 | This article needs to be updated.(January 2020) |
Fiscal memory devices are electronic devices used to record sales tax owed to a country. [1] They are widely used in many countries around the world, as of 2004 [update] including Russia, Bulgaria, Serbia, Romania, Republic of Macedonia, Albania, Argentina, Poland, Moldova, Bosnia and Herzegovina, Kazakhstan, Armenia, Georgia, Kenya, Tanzania, Malawi and Ethiopia.
Fiscal memory devices are electronic devices used to record sales tax owed to a country. All such devices contain fiscal memory: a piece of equipment that connects to a sales point terminal and records taxation for public revenue. [2] Fiscal memory is a memory device that is certified by an appropriate government body. This encrypted module is usually in the form of an integrated circuit on a printer or cash register's printed circuit board. [3]
An electronic journal is a kind of encrypted memory module that is readable using the fiscal device (ETR, FP[ expand acronym ]). These memory modules are based on SD and Micro SD cards but feature an encrypted format to prevent tampering or unauthorized access. Once this electronic journal is initialized in a fiscal device, it is assigned a fiscal serial number to prevent it from being reused in another fiscal device.
The use of fiscal devices worldwide can be divided into three generations of technology:
First generation fiscal devices had certain disadvantages (i.e.: easy manipulation, lack of control from the tax office, no printing of fiscal receipts, etc.), due to the limitations of technology and infrastructure when they were developed. This has made the second generation fiscal devices increasingly popular, and many countries are changing their fiscal requirements and moving to Internet-enabled fiscal devices (often using GPRS network) and implementing the so-called online Information and Tax Collection System. [4]
Second-generation fiscal devices eliminated most of the problems associated with their predecessors. Second generation fiscal cash registers and fiscal printers are connected through the Internet to the tax agency's central server and send their reports and/or fiscal receipts in predefined time intervals. However, these devices contain substantial flaws that leave room for exploitation, such as the printing of fake fiscal receipts, manipulation of daily reports, etc.
Third generation fiscal devices have been introduced in several countries. Devices of this kind are very similar to the second generation devices, but with additional software security used for the digital signing of fiscal receipts. These third-generation fiscal devices eliminate all previously known issues and give additional security to the tax agencies that employ them. Each fiscal receipt is digitally signed using a unique signature printed either in the form of a 2D bar code or various characters depending on the agency's rules regarding encryption. This allows the tax agency to easily authenticate these receipts.
Fiscal memory devices have the following categories: [5]
| Country Name [6] | More Info |
|---|---|
| Albania | Fiscal printer law since 2008 |
| Argentina | Fiscal printer law since 1995 |
| Austria | Austria introduced regulations in 2016 requiring a fiscal journal to be saved at point of sale (POS), a central database or in cloud storage. Additional regulations expected in 2017[ needs update ] were to include a digital signature of every receipt. Closed-system retailers with more than 30 cash registers can be exempted with a special government certificate. [7] |
| Bangladesh | |
| Bosnia and Herzegovina | Fiscalization was implemented by 2011, with all selling points obliged to record every turnover by fiscal device, regardless of how payment was made. All taxpayers have to create and print daily reports at the close of business, and also periodical reports. [8] |
| Brazil | Fiscal printers since 2005 |
| Bulgaria | |
| Canada | As of 2009, [update] only used in the Quebec restaurant industry. [9] |
| Croatia | A cloud-based software-only solution, [10] since January 2013 it fiscalizes every transaction at POS, relayed to the fiscal authority by Internet. The central server returns identification keys, which have to be printed on every receipt. The recorded data includes amounts, income taxes, cashier personal identification number (OIB), and payment information. In the absence of an Internet connection, each account has to be printed and later reauthorized, within 48 hours. Benefits of this type of fiscalization are reflected in an increase of tax income, the number of issued receipts, an increase of value-added tax (VAT) companies and better control of working time. This software system does not require new hardware equipment and hardware maintenance on the part of retailers. [11] |
| Chile | Fiscal law adopted since 2007 |
| Czech Republic | Fiscal regulation expected in March 2017[ needs update ] would be similar to that of Croatia and Slovenia. [12] |
| Ethiopia | |
| Gambia | |
| Greece | |
| Hungary | |
| Italy | Fiscal printer law since 1990 |
| Kenya | |
| Latvia [13] | |
| Lithuania | |
| Malta | |
| Mexico | Electronic invoice adoption since 2015 |
| Montenegro | Fiscalization was adopted in 2001. Each fiscal device must have a unique record number which is entered in the fiscal memory of the fiscal cash registers. [14] |
