, logo (if present) | Infringement method = direct copy of brand's original image | Business model = product page direct sale

> Known in the industry as "image piracy" or "literal copy" — the most direct form of copyright infringement.

Imagine you are a legal officer at a sportswear brand. Your team spent considerable budget hiring photographers to shoot official product images, only to find that someone copied those images verbatim onto their own product page to sell counterfeits at low prices. Consumers see the exact same photos as the official website, believe they are purchasing authentic goods, and receive inferior fakes.

The harm is not merely revenue loss — consumers lose trust in the brand. More frustrating for legal teams is that this kind of image theft is spread across every major e-commerce platform, making manual monitoring impossible.

What legal teams really need: "If someone used our photos, the system should immediately tell me where and who, so I can file a takedown directly."

How the system handles this: the system computes a "digital fingerprint" for every genuine product image. Like a human fingerprint, each image's fingerprint is unique. When the system encounters a candidate image online, it compares that image's fingerprint against the genuine product fingerprint. A perfect match means the image is a stolen copy of your photograph. Technical details: Appendix Tool 3 (pHash perceptual hashing).

The system can also perform reverse searches — submitting your genuine product image to search engines and asking "where else does this image appear?" Technical details: Appendix Tool 1 (Google Web Detection).

This scenario is the system's most confident baseline capability. Detection coverage: complete.

### Scenario 2: Stolen Photo with Modifications

**Factor combination**: Protected element = brand photography, product appearance | Infringement method = modified copy (crop, color adjustment, watermark overlay) | Business model = product page direct sale

> Known as "image manipulation" or "modified reproduction." In copyright adjudication, this typically still constitutes "substantial similarity" infringement.

More cunning counterfeiters process stolen images slightly — cropping the edges, adjusting colors, overlaying their own watermark or promotional text — to make it look "different." The goal is to evade exact fingerprint matching.

Legal teams' frustration: "I can clearly see that image was stolen from our website — it's just cropped and color-adjusted. But I can't prove it with tools; I can only compare by eye."

How the system handles this: in addition to fingerprint matching, the system has a smarter method — it uses AI to understand each image as a set of "visual features," then compares how close two images' feature sets are. Just as you can identify a shoe model from its silhouette and colorway alone, the AI can do the same. Even if an image is cropped, color-adjusted, or watermarked, as long as the product's overall appearance hasn't changed too much, the AI can still recognize "this looks very similar to my genuine product image." Technical details: Appendix Tool 2 (CLIP visual similarity matching).

An honest limitation: if the watermark covers most of the product (e.g., large promotional text overlaid across most of the shoe's visible area), AI recognition capability drops significantly. This is a known weakness we cannot perfectly address under current technical constraints. Detection coverage: mostly covered. Heavy watermarks are a known weakness.

---

## Chapter 2: More Challenging Scenarios — Counterfeiters Produce Their Own Product Images

### Scenario 3: The Counterfeiter Photographed Their Own Fake with Your Brand Mark

**Factor combination**: Protected element = brand logo (including embossed/debossed variants) | Infringement method = self-photographed counterfeit | Business model = product page direct sale

> Known as "counterfeit goods." High-quality versions are called "superfakes" — characterized by materials and craftsmanship so close to genuine articles that even experts struggle to distinguish them at a glance.

The commonality in Scenarios 1 and 2 is that "the photograph itself was stolen from you." But more sophisticated counterfeiters don't steal your photographs at all — they buy (or manufacture) fakes, photograph them, and list them.

In this case, fingerprint matching fails entirely, because this is a brand new photograph with no pixel-level relationship to any of your genuine product images. But the brand mark on the counterfeit is real — or at least closely resembles the real thing.

A specific note: when brand logos appear as embossed or debossed elements (common on leather goods and metal accessories), they appear in photographs through light and shadow rather than color contrast. Google's Logo Detection may be less effective in these cases, requiring greater reliance on CLIP's holistic visual understanding and Azure Custom Vision custom training.

Legal teams' pain: "I know that logo is ours, but I'm looking at hundreds of candidate images every day — I can't use a magnifying glass on every one to check whether the logo is genuine."

How the system handles this: the system has a dedicated "brand mark detection channel." It scans every candidate image for your brand logo. Google's AI service recognizes thousands of major brand logos natively. For smaller brands that Google doesn't recognize, we can use another tool — you simply provide 30 to 50 product photos containing your logo, and the system automatically learns to recognize it, including its position and size within images. Technical details: Appendix Tool 1 (Google Logo Detection) and Appendix Tool 7 (Azure Custom Vision).

A key design decision: the system checks from two independent angles simultaneously — "does the product appearance match?" (visual comparison) and "does the brand mark appear?" (logo detection). These two channels make independent judgments and their results are cross-validated. This dual-track design is what distinguishes our system from most competitors — it allows the system to differentiate between "looks similar but isn't a counterfeit" and "genuinely is a counterfeit."

Detection coverage: complete for major brands. Depends on whether smaller brands are willing to provide training images.

### Scenario 4: The Brand Mark Was Deliberately Modified

**Factor combination**: Protected element = brand logo (modified version) | Infringement method = self-photographed counterfeit | Business model = product page direct sale

> Known as a "knockoff" or "look-alike." Legal adjudication commonly uses "confusingly similar" to determine whether trademark infringement is established.

Some counterfeiters are more sophisticated — instead of copying your logo exactly, they make small changes: reversing the direction of a swoosh, removing a stroke from a letter, or substituting a very similar but not identical typeface. At first glance it reads as "that brand," but closer inspection reveals something is off.

Legal teams' pain: "Many of the reports we receive involve counterfeits with 'tweaked' logos. I'm not sure whether the system can catch these. If even I almost didn't notice at first glance, can the AI?"

How the system handles this: honestly, this is a gray zone for the system's capability. If our training for your logo detection deliberately incorporates various "modified versions" as training material (reversed, missing strokes, different typefaces), the system has a better chance of recognizing modified logos. If the modification was one we didn't anticipate, the system may miss it.

Detection coverage: partial. Effectiveness depends on the diversity of training data. This requires empirical testing to assess (see Experiment 6 in the Implementation Plan).

### Scenario 5: The Counterfeit Looks Like the Genuine Product but Was Photographed from a Completely Different Angle

**Factor combination**: Protected element = product form | Infringement method = self-photographed counterfeit | Business model = product page direct sale

> The classic form of "counterfeit," with the primary legal battleground in "product design infringement."

The counterfeiter photographs the fake from an angle that never appears in any of your genuine product images — for example, all your official photos are front-facing, but the counterfeiter shot a side view.

Legal teams' pain: "I can tell it's a counterfeit because the overall design and colorway copies ours, but the photo angle is completely different. Can the system match that?"

How the system handles this: AI visual understanding has a degree of angle tolerance — it is not comparing pixels but understanding "what this object looks like." Moderate angle differences typically don't affect the verdict, but extreme angles (such as a photo of only the sole or only the interior label) may cause the AI to fail to recognize the product. The remedy is to upload genuine product photos from multiple angles when building the reference database, giving the AI more reference perspectives.

Detection coverage: partial. Standard angular differences are handled; extreme angles reduce performance.

### Scenario 6: The Counterfeiter Used Photo Editing Software to Paste Your Logo onto a Different Product

**Factor combination**: Protected element = brand logo | Infringement method = digital compositing (Photoshop splice) | Business model = product page direct sale

> Known as "digital compositing" or "photoshopped fake." Common in low-cost fraudulent sales.

