Fair play at the cash register: KassenSichV will come into force in 2020

Year after year, the tax authorities lose several billion euros due to tampered cash register data. The state now wants to put an end to this and has decided that from January 2020, all cash registers must be tamper-proof – in order to achieve greater tax fairness and fair competition.

Electronically signed receipts

The title's a bit of a mouthful: Ordinance establishing the technical requirements for electronic recording and security systems in commercial transactions. That’s why it has been abbreviated to KassenSichV, or Cash Register Anti-Tampering Ordinance.

Its contents: Cash register, accounting, security and recording systems, such as cash registers, must be protected in future against tampering using a certified technical security device (TSE). The ordinance will enter into force on 1 January 2020, and discussions are currently underway to extend the implementation period. The legal obligation primarily affects retailers and restaurants/cafés. Only old cash registers, which cannot be equipped with a TSE due to their design, are subject to a transitional arrangement: They can remain in use until 31 December 2022, but must at least comply with the regulations of the Federal Ministry of Finance on the storage of digital documents for cash transactions in force since 2016. Millions of cash registers will now have to be retrofitted.

The mandatory TSE consists of several modules, thanks to which cash register entries are recorded and stored in a tamper-proof manner and can be transmitted to financial auditors via a digital interface. At the heart of this concept is the electronic signature attached to the individual receipts. A checksum for each document ensures the integrity of the data: Subsequent intervention can be detected, since the checksum will then no longer be correct.

Local or central

Two types of solutions are mainly being discussed. In the case of the local solution, the TSE functions are integrated in a compact hardware module – such as a USB stick or SD card. This solution could be of interest, for instance, to dealers who operate only a few cash registers. However, the module in this solution will probably have to be replaced every three years.

The central cloud solution, on the other hand, is based on a web service in which a trusted service provider – such as Bundesdruckerei's D-TRUST – provides the security functions and signs receipts electronically. Since the required security infrastructure is located in the service provider’s protected data center, no hardware has to be installed on site at the operator's premises. A secure Internet connection is needed in this case. This solution is likely to benefit companies with many branches and cash registers as it enables a uniform rollout and efficient administration without having to change every cash register manually.

Solutions are currently being developed

There are as yet no ready-made solutions on the market: Several manufacturers are in the certification process with the Federal Office for Information Security (BSI). This process is expected to be completed in the fourth quarter of this year.