Product counterfeiting and theft are on-going problems in supply chains and retail environments, but not a lot of work has been done to address these problems through the cost-effective use of auto-identification technologies such as bar-codes, near-field communication (NFC), or radio-frequency identification (RFID). In this paper, we propose an RFID-based anti-counterfeiting and anti-theft scheme that can be used to detect counterfeit items at the point of purchase by a consumer. The proposed system is lightweight and suited for deployment in large-scale retail environments using low-cost passive tags. We also undertake an analysis of a recent scheme proposed by Tran and Hong to highlight some of the weaknesses of their scheme. A detailed security analysis of the proposed scheme shows that it satisfies the formal requirements of security correctness and is resistant to compromise through security attacks.