Fiscalization today. With cryptovision TSE: Certified. Available. Secure.
Technical security device (TSE) for cash registers
The TSE from cryptovision, which is mandatory for the protection of cash registers, contains a security module consisting of the CSP Jacolyn and the “Security Module Application for Electronic Record-keeping Systems” (SMAERS) as well as a memory module and a uniform digital interface for integration into the cash register software. SMAERS and Jacolyn are in the legally required certification process.
With Bundesdruckerei and other partners, cryptovision offers both variants of TSE for the implementation of the Kassensicherungsverordnung (KassenSichV): both token-based in the form factors µSD, SD, USB and for central solutions as firmware extensions for HSMs.
Jacolyn is currently being certified according to the corresponding Common Criteria Protection Profile BSI-CC-PP-0104-2019 at level EAL 4+, the SMEARS application at level EAL 2.
Are you interested in the subject of fiscalization?
Request your offer for Hardware Development Samples (399 € per piece) for the TSE solution now, as well as the free and non-binding provision of the programming interface (API). The stock of development samples is limited.
Your data will not be passed on to third parties. You can find information on data protection here.
What does the law say?
In September 2017, the “Directive on the Determination of Technical Requirements for Electronic Recording and Security Systems in Business Transactions” was adopted. It is abbreviated as the Kassensicherungsverordnung (KassenSichV).
According to the KassenSichV, from 1.1.2020 all cash registers in Germany must be equipped with tamper protection. This so-called “technical security device” (TSE) is intended to prevent cash transactions from being manipulated.
What is regulated?
According to the directive, a new transaction must be started immediately for each recording of a business transaction from an electronic recording system. This transaction must contain:
1. the date on which the transaction was initiated,
2. a unique and sequential transaction number,
3. the nature of the operation,
4. the dates of the operation,
5. the method of payment,
6. the time at which the operation was completed (or aborted),
7. a test value; and
8. the serial number of the electronic recording system or safety module.
What is the situation in other countries?
Why is the KassenSichV being introduced?
Some POS systems technically allow basic records to be manipulated subsequently. This can encourage tax evasion.
With the KassenSichV, the Minister of Finance is now putting a stop to this.
The Kassensicherungsverordnung (KassenSichV) (Cash Securitisation Ordinance) regulates the technical requirements for electronic recording and security systems, for example computer-supported cash register systems and cash registers. The KassenSichV is also affected: ERP systems, industry software, accounting systems, etc.
The decisive factor is the character of the cash payment: If the transaction is a step-by-step one (e.g. goods/services are exchanged immediately for cash/credit card/voucher), the recording system must meet the requirements of the KassenSichV.
The recording systems must be equipped with a so-called Technical Security Device (TSE) by 1 January 2020 at the latest. This can be implemented in the form of hardware with a security chip or as a cloud-based web service. The ordinance serves to protect against manipulation of the basic digital records of companies. Whenever cash transactions (cash, EC card, credit card, vouchers) are recorded (step-by-step transaction), these records must be protected against manipulation in accordance with the KassenSichV.
The fiscalization of cash registers is the tamper-proof, electronic recording and archiving of business transactions. The aim of the Federal Ministry of Finance is to protect the basic records of companies from manipulation and thus avoid tax evasion.
In many countries in Europe the fiscalization of cash registers is already prescribed, in Germany the cash register security regulation must be implemented by 31.12.2019 at the latest.
From 1.1.2020, all recording systems must meet the requirements of the Cash Register Security Directive.
Technical Security Device (TSE)
The basis of the KassenSichV is the technical protection against manipulation:
In order to find out whether subsequent manipulations of sales have taken place at a cash register, these must be stored in a tamper-proof manner and be verifiable.
The verification is carried out by means of a journal which can be exported and checked for changes and gaps by tax auditors using software.
Each entry is provided with an electronic signature. The TSE records every relevant transaction in the recording system. The recorded data is signed cryptographically. Thanks to these signatures, it can be determined at any time that the existing data has not been changed.
GoBD & KassenSichV
So far the unchangeability of transactions was regulated in the GoBD (principles for the orderly guidance and storage of books, records and documents in electronic form as well as for the access to data).
However, this is neither a law nor a regulation, but merely an administrative regulation of the Ministry of Finance. With the new regulation to the cash security regulation the manipulation protection is regulated now legally.
Electronic recording system
An electronic recording system is any device or software that electronically records data on a business case. For example, a cash register, accounting software, ERP system, etc. Currently only those recording systems are relevant for the KassenSichV which can record cash transactions. So whenever a business case can be concluded with a cash payment (cash, EC card, vouchers, etc.), all transactions must be recorded in accordance with the requirements of the KassenSichV.
The electronic recording system must start a transaction for each business case, which records the following data:
- Start time of the transaction
- A unique and sequential transaction number
- Type of operation
- Data of the operation
- Method of payment
- Time of termination or interruption
- A test value and
- The serial number of the electronic recording system or the serial number of the safety module.
The legislator prescribes the form in which data is to be stored. Hardware ensures that these requirements are met and that the data is stored accordingly. With fiscal storage, the focus is only on storing the data. How the data comes about is not taken into account here.
In contrast, the KassenSichV and INSIKA are a procedure that prescribes how the data is to be processed (and also stored). The focus here is on how the data is generated at all.
TIM / INSIKA
The TIM Card is a smart card that is implemented according to the INSIKA specification 2.0 and secures the booking-relevant taximeter data: The data can no longer be manipulated and falsified unnoticed afterwards. This is important so that the taxi entrepreneur can prove that his data management is correct and meets the highest protection requirements.
These cards are issued in dual SIM format as standard – so the cardholder can break out the card on MINI SIM or in micro SIM format if required.
Haben Sie Fragen? Sprechen Sie mit uns!
Haben Sie Fragen zu einem unserer Produkte oder Lösungen? Dann zögern Sie nicht, uns zu kontaktieren.
Wir beraten Sie kompetent.