Fiscal memory devices
As a fiscal memory special secure storage units are referred to primarily in cash registers and taxi meters. In these stores sales data should be stored so that they can not be manipulated and financial authorities for inspection purposes (especially in the context of an external audit) can be used. Fiscal memory is required by law in a number of countries.
- 5.1 INSIKA
- 5.2 Data Analysis
Background and History
With the change from paper-based records to electronic systems in the second half of the 20th century, it was possible to change data relatively easily and without detection ability. In many applications played and plays virtually no role. Electronic cash registers, however, were increasingly used to shorten sales recorded subsequently.
In order to contain the resulting possible evasion of taxes and social security contributions, the early 1980s were developed in Italy, the first fiscal memory systems and are prescribed there ever since. The basic approach has been adopted in other countries, in most cases, with a number of detail changes. Thus arose in the course of time very inconsistent legal, organizational and technical solutions.
Since fiscal memory systems require a high development effort, virtually always require a certification and it must be renewed at every or at least every major product change, they often lead to a significant impediment to the development.
As products in fiscal memory systems often are purely national solutions, many of which originate from local suppliers, documentation is often available only in the local language. There are practically no representations of the international situation.
Technology
Over time, very different systems have been developed. They can be roughly divided into the following categories:
Conventional systems
According to the technology available in the 1980s, these systems are mainly based on a mechanical protection of the memory associated with design requirements of the overall system. The actual fiscal memory consisted at that time of EPROMs, which were connected together with a microprocessor detects a module, eg with casting resin. Characterized could not be erased, the EPROM memory. Due to the low storage capacity only daily sales totals are stored. To make such a system secure, it must be completely protected from interference, otherwise the sales could be manipulated before being written into the fiscal memory. As a result, the entire register must be sealed and the hardware and software to be certified.
Fiscal printer
The increasing modularization of cash registers, ie the separation into the keyboard, monitor / display, CPU unit and printer contradicted the original concept to integrate all components in one housing. This was solved by the concept of " fiscal printer". Here, the fiscal memory module is installed in the modular printer. It depends on the system architecture, whether the other components of the system need to be certified or not.
Conventional systems with electronic journal
Since the journals originally used, printed on paper (ie, the recording of all booking details) are hardly test and evaluated in practice and the available storage eg quickly grew by flash memory solutions with an electronic record of the Journal have been developed more.
Cryptography
In another effort to make the systems more secure, data was cryptographically secured in some systems. So, for example, comes in the Swedish solution, encryption used. So far, it is mainly the principle of " Security through obscurity " is applied - cryptographic solutions according to current standards have been very rare ( eg in the planned fiscal system in Belgium that for the signature generating a smart card with a clearly defined interface uses ).
Online systems
In some countries (eg Serbia) systems for online transmission of data were added directly to the tax authorities.
Countries with fiscal memory constraint
Exemplary overview of countries with legally prescribed Fiscal Memory
- Argentina
- Belgium (only for gastronomy, introduction planned for 2013 )
- Brazil
- Bulgaria
- Greece
- Italy
- Canada, Quebec Province
- Latvia
- Lithuania
- Poland
- Russia
- Sweden
- Turkey
- Venezuela
Practical benefits
The practice shows that many fiscal memory systems are not particularly effective. Here are rarer technical attacks the problem, instead, data just not in the cash register with fiscal memory detected ( but not at or in a "non- fiskalisierten " fund).
This press release shows an example that a fiscal memory system without ongoing monitoring can be largely ineffective:
"With 80 tax inspectors state power shifted in the early morning in the posh Italian ski resort of Cortina d' Ampezzo. [ ... ] In the shops, hotels and restaurants, where sat the day before New Year's Eve taxman next to the cash register, sales declined steeply. Restaurants took twice the previous day, and three times the pre- New Year's Eve 2010. For luxury boutiques, sales quadrupled even. "
The controls required are different simply and effectively different depending on the chosen technical approach. Ideally requires control not have access to the system, but can be done by supporting documents. These must of course be tamper-proof, what can be achieved only by cryptographic methods.
Alternatives
INSIKA
Developed in Germany, but not yet introduced INSIKA legal system pursues the same objectives as a fiscal memory, but with different conceptual and technical approaches. Unlike a fiscal memory system is little technical requirements, although at least an equivalent level of safety is achieved. The necessary checks are easier than conventional fiscal memory systems due to the signatures on the documents.
Data Analysis
In countries where technical requirements for cash registers are politically undesirable or unenforceable, the financial authorities manage so often to require the recording of individual transactions and access to these data. The legal basis for this exist in most cases already ( in Germany they are anchored in the tax code and specified in the gobs and the GDPdU ), they must only be applied to cash registers ( in Germany by the BMF letter of 26 November 2010). By analyzing the individual transactions, manipulations in many cases can uncover, but this is associated with very high testing effort. Made by Zapper Software manipulations can be so, however, difficult to recognize.