The Glossa­ry of Kas­sen­SichV

There are a lot of com­plex tech­ni­cal terms around the cash regis­ter secu­ri­ty regu­la­ti­on — Kas­sen­SichV. In our glossa­ry, we exp­lain the mea­ning of TSS, Fiscal Sto­rage & Co.

DSFinV-K

The abbre­via­ti­on DSFinV-K means “digi­tal inter­face of the cash manage­ment for finan­ci­al sys­tems”. Simply put, this is a uni­ver­sal data stan­dard for POS sys­tems.

The DSFinV-K will, based on the DFKA taxo­no­my of cash regis­ter data, con­tain a con­cre­te set of tables and fields, which are to be made avail­ab­le for tax audit pur­po­ses. This estab­lishes a stan­dard for finan­ci­al audits.

By means of this uni­ver­sal data stan­dard, manu­fac­tu­rers of POS sys­tems are now final­ly given assi­s­tan­ce regar­ding the GoBD and Kas­sen­SichV requi­re­ments.

Fis­ca­li­za­ti­on

Fis­ca­li­za­ti­on of cash regis­tersis the tamper-proof, elec­tro­nic record­ing and archi­ving of busi­ness tran­sac­tions. The aim of the Federal Minis­try of Finan­ce is to pro­tect the basic records of com­pa­nies against mani­pu­la­ti­on, and thus to avoid tax evas­i­on.

In many coun­tries in Europe, the fis­ca­li­za­ti­on of cash regis­ters is alrea­dy requi­red. In Ger­ma­ny, the Kas­sen­SichV must be imple­men­ted by 31.12.2019at the latest.

From 1.1.2020, all record­ing sys­tems must comply with the requi­re­ments of Kas­sen­SichV.

Fiscal sto­rage

Legis­la­tors pre­scri­be the form of the data that has to be stored. The hard­ware ensu­res that these spe­ci­fi­ca­ti­ons are met and the data is stored accord­in­gly. Fiscal sto­ragefocu­ses only on sto­ring the data. How the data is achie­ved is not con­si­de­red here.

In con­trast, the Kas­sen­SichV and INSIKA are pro­ce­du­respre­scrib­ing how the data is to be pro­ces­sed (and also stored). The focus here is on how the data is crea­ted.

Elec­tro­nic record­ing system

An elec­tro­nic record­ing system is any device or soft­ware that elec­tro­ni­cal­ly records data about a busi­ness case. For examp­le, a cash regis­ter, an accoun­ting soft­ware, an ERP system, and so on. Cur­r­ent­ly, only those record­ing sys­tems that can record cash tran­sac­tions are rele­vant for the Kas­sen­SichV. The­re­fo­re, always when the busi­ness case can be com­ple­ted with a cash pay­ment (cash, debit card, vou­chers, etc), all ope­ra­ti­ons must be recor­ded in com­pli­an­ce with Kas­sen­SichV requi­re­ments.

For each busi­ness case, the elec­tro­nic record­ing system must start a log­ging which records the fol­lo­wing data:

  • star­ting time of the pro­cess
  • a unique and sequen­ti­al tran­sac­tion number
  • type of ope­ra­ti­on
  • data of the ope­ra­ti­on
  • pay­ment method
  • time of ter­mi­na­ti­on or ter­mi­na­ti­on
  • a test value
  • the serial number of the elec­tro­nic record­ing system or the serial number of the secu­ri­ty module.

GoBD & Kas­sen­SichV

Until now, the immu­ta­bi­li­ty of tran­sac­tions has been regu­la­ted in the GoBD (Princi­ples for the proper manage­ment and reten­ti­on of books, records and docu­ments in elec­tro­nic form and for data access).

Howe­ver, this is neit­her law, nor regu­la­ti­on, but merely an admi­nis­tra­ti­ve requi­re­ment of the Federal Minis­try of Finan­ce. The Kas­sen­SichV now legal­ly regu­la­tes pro­tec­tion against data mani­pu­la­ti­on.

INSIKA

The so-called INSIKA pro­ce­du­re pro­mi­ses to offer a modern alter­na­ti­ve to the clas­si­cal fiscal sto­rage by means of cryp­to­gra­phic pro­ce­du­res. But the INSIKA method is hard­ware-based and requi­res so-called smart cardswhich must be con­nec­ted by means of card readers or inte­gra­ted direc­t­ly into the cash regis­ter.

