TripleLock is Icons.com’s new authentication system for signed memorabilia. It joins an encrypted NFC tag, an upgraded Certificate of Authenticity, and a paired hologram into one record. For serious buyers of Football Shirts, the value is item-level proof. The system shows the exact shirt, time, and place of signing, and binds those details to a unique digital identity. Tap the tag with a modern phone and check the secure verification page. Then cross-check the COA and hologram codes. Screenshot everything and file it with your purchase documents for future resale and insurance.
"TripleLock™ is new to Icons.com. For now, only certain products are authenticated with this technology. These items can be identified with the TripleLock™ seal overlaid on the top right of a product's main image. This does not mean items sold on Icons.com that are not TripleLocked cannot be trusted as authentic, only that they do not carry TripleLock™ technology." -- Icons.com Statement
Why TripleLock matters for Football Shirt authentication
Collectors face three recurring risks: generic proof, transplantable COAs, and silent swaps. Legacy COA and hologram models can be strong, but the proof is mainly physical. Tampering or loss reduces confidence. TripleLock addresses this by turning each signed shirt into a verifiable digital identity. The NFC tag acts as an access key to a secure record, not just a number printed on paper. That record links to a unique signing photo and to the physical holograms on both shirt and COA. The result is layered evidence that is harder to transplant and easier to check. Collectors who archive the digital page, the photo, and the codes preserve long-term liquidity.
Below is the Icons.com TripleLock tag provided with new Lionel Messi items.
How TripleLock works and where the value appears
TripleLock works in three steps. First, tap the embedded NFC tag with a modern smartphone. The phone opens a secure verification page. Icons states this page is operated and verified by Crane Authentication. Second, compare the page details to the shirt in hand. Check player, product, size, print, and any framing notes. Confirm the date and location of the signing. Third, cross-check physical and digital references. Match the serial shown on the page to the hologram on the shirt and to the hologram on the COA. The page shows a unique photo taken at the exact signing moment, which makes visual checks practical. Icons indicates a delivery slip points to the tag’s location. Save screenshots of the page and the photo. File them with your invoice. These steps improve confidence at purchase and remove friction when you resell.
For the first time in Icons.com history, there finally is individual signing proof provided with each authentication.
What proof TripleLock stores and protects
TripleLock binds four proof elements. The digital record shows provenance details and maps to a unique identifier read from the NFC tag. The upgraded COA mirrors that identity and includes the same unique code and the exact signing photo. The twin holograms on the shirt and the COA display matching serials and have tamper-evident features. The signing photo is critical. It shows your specific shirt at the table, not a generic session image. That lets you match model and era details such as sponsor, patch style, and printing variant. It also helps you check signature placement and pen behaviour on that fabric. If the shirt and COA stay together but the NFC record does not match, you know something changed. This three-way binding reduces common attack paths and supports robust documentation.
Find more data to be added with each item in the future.
Icons legacy hologram authentication vs. TripleLock
Icons’ legacy model uses a printed COA plus a tamper-evident hologram on both item and certificate. Matching numbers provide a physical link. This is better than generic shop certificates and has deterred casual fakes for years. The limits are structural. A COA can be copied. A hologram can be moved. There is no public serial look-up tied to an item-level photo for every piece. TripleLock raises the bar. It keeps the printed COA and hologram, but adds an encrypted NFC identity and an individual signing photo for the exact shirt. The secure page binds all three elements. A mismatch between the digital record, the shirt hologram, and the COA hologram becomes visible. This hybrid model preserves the familiar paper trail while giving buyers an instant, item-specific check they can perform themselves.
| Aspect | Icons legacy hologram and COA | Icons TripleLock |
|---|---|---|
| Core components |
Printed COA plus tamper evident hologram sticker on item and certificate, with matching numbers. |
Embedded encrypted NFC tag, upgraded COA with exact signing photo, and twin tamper proof hologram, all linked in a single digital record. |
| Where proof lives |
Primarily in physical items, the COA and hologram. Internal Icons records support this but are not exposed item by item to collectors. |
In a hybrid physical and digital system, NFC tag and online record as primary proof, mirrored by the COA and hologram. |
| How buyers verify |
By visually checking hologram quality and matching numbers between item and COA, and by relying on Icons’ reputation and any available signing media. |
By tapping the NFC tag to open a secure Crane Authentication page for that specific item and cross checking that record with the COA and hologram. |
| Third party role |
Holograms are produced by a specialist brand protection manufacturer, but verification is essentially an Icons promise. |
Crane Authentication provides the secure verification portal, giving a semi independent technical layer around Icons’ data. |
| Proof assets |
COA text with signing details, hologram, and often generic signing photos or videos of the session. |
Digital record and COA with provenance, signing details, a unique exact signing photo, NFC identity, and serialised hologram codes. |
| Item level vs session level |
Strong on session level proof. You know the player and event, but not always have an image of your exact item. |
Explicitly item level. Each TripleLocked piece is meant to have its own signing photo and dedicated record. |
| Chain of custody visibility |
Relies on Icons’ internal controls and reputation. The chain from signing to buyer is not surfaced in a structured way. |
Makes the chain more visible by registering the NFC tag, COA and hologram together at dispatch, so mismatches and swaps become easier to detect. |
| Typical vulnerabilities |
COAs and holograms can be copied or transplanted, and there is no public serial lookup. The system relies heavily on trust and physical integrity. |
A determined attacker would have to defeat NFC security, replicate holograms, and produce a plausible digital record. The bar is higher, but exact chip security details still matter. |
| Coverage in Icons catalogue |
Used widely across many products and players for years. |
New and currently only applied to selected items marked with the TripleLock seal, starting with the new Messi range. |
Below is an example of the legacy hologram and COA and the new TripleLock authentication being available online as well.
