Beruflich Dokumente
Kultur Dokumente
Contents
1. Introduction: The problem of securing public revenue..............................2
2. The Fiscal System: What is it?...................................................................3
3. What Economic Sectors can be covered?..................................................4
4. The History & Evolution of Fiscal Systems.................................................5
5. Kenyas Example: A big step forward for Africa.........................................8
6. Technical Specifications for Fiscal ECRs / ETR Terminology.......................9
6.1 ETR Terminology...................................................................................9
6.2 ETR Specifications..............................................................................15
7. The Electronic Signature Device (ESD) Technology.................................16
2011
2011
Today a great number of both developed and developing countries come to rely on
the so called fiscal system which we will examine in detail in the following
pages.
2011
iv)
v)
vi)
iii)
iv)
v)
vi)
2011
2011
The timing of fiscal deployment and the sectors it will cover is decided by the tax
authority taking into account the countrys specific situation. Targeting most high
volume or profit sectors comes usually first, and sensitive geographical areas (for
example, extremely poor zones) are usually either exempt or fiscalized last.
NOTE: The Fiscal Electronic Signature Device (ESD) is not only used for B2B
sectors. It is a most flexible device and today is widely used to fiscalize any PC
based retail installation.
THE FISCAL SYSTEM: Securing Public Revenue
page 6
2011
1989
Greece introduces fiscal law
Greece followed Italys example soon
after.
Greek
economy
is
characterized by a very large
number of small businesses and the
most cost effective way of securing
public revenue from small tax payers
is the use of fiscal devices which
became mandatory in the retail
sector. Today more than 300,000
fiscal devices are in use.
In 2003 Greece expands the fiscal
law to include Electronic Signature
Devices to control Business to
Business (B2B) commerce. Today
120,000
businesses
issue
all
financial documents using ESD
technology.
All technologies are approved by
European Union.
2006
2011
2011
a fair marketplace
2011
The simple fact that, starting from a single fiscal country in Europe in
1983, we have more than 19 fiscal countries in 2010 nine of which are
members of the European Union and two of which are into the Euro zone,
proves beyond doubt that this system not only provides true benefits but
is also hard to replace with something more efficient.
2005
2011
2011
2011
This protection has worked well over the years but it is now
complemented by a host of other, software based, features such
as technicians passwords and detailed records of every technical
intervention in the FM.
Communication Protocols:
Protocols here mean a specific set of commands and instructions that the ETR
can follow to transmit or accept data from an attached PC, GPRS Fiscal Modem or
other such device.
To ensure data protection and authenticity, the Manufacturer must declare that
there are no hidden commands in the ETR protocols that can perform actions not
documented in the literature.
ETR - GPRS Fiscal Modem Protocol:
This is a set of commands that are needed so that the ETR can connect and
transmit data via the GPRS Fiscal Modem. It needs to be defined so that external
GPRS modems can connect and operate correctly.
SERVER - GPRS Fiscal Modem Protocol:
This is a set of data structures and commands that the GPRS Modem needs to
understand in order to correctly connect and transmit data to the Tax Server.
VAT Categories:
THE FISCAL SYSTEM: Securing Public Revenue
page 13
2011
Each country uses different VAT categories: one country may use, for example,
VAT Category A with VAT rate 4% and one VAT Category B with VAT rate 18% and
another country may use 5 categories with VAT rates 4%, 8%, 18%, 36% and 0%.
As rates of VAT may change by government decision the VAT categories are used
as variables to hold VAT rates.
Any change in VAT rates cannot be entered into the ETR by the user (to avoid
meddling with the rates) but it needs an authorized technician to break the seal of
the ETR and change the rates after giving his password, while the whole change is
registered permanently in the FM.
Departments (DPT):
Departments are groups of similar products (Items or PLUs).
For example, the Department named BEVERAGES may include the specific items
0,5lt Water, Coca Cola, PEPSI and lemonade while the Department named MENS
SHOES may include Black Leather shoes of all sizes, sports shoes of all sizes etc.