| North Macedonia | Fiscal systems including fiscal cash registers, fiscal printers, and other electronic systems with fiscal memory (such as systems at petroleum stations). An integrated automated management system enables communication between the commercial entity and the revenue office via encrypted General Packet Radio Service (GPRS). [15] |
| Panama | Hardware-based. [16] |
| Poland | |
| Romania | Beginning in October 2018, old devices were replaced with mandatory electronic fiscal devices with Internet connection capabilities. Various encryption methods enable digital signing of each issued receipt (via third-generation fiscal devices). |
| Russia | Beginning from mid-2017, a certified cash desk and certified secure storage with Internet connectivity were required for regular and online shopping. Cash desks are able to issue electronic documents containing transaction data, archive these transactions locally on certified secure storage, and report them in real-time (or no more than 30 days delay) to the Federal Tax Administration via a certified Fiscal Data Operator. [17] |
| Rwanda | |
| Serbia | In 2004, the first country which introduced fiscal law with GPRS fiscal terminals. [18] |
| Slovakia | Fiscalization started in 2008, with each fiscal device certified and registered by the government. Most of the fiscal memories are in modules attached to printers and can operate offline. It is also possible to operate online through a government website. |
| Slovenia | A cloud-based software-only solution has been present since 2016 and requires fiscal cash registers. Fiscalization in Slovenia is based on the online authorization of every fiscal relevant transaction created at POS, which communicates with the Slovenian Tax Authority which issues a unique code. That code and a QR code are printed on every receipt. If there is no Internet connection, the retailer must have each fiscal receipt authorized within 72 hours. [19] |
| Spain | Electronic invoice adoption since 2015 for government bills only |
| Sweden | |
| Tanzania | Electronic Fiscal Devices implementation was announced on 2009 july and began use in 2010 to date. Tanzania was the only country in East Africa that started the use of EFDs with GPRS features since the beginning. |
| Venezuela | Fiscal printers began use in December 1999, with server communication protocols enacted in October 2018. |
A cash register, sometimes called a till or automated money handling system, is a mechanical or electronic device for registering and calculating transactions at a point of sale. It is usually attached to a drawer for storing cash and other valuables. A modern cash register is usually attached to a printer that can print out receipts for record-keeping purposes.
A secure cryptoprocessor is a dedicated computer-on-a-chip or microprocessor for carrying out cryptographic operations, embedded in a packaging with multiple physical security measures, which give it a degree of tamper resistance. Unlike cryptographic processors that output decrypted data onto a bus in a secure environment, a secure cryptoprocessor does not output decrypted data or decrypted program instructions in an environment where security cannot always be maintained.
The point of sale (POS) or point of purchase (POP) is the time and place at which a retail transaction is completed. At the point of sale, the merchant calculates the amount owed by the customer, indicates that amount, may prepare an invoice for the customer, and indicates the options for the customer to make payment. It is also the point at which a customer makes a payment to the merchant in exchange for goods or after provision of a service. After receiving payment, the merchant may issue a receipt for the transaction, which is usually printed but can also be dispensed with or sent electronically.
A personal identification number (PIN), or sometimes redundantly a PIN number or PIN code, is a numeric passcode used in the process of authenticating a user accessing a system.
Infineon Technologies AG is Germany's largest semiconductor manufacturer.
Pirate decryption is the decryption, or decoding, of pay TV or pay radio signals without permission from the original broadcaster. The term "pirate" is used in the sense of copyright infringement. The MPAA and other groups which lobby in favour of intellectual property regulations have labelled such decryption as "signal theft" even though there is no direct tangible loss on the part of the original broadcaster, arguing that losing out on a potential chance to profit from a consumer's subscription fees counts as a loss of actual profit.
The National Security Agency took over responsibility for all U.S. Government encryption systems when it was formed in 1952. The technical details of most NSA-approved systems are still classified, but much more about its early systems have become known and its most modern systems share at least some features with commercial products.
End-to-end encryption (E2EE) is a private communication system in which only communicating users can participate. As such, no one, including the communication system provider, telecom providers, Internet providers or malicious actors, can access the cryptographic keys needed to converse.