Counterfeiters don't always need to produce physical fakes. Some simply use Photoshop to paste a brand logo image onto a photo of a generic product — a pair of unbranded white sneakers, now bearing a Nike swoosh. The product itself looks nothing like the genuine article; only the logo is "real" (or at least appears to be).

Legal teams' pain: "This kind of Photoshop counterfeiting is easy for consumers to spot, but it still damages brand image, especially when shared widely on social media."

How the system handles this: the logo detection channel is the workhorse here — regardless of whether a logo is printed on a genuine product or digitally pasted in, if it appears in the image, Logo Detection or Azure Custom Vision will detect it. CLIP appearance matching is less meaningful in this scenario since the product itself looks nothing like the genuine article. Technical details: Appendix Tools 1 and 7.

Detection coverage: covered for major brands; smaller brands depend on Azure Custom Vision training.

---

## Chapter 3: Text, Colors, Symbols, and Marks

### Scenario 7: The Counterfeit Bears Your Brand Name or Slogan

**Factor combination**: Protected element = brand text trademark (brand name, model name, slogan) | Infringement method = self-photographed (including homoglyph attacks) | Business model = product page direct sale

> Text variation used to evade detection is called a "homoglyph attack" — replacing characters with visually identical but differently encoded Unicode characters to bypass string matching. The analogous attack in the domain name world is called "typosquatting."

Beyond logo graphics, many counterfeits display brand text — the brand name, product model name, or promotional slogan. Sometimes counterfeiters don't even use a logo; they use only the brand name in text form to imply association and confuse consumers.

Legal teams' pain: "I spend a lot of time searching for our brand name to see if anyone is selling fakes. But counterfeiters write the brand name in ways that are 'slightly off but still readable' — like 'N1ke' or 'Nik e' — which breaks my keyword search."

How the system handles this: the system uses Optical Character Recognition (OCR) to read text from images, then compares it against the brand's registered trademark text list. For cases where counterfeiters deliberately misspell brand names or insert spaces, the system uses fuzzy matching — it doesn't do exact string comparison; instead, it calculates "how close is this text to the brand name." Technical details: Appendix Tool 1 (Google Text Detection) and Appendix Tool 6 (text matching rules).

A more sophisticated attack is "homoglyph substitution" — replacing letters in a brand name with Cyrillic characters that look visually identical. For example, the Latin A and the Cyrillic А are indistinguishable to the human eye, but a computer treats them as different characters, causing string matching to fail. For this type of attack, we use a specialized tool to detect "whether this text contains visually identical characters from different scripts." Technical details: Appendix Tool 6 (confusable_homoglyphs library).

Detection coverage: common brand name variations and homoglyphs are handled. Particularly creative variations may require manual discovery and addition to the recognition list.

### Scenario 8: The Counterfeit Bears Forged Safety Certification Marks

**Factor combination**: Protected element = certification marks (CE, UL, CSA, etc.) | Infringement method = self-photographed (forged marks) | Business model = product page direct sale

> Known as "certification mark fraud" or "compliance label counterfeiting." In the EU and US, this constitutes a product safety regulatory violation — with consequences more serious than trademark infringement.

In electronics and children's toys, counterfeits don't just infringe on brands — they can endanger consumer safety. Counterfeiters print forged CE (EU safety certification) or UL (US safety certification) marks on products, leading consumers to believe the products have passed safety testing.

Legal teams' pain: "Forged certification marks are a serious compliance issue, but these marks are usually very small and hard to see in e-commerce photographs."

How the system handles this: the system can attempt to recognize certification marks in images, but effectiveness is limited. These marks are typically very small in e-commerce photos, and recognition rates depend on image resolution. The system will attempt detection and flag hits, but cannot guarantee high recall. Technical details: Appendix Tool 1 (Google Logo Detection).

Detection coverage: partial. Small marks in low-resolution images may have insufficient recognition rates.

### Scenario 9: The Counterfeit Uses Your Brand's Registered Trademark Color

**Factor combination**: Protected element = brand registered trademark color | Infringement method = self-photographed counterfeit | Business model = product page direct sale

> Legally referred to as "color trademark infringement." Registering a color trademark in the United States requires proving "secondary meaning" — that consumers can associate the color directly with the brand.

Some brands register specific colors as trademarks — Tiffany blue, Louboutin red soles, 3M's yellow Post-it notes. Counterfeits use nearly identical colors.

Legal teams' pain: "That blue is obviously imitating our Tiffany blue, but color is subjective — how do I prove it?"

How the system handles this: the system uses image analysis tools to extract the dominant colors from an image and calculate the distance between them and the brand's registered color. An honest limitation: colors in photographs are significantly affected by lighting, white balance, and display calibration — the same color can look very different under different shooting conditions. Color is therefore only an "auxiliary signal" — it cannot stand alone as a basis for determination; it must be interpreted in conjunction with logo or appearance matching.

Detection coverage: mostly covered. Effective as an auxiliary signal; cannot make independent determinations. Lighting variation affects consistency.

### Scenario 10: The Counterfeit Replicates the Genuine Product's Barcode

**Factor combination**: Protected element = barcode or QR code | Infringement method = self-photographed (replicated genuine product barcode) | Business model = product page direct sale

> Known as "barcode cloning" or "GS1 fraud" (GS1 is the global barcode standards organization).

Counterfeiters print the genuine product's UPC barcode or QR code on their fakes. Consumers scan the code and believe they have an authentic product.

Legal teams' pain: "Our barcodes have been cloned, but barcodes in e-commerce photos are usually very small and unclear — I can't examine them one by one by eye."

How the system handles this: if the barcode in the image is sufficiently clear, the system can read its content and compare it against the brand's genuine barcode database. In practice, barcodes in e-commerce photographs often have low resolution, limiting recognition rates. This can only function as an auxiliary signal. Technical details: Appendix Tool 1 (Barcode Detection).

Detection coverage: partial. Depends on barcode clarity in the photograph. Requires the brand to provide a genuine barcode database.

---

## Chapter 4: Patterns, Packaging, Characters, and Overall Visual Design

### Scenario 11: The Counterfeit Replicates Your Signature Pattern

**Factor combination**: Protected element = surface pattern (trade pattern) | Infringement method = self-photographed (with or without original image theft) | Business model = product page direct sale

> Legally often classified under "trade dress infringement." Burberry's check and LV's Monogram are classic examples.

Burberry's classic check, Louis Vuitton's Monogram, Gucci's interlocking GG — repeating surface patterns are among the most recognizable brand identifiers, and among the most frequently copied by counterfeiters.

Legal teams' pain: "The pattern on the counterfeit is almost identical to ours, but it's not a logo and it's not text — our current search methods struggle to find these. And the same pattern appears on all kinds of products — from scarves to phone cases to car seat covers — the category range is enormous."

How the system handles this: if the pattern covers most of the product surface (e.g., an all-over check), CLIP's visual understanding can effectively detect "this pattern is very similar to the genuine product's pattern." We can also use Teachable Machine to train a dedicated classifier for a specific pattern — the brand provides a batch of product photos containing the pattern as training material, and the system learns to recognize it across any product category.

If the pattern appears in only a small portion of the product (e.g., a short section of check at the cuff), CLIP's global visual understanding may not be sensitive enough — large-area visual features of other elements may drown out the small-area pattern signal.

Detection coverage: complete for large-area patterns. Partial for small, localized patterns.