In the Fiscal System it is obligatory to use AT LEAST as many departments as there
are VAT Categories.
The reason for that is that every VAT category is mapped and paired with at least
one Department.
In this way, the operator can sell all items that are taxed at VAT rate of Cat A
under DPT1 and all items that are taxed at VAT rate of Cat C under DPT3 etc.
See Examples in the User Instructional Leaflet
Price Look Up Tables (PLU):
PLU means simply an individual item (product) that is separately sold.
The name comes from old time use of non fiscal cash registers and simply means
a database stored in the ECR where the machine can look up at a table of items
and find the price of every item together with many other data like the
Department where this item belongs to, description of the item, quantity that is in
stock, barcode code for the item etc.
Under a fiscal system it is NOT necessary to oblige the user to use that level of
detail. Most small shops and small businesses do not have either the knowledge
nor the capability to use thousands of different entries in a PLU database.
What is of paramount importance in a Fiscal System is that the sale of an item to
be recorded under the proper for the item Department representing the proper
VAT rate.
See Examples in the User Instructional Leaflet
Barcode Coding:
Although detailed use of item coding may not be practical or even possible for a
small shop, all large shops that deal with thousands of items must use some form
of control and follow their sales on a per item basis.
For such organized recording the use of Barcode Codes on every item is
mandatory and usually is taken care of by the manufacturers of the individual
products.
As far as the ETRs are concerned, Barcode Coding is supported in the PLU
database and electronically by the availability of communication ports to which an
external Barcode Scanner is connected.
See Examples in the User Instructional Leaflet
THE FISCAL SYSTEM: Securing Public Revenue
page 14
2011
Legal Receipt:
This is the paper slip that the buyer is getting from the merchant that documents
the transaction.
In Fiscal Systems a Legal Receipt is clearly marked with the words START LEGAL
RECEIPT in the beginning of the transaction and the words END OF LEGAL
RECEIPT at the end of the receipt.
The Tax Authority must specify what must be printed in a Legal Receipt.
For example, should there be separate printout of the VAT the tax payer is paying
or is it enough to mention the VAT inclusive price?
Illegal Receipt:
2011
2011
Z Report:
Z Report (the name reflects the fact that it is the LAST action taken every day like
the letter Z is the last letter of the alphabet) is calculated and printed at the end
of the day. Each Z report is then securely stored as a separate record in the FM.
2011
The Tax Authority should formulate the Technical Specifications that must be met
for an ETR to be accepted as Fiscal Devices.
These Specifications come in 4 parts:
PART 1:
Security & Quality of the Device
These specifications must ask for:
1.1
Presence of a Fiscal Seal
1.2
Declaration of Manufacturer about security of Fiscal Module
1.3
Declaration of Manufacturer that the product follows International Standards
(CE mark)
1.4
Declaration of Manufacturer about spare parts availability for 5 years
1.5
Each ETR is UNIQUELY numbered and identified in factory so it carries a
unique ID
PART 2:
Electronics and Peripherals Specifications
These specifications must ask for:
2.1
At least one standard communication port so that a tax auditor can attach a
cable and read fiscal memory contents right from the ETR. One of RS232,
USB or Ethernet must be provided.
2.2
Capacity to attach an EXTERNAL GPRS modem with proper protocol support
2.3
Various usability and ergonomic restrictions, for example a minimum height
of screen numbers, minimum size of printed numbers and letters on the
receipt printer etc
2.4
Electronic Journal type and specifications allowed
PART 3:
Software Functions, Printouts and Protocols
These specifications must ask for:
3.1
Number of VAT Categories to be supported
3.2
Structure of a Legal Receipt
3.3
Structures to be allowed as Illegal Receipts (Statistic Reports,
Advertisements, Coupons etc)
3.4
Contents of obligatory reports like Z Report / Auditing Printouts
3.5
PC communication protocol (if any) to be submitted and Manufacturer
Declaration of Protocol Security
3.6
GPRS Fiscal Modem communication protocol (obligatory)
PART 4:
Specific Product Literature such as Manuals, Service
Booklet etc
These specifications must ask for:
4.1
Submission of Users Manual
4.2
Submission of Authorized Technicians Service Manual
4.3
Submission of Service Booklet
2011
2011
2011
BEFORE
ESD
Normal, Un-fiscalized Accounting
AFTER
ESD
Accounting with Electronic
Authentication
ESD
2011
2011
A5. NETWORKING: End users that operate many points of service can make
use of networking. This means that with just one Electronic Signature Device
plugged into the Ethernet network all documents (retail or business to
business) printed by any point of service in the network can be validated and
fiscalized.