The cash regis­ter sys­tems based on the INSIKA method deal with fre­quent errors such as unplug­ged card readers or broken smart cards. The­re­fo­re, the relia­bi­li­ty of INSIKA-based record­ing sys­tems also depends hea­vi­ly on the hand­ling of the hard­ware com­pon­ents. In addi­ti­on, the com­pa­ti­bi­li­ty of the INSIKA method with mobile POS sys­tems that work via smart­pho­ne or tablet (iPad) is limi­ted. Moreo­ver, a smart card can easily get lost.

Kas­sen­si­che­rungs­ver­ord­nung — Kas­sen­SichV

The Kas­sen­si­che­rungs­ver­ord­nung (Kas­sen­SichV) regu­la­tes the tech­ni­cal requi­re­ments for elec­tro­nic record­ing and secu­ri­ty sys­tems, for examp­le com­pu­te­ri­zed cash regis­ter sys­tems and cash regis­ters. Also affec­ted by Kas­sen­SichV are: ERP sys­tems, indus­try soft­ware, accoun­ting sys­tems, etc.

The cru­ci­al factor is the cha­rac­ter of the cash bene­fit: if it is an over-the-coun­ter tran­sac­tion (for examp­le, goods / ser­vices are imme­dia­te­ly exch­an­ged for money / credit card / vou­cher), the record­ing system must ful­fill the requi­re­ments of Kas­sen­SichV.

The record­ing sys­tems must be equip­ped with a so-called tech­ni­cal safety system(TSS)no later than 1.1.2020. This can be imple­men­ted in the form of hard­ware and chip card or as soft­ware for cloud-based sys­tems. The regu­la­ti­on is desi­gned to pro­tect against mani­pu­la­ti­on of com­pa­nies’ basic digi­tal records. Whenever cash tran­sac­tions (cash, debit card, credit card, vou­chers) are recor­ded (over-the-coun­ter busi­ness), these records must be pro­tec­ted against tam­pe­ring in com­pli­an­ce with Kas­sen­SichV.

Sto­rage in the cloud

A cloud-based imple­men­ta­ti­on of the TSS is fore­se­en by the BMF (Federal Minis­try of Finan­ce)

A real future-proof soft­ware solu­ti­on is only the one by means of the could, which makes the requi­redTSS pos­si­ble wit­hout any addi­tio­nal hard­ware. Only this way are the entre­pre­neurs able to ditch exter­nal store means, Smart­cards and POS and stay fle­xi­ble and fit for the future.

Tech­ni­cal Direc­tive: BSI TR-03153

The Federal Minis­try of Finan­ce has issued a tech­ni­cal gui­de­li­ne on the tech­ni­cal safety system (TSS) for elec­tro­nic record­ing sys­tems. Here, the gui­de­li­nes and requi­re­ments of Kas­sen­SichV are tho­rough­ly defi­ned.

We will, for examp­le, make clear issues as the log­ging, the pre­scri­bed pro­ces­ses, the pos­si­ble sto­rage media and the data export. Fur­ther details can be found in our blog arti­cle Cur­rent Ques­ti­ons & Ans­wers on the Kas­sen­SichV.

Tech­ni­cal safety system (TSS)

The Kas­sen­SichV is based on the tech­ni­cal mani­pu­la­ti­on pro­tec­tion:
in order to find out whe­ther sub­se­quent mani­pu­la­ti­on of sales at a cash regis­ter has taken place, it must be kept tamper-proof and veri­fia­ble.
The che­cking is car­ri­ed out by means of a jour­nal, which can be expor­ted and che­cked by tax aut­ho­ri­ties with soft­ware for mani­pu­la­ti­on and mis­sing data.

Each log­ging is pro­vi­ded with an elec­tro­nic signa­tu­re, which works on the princip­le of Block­chain. The TSS records every rele­vant ope­ra­ti­on in the record­ing system. The recor­ded data is cryp­to­gra­phi­cal­ly signed. Thanks to these signa­tures, it can be deter­mi­ned at any time that the exis­ting data has not been chan­ged.