### Scenario 12: The Counterfeit's Packaging Closely Resembles the Genuine Packaging

**Factor combination**: Protected element = packaging design | Infringement method = direct copy or self-photographed | Business model = product page direct sale

> Known as "packaging copy" or "trade dress infringement." Packaging design is protected by "design patent" in some jurisdictions.

For luxury brands, packaging is an integral part of the brand experience — Tiffany's blue box, Apple's white minimalist packaging, various luxury brands' signature shopping bags. Counterfeiters replicate not just the product but also the packaging.

Legal teams' pain: "Some counterfeiters even sell replica packaging as a standalone product — they sell empty brand boxes and shopping bags for others to use with fakes."

How the system handles this: if counterfeiters stole the brand's packaging photographs — pHash and reverse image search handle this directly (same as Scenario 1). If counterfeiters photographed their own fake packaging — CLIP compares the overall appearance of the packaging. This requires that the brand's reference database includes packaging photographs.

Detection coverage: covered, provided packaging photos are in the reference database.

### Scenario 13: Someone Printed Your Licensed Character Imagery on Unauthorized Products

**Factor combination**: Protected element = licensed character imagery (comic, animation, game characters) | Infringement method = redrawn or self-photographed products bearing the character | Business model = product page direct sale

> Known as "unauthorized merchandise" or "bootleg merchandise." Legal analysis involves "character copyright" and "derivative work" determinations. The Japanese anime industry calls this "mudan hanbai" (unauthorized sale).

A phone case brand obtained an official license for a certain comic character and prints it on phone cases for sale. Then someone without any license also prints the same character on their phone cases. More commonly, a popular anime character is printed without authorization on T-shirts, mugs, and stickers sold on e-commerce platforms.

Legal teams' pain: "We spent a lot on licensing, and bootleg merchandise is everywhere. More frustrating is that counterfeiters sometimes don't copy our product image directly — they draw their own 'similar but slightly different' version, making it hard to prove they're copying our licensed character."

How the system handles this: if bootleggers directly stole the brand's product image — pHash and reverse image search detect it immediately (back to Scenarios 1 and 2). If bootleggers redrew the character — CLIP detects "this image looks very similar to the genuine product's character image." Azure Custom Vision can also be trained to recognize specific characters — the approach is identical to training for brand logo recognition, just with a character instead of a logo. What the system can do is detect "visual similarity." It cannot determine legal boundaries: does drawing your own "tribute-style" character constitute copyright infringement? Does parody qualify as fair use? These determinations require legal professional intervention; the system only surfaces candidates that "look similar."

Detection coverage: complete for direct image theft. For redrawn "close approximations," can detect similarity but cannot determine infringement.

### Scenario 14: The Counterfeiter Copied Your "Overall Visual Design" — Not a Single Element but a Combination

**Factor combination**: Protected element = multi-element combination (text + color + pattern + layout) | Infringement method = independent design (each element individually different, but combination is similar) | Business model = product page direct sale

> Legally referred to as "trade dress infringement" or "look and feel infringement." The standard is whether the "overall commercial impression" is likely to cause confusion.

Consider a board game's design — a cover with a specific title typeface, a specific color palette, a specific illustration style, a specific layout arrangement. A counterfeiter "pays tribute" to this game — not using the exact same title, but a very similar typeface; not the exact same colors, but a very similar palette; not the exact same illustrations, but a very similar style. Each individual element looks like it could be independent, but combined, the overall effect is "obviously copying."

Legal teams' pain: "Each element on its own might not constitute infringement, but put together, it's clearly copying us. How do you make the system understand this 'something feels wrong in aggregate' quality?"

How the system handles this: the system decomposes the problem into multiple detectable concrete signals — title text via OCR plus fuzzy matching, logo via Logo Detection, colorway via color analysis, overall visual similarity via CLIP. Each signal independently produces a "similarity score," and the system aggregates all scores for a composite determination. If three or more signals fire simultaneously (text similar, color similar, overall appearance similar), even if no single signal scores particularly high, the aggregate score may still exceed the high-confidence threshold.

A fundamental limitation: if a counterfeiter is truly sophisticated — modifying each concrete element enough that no individual signal fires — the system's aggregate score will not be high. "Pure style imitation" remains a domain where no current AI technology can reliably detect infringement.

Detection coverage: multi-element combination imitation can be detected (aggregate of multiple signals). Pure style imitation cannot be detected.

---

## Chapter 5: The Frontier Challenges — AI Generation and Digital Synthesis

### Scenario 15: The Counterfeiter Used AI to Generate Non-Existent Product Images

**Factor combination**: Protected element = various elements (depends on AI-generated content) | Infringement method = AI generation (depicted product may not physically exist) | Business model = product page direct sale

> Known as "generative AI counterfeits" or "synthetic counterfeits." A rapidly emerging new form of infringement since 2024.

This is an increasingly common new threat post-2025. Counterfeiters no longer need to physically manufacture fakes, photograph them, and list them — they can use AI image generation tools to simply "draw" a polished product image containing a brand logo. The product depicted may not exist in the physical world at all.

Legal teams' pain: "I'm already seeing obviously AI-generated product images on e-commerce platforms. Some are extremely realistic. I'm worried they'll become more prevalent and harder to distinguish by eye."

How the system handles this: the system's visual comparison remains effective — regardless of whether an image was photographed or AI-generated, if it "looks like the genuine product," the AI can detect the similarity. Brand mark detection also remains effective — if a brand logo appears in an AI-generated image, the system can still detect it. However, the system currently cannot determine "whether this image is AI-generated or genuinely photographed" — it can only say "this image looks similar to the genuine product" or "this image contains a brand logo."

Detection coverage: partial. Can detect "looks similar" and "has logo," but cannot distinguish counterfeit renderings from legitimate concept design images.

### Scenario 16: The Photo Background Is Cluttered and the Product Occupies Only a Small Portion of the Frame

**Factor combination**: Protected element = product appearance (contextual factor, not an independent element) | Infringement method = any method (contextual factor is cluttered background) | Business model = product page direct sale or social media

> This is a contextual factor rather than an independent form of infringement; it affects detection difficulty. The industry calls this the challenge of "in-context detection."

E-commerce detail page or social media product photographs are often not clean, white-background product shots. They might be full-body street style photographs where the branded shoe occupies a tenth of the frame. Or a styled table scene where the branded tableware is mixed with other objects.

Legal teams' pain: "Finding fakes in social media outfit photos is even harder. Products are buried under figures and backgrounds."

How the system handles this: the system first attempts to locate "where the product is" within a cluttered image, crops out the product region, and then runs comparison on the cropped image. The localization function recognizes general categories like "shoe" or "bag" — not a specific brand's specific product — so its precision is limited.

Detection coverage: partial. Depends on the product's proportion of the frame and localization accuracy.

---

## Chapter 6: Scenarios the System Must Correctly Not Flag — Avoiding False Accusations

This chapter is the inverse of everything before it. The earlier chapters discussed "how to catch bad actors"; this one discusses "how to avoid wrongly accusing good actors." In counterfeit detection, false positives (flagging legitimate products as counterfeits) may carry higher costs than false negatives — they generate complaints, legal disputes, and potential PR crises.

### Scenario 17: A Legal Competitor Whose Products Look Similar

**Factor combination**: Protected element = product appearance | Infringement method = legal competitor (similar appearance, different brand) | Business model = product page direct sale

> Consumer shorthand now calls these "dupes" or "inspired-by products." Legally they are legitimate — as long as they don't use someone else's trademark or constitute "passing off."