2011
the electronic files themselves, kept only in the PC system, are not only crucial for
auditing but, with the ESD in place, have the status of official accounting books.
This means that the tax payer should take care of proper backups as loss of files is
equal to loss of accounting evidence, punishable by the tax authorities in exactly
the same way as it would be done with paper evidence.
Without the ESD, loss of files is still critical for any business but not punishable by
the tax authorities as the un-authenticated files have no real auditing value (they
can easily be manipulated).
With the ESD, loss of files is CRITICAL and the user MUST take care of his data by
taking regular backups. Negligence or bad practices are not tolerated.
Without the ESD audits are based on paper books and unsecured computer
reports. Paper accounting books can be lost or destroyed, thus making audits
impossible. Making safety backups of paper is very difficult and time consuming,
so purposeful or accidental elimination of paper data is easier.
With the ESD audits are based on electronic files stored in computer systems.
Paper copies have no meaning because they can not be checked for their validity
automatically. Making safety backups of electronic data nowadays is easy,
automatic and cheap. RAID arrays, USB disks, CD burners, USB sticks, tape
backups are all widely available and cheap. The user is responsible for keeping
proper computer safety practices and backup regularly his data.
2. What are the technological security measures that ensure that the
HASH-1 algorithm can not be fraudulently manipulated in favor of tax
avoidance?
An attack against the ESD system would NOT attempt to change the HASH-1
algorithm in the first place. The HASH-1 used in the ESD is an international
standard and can be executed in exactly the same way by any PC software as well
as by the ESD itself. If one was to manipulate the ESD internal HASH-1 algorithm
to produce a different result than the original, the very first time an audit would
take place will disclose the fact simply because the same HASH-1 is executed by
the audit software and should produce exactly the same signature.
The only way to attack the system is simply not to use the system!
If one is really using the ESD system to print his financials he has to report exactly
what he printed out because the audit will automatically find out if there is any
discrepancy between what was printed and what was reported.
If one is NOT using the ESD system:
(b)
(c)
just prints
a garbage signature on his invoices without even turning on his ESD or
accidentally deletes his electronic files making audit impossible or
(d)
print correct invoices using correct signature from his ESD but then
manipulate the files in his PC to show different totals than the originals
THE FISCAL SYSTEM: Securing Public Revenue
page 24
2011
(e)
prints correct invoices using correct signature but uses copies of the same
invoice to circulate many times different goods
In (a) and (c) above the very first audit would pinpoint immediately and
automatically the problem.
In case (b) the user has to explain why he failed to produce regular backups and
face an audit that will then be based on circumstantial evidence plus heavy fines
for his negligence
In case (d) any inspection that will examine a printed invoice with the time and
date stamp coming from the ESD (which by the way provides secure time
stamping also) will immediately reveal what is happening and the user will face
the relevant penalties.
To conclude we will repeat what was stated in the beginning: the FISCAL system is
NOT about buying a device that magically will turn everything clear. The FISCAL
system involves having a whole network of proper inspections and audits in place.
When you have such a system in place, then the risk for a tax evader is getting
higher and higher. Tax evasions are always present. By installing proper systems
the authorities aim to make the risk for tax evasion be so high that the overall
effect will be to make people think three times before they attempt to evade their
taxes.
2011
2011