There are a lot of complex technical terms around the cash register security regulation — KassenSichV. In our glossary, we explain the meaning of TSS, Fiscal Storage & Co.
The abbreviation DSFinV-K means “digital interface of the cash management for financial systems”. Simply put, this is a universal data standard for POS systems.
The DSFinV-K will, based on the DFKA taxonomy of cash register data, contain a concrete set of tables and fields, which are to be made available for tax audit purposes. This establishes a standard for financial audits.
By means of this universal data standard, manufacturers of POS systems are now finally given assistance regarding the GoBD and KassenSichV requirements.
Fiscalization of cash registersis the tamper-proof, electronic recording and archiving of business transactions. The aim of the Federal Ministry of Finance is to protect the basic records of companies against manipulation, and thus to avoid tax evasion.
In many countries in Europe, the fiscalization of cash registers is already required. In Germany, the KassenSichV must be implemented by 31.12.2019at the latest.
From 1.1.2020, all recording systems must comply with the requirements of KassenSichV.
Legislators prescribe the form of the data that has to be stored. The hardware ensures that these specifications are met and the data is stored accordingly. Fiscal storagefocuses only on storing the data. How the data is achieved is not considered here.
In contrast, the KassenSichV and INSIKA are proceduresprescribing how the data is to be processed (and also stored). The focus here is on how the data is created.
An electronic recording system is any device or software that electronically records data about a business case. For example, a cash register, an accounting software, an ERP system, and so on. Currently, only those recording systems that can record cash transactions are relevant for the KassenSichV. Therefore, always when the business case can be completed with a cash payment (cash, debit card, vouchers, etc), all operations must be recorded in compliance with KassenSichV requirements.
For each business case, the electronic recording system must start a logging which records the following data:
Until now, the immutability of transactions has been regulated in the GoBD (Principles for the proper management and retention of books, records and documents in electronic form and for data access).
However, this is neither law, nor regulation, but merely an administrative requirement of the Federal Ministry of Finance. The KassenSichV now legally regulates protection against data manipulation.
The so-called INSIKA procedure promises to offer a modern alternative to the classical fiscal storage by means of cryptographic procedures. But the INSIKA method is hardware-based and requires so-called smart cardswhich must be connected by means of card readers or integrated directly into the cash register.
The cash register systems based on the INSIKA method deal with frequent errors such as unplugged card readers or broken smart cards. Therefore, the reliability of INSIKA-based recording systems also depends heavily on the handling of the hardware components. In addition, the compatibility of the INSIKA method with mobile POS systems that work via smartphone or tablet (iPad) is limited. Moreover, a smart card can easily get lost.
The Kassensicherungsverordnung (KassenSichV) regulates the technical requirements for electronic recording and security systems, for example computerized cash register systems and cash registers. Also affected by KassenSichV are: ERP systems, industry software, accounting systems, etc.
The crucial factor is the character of the cash benefit: if it is an over-the-counter transaction (for example, goods / services are immediately exchanged for money / credit card / voucher), the recording system must fulfill the requirements of KassenSichV.
The recording systems must be equipped with a so-called technical safety system(TSS)no later than 1.1.2020. This can be implemented in the form of hardware and chip card or as software for cloud-based systems. The regulation is designed to protect against manipulation of companies’ basic digital records. Whenever cash transactions (cash, debit card, credit card, vouchers) are recorded (over-the-counter business), these records must be protected against tampering in compliance with KassenSichV.
A cloud-based implementation of the TSS is foreseen by the BMF (Federal Ministry of Finance)
A real future-proof software solution is only the one by means of the could, which makes the requiredTSS possible without any additional hardware. Only this way are the entrepreneurs able to ditch external store means, Smartcards and POS and stay flexible and fit for the future.
The Federal Ministry of Finance has issued a technical guideline on the technical safety system (TSS) for electronic recording systems. Here, the guidelines and requirements of KassenSichV are thoroughly defined.
We will, for example, make clear issues as the logging, the prescribed processes, the possible storage media and the data export. Further details can be found in our blog article Current Questions & Answers on the KassenSichV.
The KassenSichV is based on the technical manipulation protection:
in order to find out whether subsequent manipulation of sales at a cash register has taken place, it must be kept tamper-proof and verifiable.
The checking is carried out by means of a journal, which can be exported and checked by tax authorities with software for manipulation and missing data.
Each logging is provided with an electronic signature, which works on the principle of Blockchain. The TSS records every relevant operation in the recording system. The recorded data is cryptographically signed. Thanks to these signatures, it can be determined at any time that the existing data has not been changed.