White T-shirts, black wallets, minimal sneakers — some product categories are inherently convergent in appearance. If the system flags every "looks similar" product as counterfeit, legal teams' review queues will be swamped by legitimate competitors and the system becomes "noisy but inaccurate."

Legal teams' pain: "Over 80% of the suspected counterfeits the system sends me are legal competitors. I spend hours each day clearing them out, and the real counterfeits get buried inside."

How the system handles this: this is the core value of the dual-track design. The system doesn't only check "does it look similar?" (visual comparison) — it also checks "does your brand mark appear?" (logo detection). If a product's appearance resembles your genuine product but your logo doesn't appear on it, it is most likely a legal competitor, not a counterfeit. The system classifies it as "Watch List" rather than "High-Confidence Counterfeit."

To further reduce the burden of irrelevant results, the system divides results into four tiers. Tier 1 is High-Confidence Counterfeit: appearance is very similar and logo is confirmed; prioritized for review. Tier 2 is Medium-Confidence Watch: only one signal fired; requires human confirmation. Tier 3 is Low-Value Similar: large volumes of "somewhat similar" generic-design products; automatically filtered and not surfaced to legal teams. Tier 4 is Irrelevant: completely unrelated; automatically ignored.

Detection coverage: covered. Dual-track cross-validation plus four-tier grading is our biggest differentiator from competitors.

### Scenario 18: A Consumer Reselling Their Own Genuine Product on a Secondhand Platform

**Factor combination**: Protected element = logo + product (genuine) | Infringement method = self-photographed (legal resale) | Business model = secondhand market C2C resale

> Protected by the "first sale doctrine" or "exhaustion of rights" principle. The system's exemption rules are essentially an automated implementation of this legal principle.

A consumer lists their own used genuine sneakers on a C2C platform. They photograph the sneakers themselves; the genuine brand logo is clearly visible, but they are obviously not on the brand's authorized seller list. If the system flags them as a counterfeiter and issues an infringement warning, a serious PR problem follows — consumers have the right to resell goods they legally purchased (the exhaustion of rights principle).

Legal teams' pain: "We once sent a warning to a secondhand seller by mistake, and they complained publicly on social media about us 'bullying ordinary people.' It took us a long time to manage the fallout."

How the system handles this: the system checks the product title and description for keywords like "Used," "Pre-owned," "Vintage," "9/10 condition," and similar phrases. If found, the system automatically reduces the infringement weighting and routes the listing to human review rather than directly flagging it as a counterfeit.

A known risk: counterfeiters may exploit this rule by inserting "used" into titles for brand-new high-quality fakes. The system currently cannot fully defend against this abuse. In Stage 2, when the system integrates with structured e-commerce data, inventory quantity can be used for cross-validation — a genuine secondhand seller has only one unit of the same item, so if a title says "used" but inventory shows 999 units, the exemption rule should automatically lapse.

Detection coverage: exemption rules correctly handle most cases. Weaponization risk can only be fully addressed from Stage 2 onward.

### Scenario 19: An Authorized Dealer Using Genuine Images to Sell Genuine Products

**Factor combination**: Protected element = brand photography (genuine) | Infringement method = direct copy (legally authorized use) | Business model = authorized dealer sale

> Known as "authorized reseller" or "official distributor." The system's whitelist mechanism addresses this legitimate relationship.

A brand's authorized dealers are legitimately permitted to use the brand's official product images to sell genuine products. The system's fingerprint matching will fire on these dealers' images, but this is lawful use.

How the system handles this: the brand provides a list of authorized sellers. When the system detects that someone is using genuine product images, it first checks whether the seller is on the whitelist; if so, the listing passes.

Detection coverage: covered, provided the brand maintains and updates the authorization list.

---

## Chapter 7: What We Honestly Cannot Do

The following scenarios are beyond our system's current capability. We have not overlooked them; rather, after thorough analysis, we have determined that they cannot be effectively addressed under current technical and resource constraints. Documenting these limitations is how we avoid over-promising to clients.

### Cannot Do 1: Listing Hijacking

**Factor combination**: Protected element = not applicable (images themselves are entirely legitimate) | Infringement method = not applicable (this is a seller-behavior-level problem) | Business model = listing hijacking (seller piggyback)

> Known in the industry as "listing hijacking" or "BuyBox hijacking," particularly rampant under Amazon's ASIN sharing mechanism.

On platforms like Amazon, counterfeiters can attach their own low-price offers to a legitimate product page that the brand created. All the photos on the page are the brand's own genuine product images; the logo is entirely correct. From an image perspective, everything looks "normal." The problem is not in the image — it is in the seller's pricing behavior and abnormal pricing.

Why we cannot do it: our system is an "image matching engine," not a "seller behavior analysis engine." Hijacking problems require price monitoring and seller identity verification — an entirely different technical stack.

Future direction: when the system integrates with e-commerce platforms in Stage 2, price anomalies (significantly below market price) can serve as a preliminary screening signal, but this is not equivalent to fully solving the hijacking problem.

### Cannot Do 2: Off-Platform Fulfillment (Dark Commerce)

**Factor combination**: Protected element = not applicable (no brand elements on the e-commerce page) | Infringement method = not applicable (instructions propagate across platforms) | Business model = hidden links and bait listings

> Known as "off-platform fulfillment," "dark commerce," or "dark social commerce." Common on closed communication platforms like Telegram, Instagram DM, and WeChat.

Counterfeiters list a completely ordinary generic product on an e-commerce platform (say, a plain mug) — the page's photos and descriptions contain absolutely no brand elements. The actual counterfeit transaction instructions circulate on Telegram or Instagram: "Search for [listing name] on Shopee, and after placing the order, message the seller and say 'I want the real one.'"

Why we cannot do it: the images on the e-commerce platform contain no brand-related clues — there is nothing for an image comparison system to detect. This requires cross-platform social media intelligence integration, which is outside our system's scope.

### Cannot Do 3: Grey Market / Parallel Import

**Factor combination**: Protected element = genuine product with genuine logo (100% authentic) | Infringement method = not applicable (product itself is legitimate) | Business model = grey market parallel import

> Known as "parallel import" or "grey market goods." Legality depends on whether the jurisdiction applies national, regional, or international exhaustion of rights.

The product is 100% genuine and the brand mark is real — the merchandise was simply imported through a channel not authorized by the brand. From an image perspective, a genuine parallel import looks absolutely identical to an authorized genuine product.

Why we cannot do it: image comparison cannot distinguish between "an authorized genuine product" and "an unauthorized genuine product." The grey market problem is fundamentally a supply chain management problem requiring serial number tracking or product traceability technology.

### Cannot Do 4: Video and Live Commerce

**Factor combination**: Protected element = various elements | Infringement method = various methods | Business model = video and live streaming platform sales

> Rapidly growing "live commerce counterfeits" in recent years. Primary battlegrounds are TikTok Shop, Douyin live commerce, and Instagram Reels.

Counterfeiters display high-quality fakes for three seconds in a TikTok short video, or flash a counterfeit past the camera during a live stream.

Why we cannot do it: all of our tools process static images. Video requires additional technical capabilities — extracting key frames from video, tracking objects across frames, analyzing temporal variation. These are entirely different domains from image comparison.

### Known Areas for Future Expansion

Advanced AI-generated image detection: the system currently detects AI-generated product images that are highly similar to genuine products, but cannot definitively distinguish counterfeit renderings from legitimate concept design images. We will evaluate incorporating dedicated synthetic image detection tools in Stage 2 to further improve this capability.

