Fiscal storage

from Wikipedia, the free encyclopedia

As fiscal memory special secure storage units are mainly used in cash registers and taximeters referred. Sales data are to be stored in these memories in such a way that they cannot be manipulated and can be used by tax authorities for auditing purposes (especially in the context of external audits ). Fiscal stores are required by law in a number of countries.

Background and story

With the change from paper-based bookkeeping to electronic systems in the second half of the 20th century, it became possible to change data relatively easily and without the possibility of proof. In many areas of application this played and still does not play a major role. Electronic cash registers, however, were increasingly used to retrospectively shorten recorded sales.

In order to curb the possible evasion of taxes and social security contributions, the first fiscal storage systems were developed in Italy in the early 1980s and have been mandatory there ever since. The basic approach has been adopted in other countries, in most cases with a number of detailed changes. In the course of time, very inconsistent legal, organizational and technical solutions have emerged.

Since fiscal storage systems require a high level of development effort, practically always require certification and this must be renewed with every or at least every major product change, they often lead to a considerable hindrance to further development.

Since fiscal storage systems are often purely national solutions that mostly come from local providers, documentation is often only available in the respective national language. There are practically no descriptions of the international situation.

technology

Very different systems have been developed over time. They can be roughly divided into the following categories:

Conventional systems

In accordance with the technology available in the 1980s, these systems are primarily based on mechanical protection of the storage unit combined with design requirements for the overall system. The actual fiscal memory at that time consisted of EPROMs that were permanently connected to a microprocessor to form a module, e.g. B. with resin . As a result, the EPROM memory could no longer be deleted. Due to the small storage capacity, only daily sales totals are saved. In order to make such a system secure, it must be protected against tampering, as otherwise the sales could be manipulated before they are written to the fiscal memory. As a result, the entire cash register must be sealed and the hardware and software certified.

Fiscal printer

The increasing modularization of cash registers, i. H. The separation into keyboard, screen / display, CPU unit and printer contradicted the original concept of integrating all components in one housing. This was solved by the concept of the “fiscal printer”. The fiscal storage module is built into the modular printer. It depends on the system architecture whether the other components of the system require certification or not.

Conventional systems with electronic journal

Since the journals originally used and printed on paper (i.e. the recording of all booking details) can hardly be checked and evaluated in practice and the available storage capacities e.g. B. grew rapidly through flash memory , solutions with an electronic recording of the journal were increasingly developed.

Cryptography

In a further effort to make the systems more secure, data in some systems was cryptographically secured. So z. B. encryption is used in the Swedish solution. So far, the principle of " security through obscurity " has been applied - cryptographic solutions based on current standards are very rare (e.g. in the fiscal system planned in Belgium, which uses a smart card with a clearly defined interface for signature generation).

Online systems

In some countries (e.g. Serbia) the systems have been supplemented by online data transmission directly to the financial administration.

Countries with fiscal storage compulsion

Exemplary overview of countries with legally prescribed fiscal storage

  • Argentina
  • Belgium (only for gastronomy, introduction planned for 2013, then postponement to 2015, finally in force at the end of 2016)
  • Brazil
  • Bulgaria
  • Greece
  • Germany (since 2017, from 2020 according to KassenSichV)
  • Italy
  • Canada, Province of Quebec
  • Croatia
  • Latvia
  • Lithuania
  • Austria ( Cash Register Security Ordinance )
  • Poland
  • Romania
  • Russia
  • Sweden
  • Slovenia
  • Turkey
  • Venezuela

Practical use

Practice shows that many fiscal storage systems are not particularly effective. Technical attacks are rarely the problem, instead data is simply not recorded in the cash register with the fiscal memory (but not at all or in a "non-fiscalized" cash register).

This press report shows as an example that a fiscal storage system can be largely ineffective without ongoing controls:

“With 80 tax inspectors, state power moved into the glamorous Italian ski resort of Cortina d'Ampezzo early in the morning. […] In the shops, hotels and restaurants where a tax investigator was sitting next to the cash register the day before New Year's Eve, sales skyrocketed. Restaurants took double the previous day and three times as much as before New Year's Eve 2010. In luxury boutiques, sales even quadrupled. "

The required controls are differently simple and differently effective depending on the chosen technical approach. Ideally, a control does not require access to the system, but can be carried out using receipts. These then of course have to be forgery-proof, which can only be achieved using cryptographic processes.

Alternatives

INSIKA

The INSIKA system, which was developed in Germany but has not yet been legally introduced, pursues the same goals as a fiscal store, but with different conceptual and technical approaches. In contrast to a fiscal storage system, there are hardly any technical requirements, but an at least equivalent level of security is achieved. The requirement is the integration of a smart card reader. There are no running costs. The necessary controls are easier to carry out than with conventional fiscal storage systems due to the signatures on the receipts.

EFSTA procedure

A procedure has been developed by the Austrian European Fiscal Standards Association (EFSTA) which provides for the immediate electronic transmission of the resulting fiscal data in encrypted and signed form to a trustworthy, independent third party. Technical requirements are a local software installation on the PC cash register and an Internet connection. Efsta cannot easily be used on non-PC-based systems. There are running costs for the internet connection and the efsta service. The safety of the procedure has been confirmed by experts. In contrast to conventional (hardware-based) fiscal storage systems, a location-independent control of the data saved in this way is also possible.

Data analysis

In countries where technical requirements for cash registers are politically undesirable or unenforceable, the tax authorities often make do with requiring the recording of individual transactions and access to this data. The legal bases for this already exist in most cases (in Germany they are anchored in the tax code and specified in the GoBS and the GDPdU ), they only have to be applied to cash registers (in Germany by the BMF letter of 26 November 2010) . By analyzing the individual transactions, manipulations can be uncovered in many cases, which, however, is associated with a very high audit effort. However , manipulations carried out by zapper software are difficult to detect.

Individual evidence

  1. Dr. Norbert Zisky, Jens Reckendorf: Whitepaper: Fiscal Systems - Requirements and Solutions. (PDF) June 2014, accessed on September 10, 2018 .
  2. ^ Richard T. Ainsworth: Electronic Tax Fraud - Are There 'Sales Zappers' in Japan? Boston University School of Law, 2008, p. 16 , accessed November 20, 2012 .
  3. Het Geregistreerd Kassasysteem (GKS). Ministry of Finance of Belgium, accessed on 10 September 2018 (Dutch).
  4. Cash register legislation becomes effective 1 January 2010. (No longer available online.) Ministry of Finance Sweden, formerly in the original ; Retrieved November 20, 2012 .  ( Page no longer available , search in web archives )@1@ 2Template: Dead Link / www.skatteverket.se
  5. ^ Mandatory Billing. (PDF) Québec Treasury, October 2017, accessed September 10, 2018 .
  6. In the land of the extremely rich poor. Spiegel Online, January 7, 2012, accessed November 21, 2012 .
  7. Assessment of the efsta (European Fiscal Standards Association) - procedure from an information security point of view (data security and data protection). (PDF) University of Applied Sciences Upper Austria Faculty for Computer Science, Communication and Media Hagenberg Campus, July 3, 2013, accessed on September 10, 2018 .
  8. BMF letter of November 26, 2010. (No longer available online.) Federal Ministry of Finance, archived from the original on August 25, 2012 ; Retrieved November 22, 2012 . Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. @1@ 2Template: Webachiv / IABot / www.bundesfinanzministerium.de