Verifone is an American multinational corporation headquartered in Coral Springs, Florida. Verifone provides technology for electronic payment transactions and value-added services at the point-of-sale. Verifone sells merchant-operated, consumer-facing and self-service payment systems to the financial, retail, hospitality, petroleum, government and healthcare industries. The company's products consist of POS electronic payment devices that run its own operating systems, security and encryption software, and certified payment software, and that are designed for both consumer-facing and unattended environments.
BitLocker is a full volume encryption feature included with Microsoft Windows versions starting with Windows Vista. It is designed to protect data by providing encryption for entire volumes. By default, it uses the Advanced Encryption Standard (AES) algorithm in cipher block chaining (CBC) or "xor–encrypt–xor (XEX)-based Tweaked codebook mode with ciphertext Stealing" (XTS) mode with a 128-bit or 256-bit key. CBC is not used over the whole disk; it is applied to each individual sector.
Disk encryption is a technology which protects information by converting it into code that cannot be deciphered easily by unauthorized people or processes. Disk encryption uses disk encryption software or hardware to encrypt every bit of data that goes on a disk or disk volume. It is used to prevent unauthorized access to data storage.
Windows Error Reporting (WER) is a crash reporting technology introduced by Microsoft with Windows XP and included in later Windows versions and Windows Mobile 5.0 and 6.0. Not to be confused with the Dr. Watson debugging tool which left the memory dump on the user's local machine, Windows Error Reporting collects and offers to send post-error debug information using the Internet to Microsoft when an application crashes or stops responding on a user's desktop. No data is sent without the user's consent. When a crash dump reaches the Microsoft server, it is analyzed, and information about a solution is sent back to the user if available. Solutions are served using Windows Error Reporting Responses. Windows Error Reporting runs as a Windows service. Kinshuman Kinshumann is the original architect of WER. WER was also included in the Association for Computing Machinery (ACM) hall of fame for its impact on the computing industry.
In computer security, a cold boot attack is a type of side channel attack in which an attacker with physical access to a computer performs a memory dump of a computer's random-access memory (RAM) by performing a hard reset of the target machine. Typically, cold boot attacks are used for retrieving encryption keys from a running operating system for malicious or criminal investigative reasons. The attack relies on the data remanence property of DRAM and SRAM to retrieve memory contents that remain readable in the seconds to minutes following a power switch-off.
Hardware-based full disk encryption (FDE) is available from many hard disk drive (HDD/SSD) vendors, including: ClevX, Hitachi, Integral Memory, iStorage Limited, Micron, Seagate Technology, Samsung, Toshiba, Viasat UK, Western Digital. The symmetric encryption key is maintained independently from the computer's CPU, thus allowing the complete data store to be encrypted and removing computer memory as a potential attack vector.
An automated sales suppression device or zapper is a software program that falsifies the electronic records of point of sale (POS) systems for the purpose of tax evasion.
Digital goods are software programs, music, videos or other electronic files that users download exclusively from the Internet. Some digital goods are free, others are available for a fee. The taxation of digital goods and/or services, sometimes referred to as digital tax and/or a digital services tax, is gaining popularity across the globe.
The IBM 4610, also known as SureMark, is a thermal point-of-sale printer, originally developed and manufactured by IBM and currently offered by Toshiba Global Commerce Solutions, launched in 1996. It is used by major retailers such as Wal-Mart, Carrefour, Costco, Cencosud, Office Depot, Tesco, Best Buy, Chedraui, King Soopers, London Drugs and Soriana. It had replaced the famous IBM Printer Model 4. With the acquisition of IBM's Retail Store Solutions (RSS) business, the SureMark printers are now produced by Toshiba Global Commerce Solutions.
Payanywhere is a payments platform and app that allows merchants in the United States to accept credit and debit card payments while building customer relationships in-store, online, or on the go. Merchants may accept payments on their smartphone via a Bluetooth card reader or on an in-store “Storefront” solution featuring a tablet and stand, which was introduced on April 8, 2014. PayAnywhere offers credit card readers and apps that are compatible with both Apple and Android devices.
Fiscalization is fiscal law designed to avoid retailer fraud. Fiscal law about cash registers has been introduced in countries to control the grey economy by enforcing all mandatory transaction reporting to the authorities. According to fiscal law, an appropriate fiscal receipt has to be printed and given to the customer.
Crypto-shredding is the practice of 'deleting' data by deliberately deleting or overwriting the encryption keys. This requires that the data have been encrypted. Data may be considered to exist in three states: data at rest, data in transit and data in use. General data security principles, such as in the CIA triad of confidentiality, integrity, and availability, require that all three states must be adequately protected.