Cross-platform seller image fingerprint association: the system currently operates at the individual image or individual product page level. When the system integrates with more e-commerce platforms in Stage 2, image fingerprints can be linked to seller accounts to build a relationship graph, enabling automatic correlation of "the same batch of counterfeits listed under different accounts on different platforms" — significantly reducing duplicated review work.

### Cannot Do 5: Adversarial Perturbation

**Factor combination**: Protected element = various elements | Infringement method = adversarial image perturbation | Business model = various

> Known as "adversarial perturbation" or "adversarial attack" — adversarial examples targeting AI visual models. Tools capable of generating these have been publicly available since 2024.

As of 2026, publicly available tools exist that can add imperceptible micro-noise to images that completely defeats AI recognition while remaining invisible to human eyes. Just as the human ear cannot hear ultrasound but dogs can, the AI's "eyes" can be severely disrupted by noise the human eye cannot perceive.

Why we cannot do it: defending against this type of attack requires retraining AI models, a capability our current team does not possess. This is a known risk. We recommend that clients maintain a human final review mechanism for high-value cases.

---

## Chapter 8: How the System's Capabilities Are Tiered

The following flowchart shows the complete decision process for a candidate image entering the system.

```mermaid
flowchart TD
    A[Candidate image enters system] --> B[Pre-processing: format conversion, resolution check]
    B --> C{pHash fingerprint match}
    C -->|Match found, not on whitelist| D[🔴 Tier 1: High-Confidence Counterfeit\nPriority queue, no further analysis needed]
    C -->|No match| E[Launch multiple detection channels simultaneously]
    
    E --> F[CLIP visual similarity\nDoes overall appearance match?]
    E --> G[Logo detection\nDoes brand mark appear?]
    E --> H[OCR text recognition\nDoes brand text appear?]
    E --> I[Color analysis\nAre brand signature colors present?]
    
    F --> J{Short-circuit rule check}
    G --> J
    
    J -->|CLIP high score + Logo confirmed| K[🔴 Tier 1: High-Confidence Counterfeit\nPriority queue]
    J -->|Logo confirmed + CLIP moderate| K
    J -->|Neither triggered| L[Enter dynamic weighted scoring]
    
    H --> L
    I --> L
    
    L --> M{Composite score}
    M -->|≥ 0.85 and multiple signals fired| N[🔴 Tier 1: High-Confidence Counterfeit\nPriority review queue + auto-evidence preservation]
    M -->|0.65 ~ 0.85| O[🟡 Tier 2: Medium-Confidence Watch\nGeneral review queue]
    M -->|0.40 ~ 0.65| P[⚪ Tier 3: Low-Value Similar\nAuto-filtered, not surfaced to legal team]
    M -->|< 0.40| Q[✅ Tier 4: Irrelevant\nAuto-ignored]

    R[Text exemption check] --> |Title contains "Used", "Pre-owned", etc.| S[Reduce infringement weighting\nRoute to human review]
    N --> R
    O --> R

    style D fill:#ff4444,color:#fff
    style K fill:#ff4444,color:#fff
    style N fill:#ff4444,color:#fff
    style O fill:#ffaa00,color:#fff
    style P fill:#cccccc
    style Q fill:#44bb44,color:#fff
    style S fill:#4488ff,color:#fff
```

The coverage matrix below summarizes the system's detection capability for each "protected element × infringement method" combination. 🟢 Full coverage, 🟡 Mostly covered, 🟠 Partial coverage, 🔴 Not expanded (reasons A through G explained in Appendix D).

| Protected Element | Direct Copy | Modified Copy | Self-Photographed | Digital Composite | AI Generated | Redrawn |
|---|---|---|---|---|---|---|
| Logo (graphic) | 🟢 pHash+LogoDet | 🟡 CLIP+LogoDet | 🟡 LogoDet/AzureCV | 🟠 LogoDet/AzureCV | 🟠 LogoDet/AzureCV | 🟠 AzureCV adversarial training |
| Logo (wordmark) | 🟢 pHash+OCR | 🟡 CLIP+OCR | 🟡 OCR+string match | 🟡 OCR+string match | 🟠 OCR | 🟠 OCR+fuzzy match |
| Logo (embossed) | 🟢 pHash | 🟡 CLIP | 🟠 CLIP (LogoDet may fail) | 🔴 Not expanded A | 🟠 CLIP | 🔴 Not expanded A |
| Brand text trademark | 🟢 pHash+OCR | 🟡 CLIP+OCR | 🟡 OCR+fuzzy match | 🟡 OCR | 🟠 OCR | 🟠 OCR+homoglyph detection |
| Product form | 🟢 pHash+CLIP | 🟡 CLIP | 🟡 CLIP/FashionCLIP | 🟠 CLIP | 🟠 CLIP | 🔴 Not expanded D |
| Surface pattern (large area) | 🟢 pHash+CLIP | 🟡 CLIP | 🟢 CLIP+TM classifier | 🟠 CLIP | 🟠 CLIP | 🟠 CLIP |
| Surface pattern (localized) | 🟢 pHash | 🟠 CLIP insufficient | 🟠 Cropped CLIP | 🟠 CLIP | 🟠 CLIP | 🔴 Not expanded D |
| Packaging design | 🟢 pHash+CLIP | 🟡 CLIP | 🟡 CLIP | 🟠 CLIP | 🟠 CLIP | 🔴 Not expanded D |
| Brand signature color | 🟢 Detected with image | 🟡 Detected with image | 🟠 Color analysis (auxiliary) | 🟠 Color analysis (auxiliary) | 🟠 Color analysis (auxiliary) | 🟠 Color analysis (auxiliary) |
| Licensed character imagery | 🟢 pHash | 🟡 CLIP | 🟡 CLIP+AzureCV | 🟡 CLIP+AzureCV | 🟠 CLIP | 🟠 CLIP (human judgment required) |
| Certification marks CE/UL | 🟢 Detected with image | 🟡 Detected with image | 🟠 LogoDet (small marks difficult) | 🟠 LogoDet | 🟠 LogoDet | 🔴 Not expanded D |
| Barcodes / QR codes | 🟢 Detected with image | 🟡 Detected with image | 🟠 BarcodeDet (requires clarity) | 🔴 Not expanded A | 🔴 Not expanded F | 🔴 Not expanded F |
| Overall visual combination | 🟢 pHash+CLIP | 🟡 CLIP+multi-signal | 🟠 Multi-signal fusion | 🟠 Multi-signal fusion | 🟠 Multi-signal fusion | 🔴 Pure style undetectable G |

This table is a simplified overview for quick reference. The complete audit table (including scene numbers, coverage details, tool specifics, and rationale for unexpanded combinations) is in Appendix D.

How to read this table: the leftmost two columns are almost entirely 🟢, because stolen image detection is the most mature technology. Moving right, 🟠 and 🔴 increase because the less a counterfeiter relies on the brand's original assets, the harder detection becomes. The rightmost column (Redrawn) is the hardest — the counterfeiter starts from scratch, using nothing from the brand. The bottom row (Overall visual combination) shows 🟠 across all columns from "Self-Photographed" onward, because "feels similar overall" requires multiple signals in combination — no single signal can support the determination.