TripleLock in practice: verification steps that protect value
Start with the NFC scan. Confirm the player, product, signing date, and location on the secure page. Compare the unique signing photo to your shirt. Check crest, sponsor variant, season code if printed on the collar tag, and competition patches if present. Verify signature placement. Look for ink flow that fits polyester or heat-applied numbers. Match the hologram serial on the shirt and on the COA to the serial on the page. Photograph both holograms with clear focus. Save the NFC page and the signing photo as PDFs or images. Note the delivery slip tag location for future reference. If you sell, transfer the authentication and share your archive with the buyer. This workflow aligns with our guidance across the Knowledge Base and preserves resale liquidity.
What TripleLock claims about security and custody
Icons positions the NFC tag as encrypted and the platform as tamper-aware. The company states scans go to a secure page verified by Crane Authentication. Icons also states the record includes an item-specific signing photo, date stamp, and geolocation. They note that TripleLocked items are currently a subset of the catalogue and carry a visible seal on product pages. Icons further states that tampering with tags or moving holograms will trigger inconsistencies on the verification page. They also say the record is transferable to a new owner. Collectors should still act prudently. Review the signing image, compare serials, and keep full documentation. For older Icons items, rely on COA, hologram, and any session images. Use the same cross-check routine and record screenshots for your files.
TripleLock vs Fabricks NFC: same tool, different story
Both systems use NFC plus a digital record. The difference is focus. TripleLock is signing-centric. It answers whether a specific shirt was signed within Icons’ controlled session, at a known time and place, with an item-level image that matches your shirt. Fabricks is match-centric. It answers whether a shirt was worn in a specified fixture by a specific player. The Fabricks page shows match metadata such as competition, opponent, venue, and date. It is used across MatchWornShirt auctions and partner clubs. For a signed retail shirt, TripleLock’s signing photo and serial binding are the relevant checks. For a match-worn shirt, Fabricks’ pre-match tagging and post-match certificate are the relevant checks. In both cases, keep the digital record, the physical labels, and any third-party documentation together.
Risks, red flags, and how to respond
For legacy Icons items, the main risk is separation or replacement of the COA and hologram. Compare serials and look for glue disturbance or misaligned edges around labels. Ask for proof beyond a generic signing photo. For TripleLocked items, watch for data mismatches: a serial that does not match, a signing photo that shows different printing or patches, or a page that fails to load on multiple phones and networks. For Fabricks, check match data carefully. Confirm the fixture, competition, and player identity and look for jersey features that align with that match. In all cases, document your checks with time-stamped photos and page captures. If something does not align, do not proceed until the seller provides a coherent, verifiable explanation.
Below is an example of the original legacy hologram and COA certifcation. As the COA is separate, it features a hologram with a number, which matches with the hologram and number embedded in the shirt. Vor verification, many collectors also ask for the original invoice, when available, to secure proper provenance.
NFC embedded chips: what this trend means for collectors
NFC brings item-level identities to shirts. That helps proof survive framing, moves, and time. It also standardises how buyers can check items without specialist tools. Expect broader use across signed and match-worn markets and more platforms that support ownership transfer. For collectors, two habits will preserve value. First, always link the digital identity to the physical item with photos and serial notes. Second, keep a local archive of the digital record. Save the web page and the signing photo or match certificate. If a platform changes in the future, your files bridge any gaps. NFC is not a substitute for critical thinking. It is a tool that, when combined with exact photos, trusted issuers, and good record-keeping, strengthens provenance and reduces avoidable mistakes.
Practical links and where to verify
To verify a TripleLock item, tap the shirt and open the secure page. For background, review Icons’ TripleLock overview. For legacy Icons purchases, read the Icons authentication page. For Fabricks, see MatchWornShirt’s authentication page and the Fabricks site. For collecting methods and proof workflows, explore our Knowledge Base and related practice notes in Collecting. Use these sources alongside your own due diligence before you buy.
Related guides and resources
Frequently Asked Questions
It means the shirt’s NFC identity, COA with a unique signing photo, and twin hologram are linked in one secure record you can verify on a phone.
Match the hologram serials on shirt and COA, check the COA details, then view the secure page on another device and archive screenshots for your records.
Compare crest, sponsor, patches, size code and printing style to the photo, and confirm the signature placement and pen behaviour on that fabric.
No. TripleLock proves a controlled signing; match-worn status needs a Fabricks certificate or equivalent match provenance with independent photo-match.
Physical COA, clear photos of both holograms, NFC page and signing photo captures, the original invoice, and any extra proof that ties to the item.