Plain language for the four tiers: Tier 1 is a red light — the system is highly confident this is a counterfeit; it goes directly to legal for priority action. Tier 2 is a yellow light — legal needs to take a quick look to confirm. Tier 3 is a grey light — large volumes of "somewhat similar" generic products; the system filters these automatically so legal isn't bothered. Tier 4 is a green light — entirely unrelated; automatically ignored. The legal team only sees cases that genuinely merit attention.

The system's detection capability falls into two types.

The first type is "baseline capability requiring no action from the client." This includes stolen image detection, visual similarity matching, brand name text detection, and logo recognition for major brands. Clients simply upload genuine product images and the system is ready. This corresponds to the Starter tier.

The second type is "advanced capability that requires client data to activate." This includes training a dedicated logo recognition model for smaller brands (requires the client to provide training images containing the logo), authorized seller exclusion (requires an authorization list), and precise trademark text matching (requires a complete trademark text list). These capabilities offer higher precision but require some upfront cooperation from clients. This corresponds to the Pro and Enterprise tiers.

This distinction matters: if a client complains "why can't your system even recognize our logo," the first question to ask is "did you provide training images for your logo?" Without providing them, the system only has baseline general recognition capability — the system is not at fault.

---

## Chapter 9: Implementation Plan — Validate Before Building

The work ahead is divided into two phases: spend one to two weeks confirming "whether this approach is viable," and only if it is, invest more resources to build it into a product.

### Step 1: First Clarify What We Don't Yet Know

Before writing any code, we need to answer the following key questions. If the answers are poor, we may need to adjust course or even re-evaluate the entire plan.

What clients need to provide at this stage: five to ten genuine product images as test material; no training data or technical documentation required.

Cost viability: thoroughly investigate the billing rates for each AI service and calculate the all-in cost of "detecting one image." If this cost exceeds what clients are willing to pay, the business model doesn't work.

Search coverage: use the brand's genuine product images to perform reverse image searches, and examine how many results come from actual product pages on e-commerce platforms. If results are overwhelmingly from Pinterest and content farms with no e-commerce counterfeit listings, our baseline detection strategy needs major revision. This is one of the existential checkpoints for the entire plan.

AI visual discrimination: use various AI models to score "how similar" the genuine product image is to a batch of candidate images. The key is not the absolute score values, but whether "counterfeit scores" and "unrelated product scores" have a clear separating gap. If the two distributions heavily overlap, the AI cannot distinguish genuine from fake in this product category — no amount of parameter tuning will fix it.

Google brand mark recognition effectiveness: test Google's Logo Detection against the client's brand to see whether it recognizes it. Major brands will typically work; smaller brands may not.

Text recognition accuracy: test OCR accuracy on e-commerce product images. How much does it vary between Chinese and English, large text and small text, clear and blurry?

Custom logo detection training performance: train a dedicated recognition model using the brand's logo images and evaluate the results. Specifically test: if the logo is modified (reversed, missing strokes, watermarked), can the trained model still recognize it?

False positive stress test: submit a large batch of "somewhat similar but clearly not that brand" generic product images to the system and measure how many false positives are generated. This number directly determines whether legal teams will be overwhelmed by irrelevant results after launch.

Every one of these questions requires testing with real client images; theoretical reasoning is insufficient. Detailed experimental methods and steps are in the Research Agenda appendix.

### Step 2: If Validation Passes, Build the POC (Proof of Concept)

The POC goal is simple: run the complete detection pipeline end-to-end with minimal investment and produce an objective technical feasibility report.

Concretely: use the brand's genuine product images as reference, use search engines to surface a batch of candidate images from the web, then apply the tools described above to analyze each candidate image one by one, flagging which are suspected counterfeits, which are legal competitors, and which are unrelated. Finally, compare the system's determinations against human judgment to calculate precision and recall.

What clients need to provide at this stage: 30 to 50 product photos containing the brand logo (for training the custom logo recognition model). If known counterfeit cases exist, provide those as well to serve as positive test samples.

Estimated resource: one backend engineer, one to two weeks.

POC deliverable: a report that clearly answers "whether this technical approach is effective in the client's product category, how good the results are, what the cost is, and what the explicit limitations are." The report translates technical metrics into business language — for example, "the system filtered out X% of irrelevant results, saving the legal team an estimated Y hours of review per month" and "the POC identified Z high-confidence counterfeits, which at average platform order values represents an estimated W in potential revenue loss intercepted." All subsequent product and client decisions are grounded in this report.

### Step 3: If POC Succeeds, Build the MVP Product

After the POC validates technical feasibility, invest more resources to build it into a product genuinely deliverable to clients. This includes: a brand reference database management interface, the dual-track detection pipeline, four-tier automatic grading, side-by-side comparison reports (usable directly for e-commerce platform takedown filings), a human review interface, and automatic evidence preservation (when the system determines a listing is high-confidence counterfeit, it automatically captures a webpage screenshot, saves the infringing image, records a timestamp, and generates a one-click PDF evidence report in the format required by e-commerce platforms — the legal team simply downloads and submits, reducing takedown preparation from 20 minutes to a few seconds).

What clients need to provide at this stage: confirmation of the authorized seller list (which can be updated on an ongoing basis), confirmation of the product categories and brand scope to monitor, and designation of one legal team member as the pilot program point of contact.

Detailed implementation steps and technical architecture are in the POC Implementation Plan appendix.

---

## Appendix A: Plain Language Explanations of the Seven Tools

### Tool 1: Google Cloud Vision API

This is a suite of AI image analysis services provided by Google. It functions like a Swiss Army knife with several different capabilities.

Reverse Image Search (Web Detection): you provide an image and it searches the web to find "which websites contain this image or images that look very similar." Effectively the same as Google Images reverse search, but accessible programmatically.

Brand Mark Recognition (Logo Detection): you provide an image and it tells you whether any recognized brand logos appear and where in the image they are located. Google's database covers thousands of well-known brands.

Text Recognition (Text Detection / OCR): it reads text from images — whether it's a brand name printed on a product, copy on packaging, or promotional text overlaid on the image.

Barcode Recognition (Barcode Detection): it reads barcodes and QR codes from images. If the brand provides a genuine barcode database, the codes can be compared for a match.

Object Localization: it can identify "where in a cluttered photo the product is" and draw a bounding box around it. In a lifestyle shot, it can locate shoes, bags, and watches. But it recognizes only generic categories ("this is a shoe"), not specific brands.

Cost: each capability is billed separately; the first 1,000 uses per month are free. Beyond that: $1.50 to $3.50 per 1,000 requests.

### Tool 2: CLIP and FashionCLIP (Visual Similarity Matching)

CLIP is an AI model developed by OpenAI. It "understands" an image as a set of numbers (engineers call this a "vector"), then determines "how similar" two images are by calculating the distance between their respective vectors.

An analogy: imagine placing every image in a vast multidimensional space. Similar-looking images are placed near each other; completely different ones are placed far apart. CLIP determines where each image belongs in this space.

FashionCLIP is the "fashion edition" of CLIP — it was additionally trained on 800,000 fashion product items, so it outperforms standard CLIP when recognizing apparel, footwear, and bags. If the client's product category is fashion-related, we automatically switch to FashionCLIP.

Cost: completely free. The model runs on our own hardware; no API fees. Processing time is approximately 1 to 3 seconds per image.

### Tool 3: pHash (Perceptual Hashing / Image Fingerprinting)

Computes a short "fingerprint" (a string of numbers) for each image. The closer two images' fingerprints, the more similar the images. Identical images produce identical fingerprints.

Difference from CLIP: pHash only detects "nearly identical" stolen images and completely fails for images with different compositions. CLIP understands "similar overall appearance" even with different compositions. The two are complementary — pHash handles the simplest copy cases (fast, cheap); CLIP handles more complex similarity matching (slower but smarter).

Cost: completely free; millisecond processing speed.

### Tool 4: Pillow and OpenCV (Image Pre-processing)

Before submitting images to AI analysis, preliminary "cleaning" work is required — format conversion, orientation correction, size normalization, color extraction. Like washing vegetables before cooking: properly cleaned ingredients lead to smoother cooking downstream.

Cost: completely free.

### Tool 5: Bing Image Search API

Searches for images using text keywords. For example, searching brand name plus product category to see whether any counterfeits appear in the results.

Difference from Tool 1: Tool 1 is "image-to-image search" (I have an image, find similar images); Tool 5 is "text-to-image search" (I have a brand name, find product images containing it). The two search directions are different and mutually complementary.

Cost: first 1,000 uses per month are free.

### Tool 6: Text Matching Rules

A set of rules for comparing brand name text — including fuzzy matching (tolerating one or two character differences), Unicode normalization (treating visually identical characters from different scripts as the same character), and homoglyph detection (using the confusable_homoglyphs open source library, based on Unicode's official confusable characters table).

Cost: completely free.

### Tool 7: Azure Custom Vision and Teachable Machine

Azure Custom Vision is a Microsoft service that lets you train a custom image recognition model without writing any AI code — simply drag and drop images. Its biggest advantage is "object detection" — it doesn't just tell you "is this logo in the image?" but also "where in the image is the logo, and how large?"

Each brand needs 30 to 50 logo-containing training images to train its own recognition model. Once trained, the model can be exported and run on your own hardware.

Important note: Microsoft has announced this service will be discontinued in September 2028. It can be used normally until then; already-exported models will continue to run locally, but new models cannot be created after that date. Long-term alternatives will need to be evaluated.

Teachable Machine is a simpler Google tool for "image classification" (present or absent), but cannot do localization (where). We use it to recognize brand-specific patterns and colorways.

Cost: Azure Custom Vision free tier includes two projects and 10,000 recognitions per month. Teachable Machine is completely free.

---

## Appendix B: Why These Tools — Trade-off Rationale

Why CLIP rather than training a custom model: our team can run recognition using existing AI models but does not have the capability to train a new AI model from scratch. CLIP is one of the best publicly available visual understanding models and can be loaded and used directly.

Why Azure Custom Vision rather than Teachable Machine for logo detection: Teachable Machine can only answer "is the logo in the image?" Azure Custom Vision can answer "where in the image is the logo, and how large?" When a product photo has a cluttered background and the logo occupies only a tiny fraction of the frame, this difference in localization capability matters significantly.

Why rely on Google's services rather than building our own: Google's Logo Detection covers thousands of major brands; we could not possibly build our own database of that scale. The downside is that Google's service is a "black box" — we cannot control its recognition logic or improve its performance on specific brands.

Why not run all tools on every image: every tool has a cost (either API fees or compute time). Running all seven tools on every candidate image would be extremely expensive. The correct approach is a "funnel" — use the cheapest and fastest tools first to eliminate obviously irrelevant images, and only apply expensive tools to the remaining suspicious images for deeper analysis.

---

## Appendix C: Research Agenda — Fifteen Things We Need to Clarify

The following are items that need to be validated with real data before and during formal development. Each is annotated with an approximate time estimate and the decisions it affects. Complete experiment steps and methods are in the Experiment Action List document.

Three things that must be answered before starting (approximately 3 to 5 days): actual effectiveness of Google's five sub-capabilities on the client's brand; how many e-commerce platform counterfeits the search engine can surface; comparison of different AI models' discriminative power in the client's product category.

Five things to validate on an ongoing basis during development (approximately 3 to 4 days): the impact of different image pre-processing approaches on recognition effectiveness; image fingerprint performance on real data; the combined effectiveness of text recognition plus brand name matching plus homoglyph defense; the consistency of color comparison as an auxiliary signal; the extent to which defensive image processing affects normal recognition.

Five things to answer before product design (approximately 3 to 5 days): the optimal strategy for combining multiple signal channels into a final determination; how much detection thresholds vary across different product categories; the logo detection accuracy and adversarial robustness of an Azure Custom Vision trained model; what proportion of reference images uploaded by brands are "problematic"; memory footprint and model loading strategy for each tool.

Two things that can be done at any time: actual distribution of counterfeits across different product categories; model management strategy as client count grows.

---

## Appendix D: Factor Combination Audit Table

This appendix answers two questions: first, which factor combination does each scenario correspond to? Second, which theoretically possible combinations were not discussed, and why?

### Complete Definitions of the Three Dimensions

Dimension A — Protected elements (13 values): pure graphic logo, wordmark, composite mark, embossed/debossed logo, brand text trademark, registered trademark color, product form, surface pattern, packaging design, brand photography, original illustrations and patterns, licensed character imagery, certification marks, barcodes.

Dimension B — Source of infringing image (6 values): direct copy, modified copy, self-photographed counterfeit, digital composite (Photoshop splice), AI generated, redrawn close approximation. Additionally, "legal competitor" is included as a control — it is not infringement but is processed by the system.

Dimension C — Business model (5 values): product page direct sale, listing hijacking, off-platform fulfillment, grey market parallel import, secondhand market resale.

The theoretical total number of combinations is 13 × 6 × 5 = 390. This document discusses 24 meaningful scenarios, covering all real-world cases that occur and require different handling.

### Scenario Mapping Table (Protected Element × Infringement Method)

Each cell in the table indicates three things: the corresponding scenario number, coverage level (🟢 Full / 🟡 Mostly / 🟠 Partial / ⬛ Not expanded), and the tools or approaches used. Cells marked "⬛ Not expanded" represent combinations not expanded into independent scenarios; reason codes (A through F) are explained in the following section.

| Protected Element ╲ Infringement Method | Direct Copy | Modified Copy | Self-Photographed | Digital Composite | AI Generated | Redrawn |
|---|---|---|---|---|---|---|
| **Pure graphic logo** | Scenario 1 🟢<br>pHash + Logo Detection | Scenario 2 🟡<br>CLIP + Logo Detection | Scenario 3 🟡<br>Logo Detection / Azure CV | Scenario 6 🟠<br>Logo Detection / Azure CV | Scenario 15 🟠<br>Logo Detection / Azure CV | Scenario 4 🟠<br>Azure CV adversarial training |
| **Wordmark** | Scenario 1 🟢<br>pHash + OCR | Scenario 2 🟡<br>CLIP + OCR | Scenario 7 🟡<br>OCR + string matching | Scenario 6 🟡<br>OCR + string matching | Scenario 15 🟠<br>OCR | Scenario 7 🟠<br>OCR + fuzzy match |
| **Composite mark** | Scenario 1 🟢<br>pHash + Logo Detection + OCR | Scenario 2 🟡<br>CLIP + Logo Detection + OCR | Scenario 3 🟡<br>Dual-track fusion (Logo Det + OCR) | Scenario 6 🟠<br>Dual-track fusion | Scenario 15 🟠<br>Dual-track fusion | Scenario 4 🟠<br>Azure CV + OCR |
| **Embossed/debossed logo** | Scenario 1 🟢<br>pHash | Scenario 2 🟡<br>CLIP | Scenario 3 🟠<br>CLIP (Logo Det may fail) | ⬛ Not expanded A | Scenario 15 🟠<br>CLIP | ⬛ Not expanded A |
| **Brand text trademark** | Scenario 1 🟢<br>pHash + OCR | Scenario 2 🟡<br>CLIP + OCR | Scenario 7 🟡<br>OCR + fuzzy match | Scenario 7 🟡<br>OCR | Scenario 15 🟠<br>OCR | Scenario 7 🟠<br>OCR + homoglyph detection |
| **Registered trademark color** | ⬛ Not expanded B<br>(merged into Scenario 1) | ⬛ Not expanded B<br>(merged into Scenario 2) | Scenario 9 🟠<br>OpenCV color analysis (auxiliary) | Scenario 9 🟠<br>Color analysis (auxiliary) | Scenario 9 🟠<br>Color analysis (auxiliary) | Scenario 9 🟠<br>Color analysis (auxiliary) |
| **Product form** | Scenario 1 🟢<br>pHash + CLIP | Scenario 2 🟡<br>CLIP | Scenario 5 🟡<br>CLIP / FashionCLIP | ⬛ Not expanded C<br>(merged into Scenario 5) | Scenario 15 🟠<br>CLIP | ⬛ Not expanded D |
| **Surface pattern** | Scenario 1 🟢<br>pHash + CLIP | Scenario 2 🟡<br>CLIP | Scenario 11 🟢<br>CLIP + Teachable Machine classifier | ⬛ Not expanded C | Scenario 15 🟠<br>CLIP | Scenario 11 🟠<br>CLIP |
| **Packaging design** | Scenario 12 🟢<br>pHash + CLIP | Scenario 12 🟡<br>CLIP | Scenario 12 🟡<br>CLIP | ⬛ Not expanded C | Scenario 15 🟠<br>CLIP | ⬛ Not expanded D |
| **Brand photography** | Scenario 1 🟢<br>pHash + Web Detection | Scenario 2 🟡<br>CLIP + Web Detection | ⬛ Not expanded E<br>(logic doesn't hold) | ⬛ Not expanded E | ⬛ Not expanded F | ⬛ Not expanded E |
| **Original illustrations and patterns** | Scenario 1 🟢<br>pHash | Scenario 2 🟡<br>CLIP | Scenario 11 🟡<br>CLIP (printed on counterfeit) | ⬛ Not expanded C | Scenario 15 🟠<br>CLIP | Scenario 11 🟠<br>CLIP (legal judgment requires human) |
| **Licensed character imagery** | Scenario 1 🟢<br>pHash | Scenario 2 🟡<br>CLIP | Scenario 13 🟡<br>CLIP + Azure CV | Scenario 13 🟡<br>CLIP + Azure CV | Scenario 15 🟠<br>CLIP | Scenario 13 🟠<br>CLIP (legal judgment requires human) |
| **Certification marks** | Scenario 1 🟢<br>Detected with image | Scenario 2 🟡<br>Detected with image | Scenario 8 🟠<br>Logo Detection (small marks difficult) | ⬛ Not expanded A | Scenario 15 🟠<br>Logo Detection | ⬛ Not expanded D |
| **Barcodes / QR codes** | Scenario 1 🟢<br>Detected with image | Scenario 2 🟡<br>Detected with image | Scenario 10 🟠<br>Barcode Detection (requires clarity) | ⬛ Not expanded A | ⬛ Not expanded F | ⬛ Not expanded F |

Of the theoretical 14 elements × 6 infringement methods = 84 cells: 60 have corresponding scenarios (green/yellow/orange) and 24 are marked "Not expanded" with rationale explained below.

### Business Model Dimension Scenario Mapping

Most scenarios belong to the "product page direct sale" business model. Scenarios belonging to other business models are listed separately:

| Business Model | Corresponding Scenario |
|---|---|
| Product page direct sale | Scenarios 1 through 16 (16 total) |
| Listing hijacking | Cannot Do 1 |
| Off-platform fulfillment | Cannot Do 2 |
| Grey market parallel import | Cannot Do 3 |
| Secondhand market resale | Scenario 18 |

Legal but requiring correct handling: Scenario 17 (legal competitor), Scenario 19 (authorized dealer). Media type beyond scope: Cannot Do 4 (video and live streaming). Technical capability beyond reach: Cannot Do 5 (adversarial perturbation).

### Rationale for Unexpanded Combinations

Reason A: for elements with physical three-dimensional characteristics — embossed/debossed logos, certification marks, barcodes — digital composite (Photoshop splice) and redrawn versions are extremely rare in the real world. Counterfeiters have no incentive to Photoshop an embossed effect when it's easier to simply photograph the genuine embossed counterfeit. Probability of occurrence is negligible; not expanded into independent scenarios.

Reason B: for registered trademark colors, "direct copy" and "modified copy" infringement methods carry the color along with the stolen photograph — no independent color detection channel is needed, as these are already handled within Scenarios 1 and 2. Color detection as an independent signal only has value in the "self-photographed counterfeit" case.

Reason C: for product form, surface patterns, packaging design, and original illustrations, "digital composite (Photoshop splice)" as an infringement method has identical processing logic to "self-photographed counterfeit" — the system uses visual similarity comparison in both cases and cannot distinguish between "a Photoshopped fake product image" and "a photo of a genuine physical counterfeit." Handled as merged.

Reason D: for product form, packaging design, certification marks, and certain other elements, "redrawn close approximation" in the form of hand-drawn sketches will have sufficient visual divergence that even CLIP may fail to make a determination. If it is a high-quality digital redraw, the handling approach is the same as "AI generated" and has been merged into Scenario 15.

Reason E: for brand photography itself, "self-photographed," "digital composite," and "redrawn" as infringement methods are logically incoherent — "infringement of photography" presupposes that a specific photograph taken by the brand was stolen. If a counterfeiter took an entirely new photograph, that is not copyright infringement of the photography work; it is another type of infringement (product form, product appearance, etc.) already covered in Scenarios 5 and 11.

Reason F: for brand photography and barcodes, "AI generated" as an infringement method has a different logical interpretation — AI does not "generate a specific photographic work" or "generate real barcode numbers." If such a case occurs, it is fundamentally a new image detection problem already addressed in other scenarios.

Reason G: for the overall visual combination under "pure style imitation" — where the counterfeiter copies no specific concrete element (no logo, no text, no pattern, no color) but the "overall feel" resembles the brand — this exceeds the capability of all current AI visual technology. Even human designers may debate "does this count as copying style?" Legally, pure style is typically not protected by trademark or copyright (unless it can be proven to constitute Trade Dress infringement).

### Coverage Levels by Scenario

Fully covered scenarios (11): Scenarios 1, 2, 5, 11, 12, 17, 19, plus Cannot Do 1, 2, 3, 4, 5 (these five represent explicit non-coverage — which is itself a complete form of handling).

Mostly covered scenarios (5): Scenarios 3, 6, 7, 9, 18.

Partially covered scenarios (8): Scenarios 4, 8, 10, 13, 14, 15, 16, and conditionally handled special scenarios.

### How to Use This Appendix

If a client presents a specific scenario not directly covered in the main document (e.g., "someone used AI to generate a photo containing our embossed logo"), locate the appropriate "protected element × infringement method" cell in the dimension table and see which scenario handles it. If no corresponding scenario is found, check the "Rationale for Unexpanded Combinations" to confirm whether that combination was merged with another or explicitly excluded.