SECURING PUBLIC REVENUE:

THE FISCAL SYSTEM:SECURING PUBLIC REVENUE

A White Paper by:Tony Aidinis, ELPOS SA / MALIPONET Ltd 2011

Contents1. Introduction: The problem of securing public revenue22. The Fiscal System: What is it?33. What Economic Sectors can be covered?44. The History & Evolution of Fiscal Systems55. Kenyas Example: A big step forward for Africa86. Technical Specifications for Fiscal ECRs / ETR Terminology96.1 ETR Terminology96.2 ETR Specifications157. The Electronic Signature Device (ESD) Technology16

1. Introduction: The problem of securing public revenue

Paying your taxes is something nobody can argue against. Citizens must contribute to the society they live in the taxes required by the law. No society can survive on foreign funds and no society can survive unless its members contribute for its welfare in a fair way.

How and on what the tax money are spent is a totally different story. Governments must, of course, spend the money on supplying the society with better infrastructure, better hospitals, better schools and create a social safety net to protect the poor and underprivileged. There can be no argument against paying taxes on the excuse that a corrupt government does nothing with that money to actually help the society. In a democracy there can be no arguments like this: if a government does not perform as expected, it loses power and is replaced by one that will live up to the expectations of the people. In a democracy there are no dead ends and no excuses for a citizen to deny paying taxes.

Unfortunately, societies are not made of angels. And, of course, you get to have villains on both sides of the fence: you can have corrupt tax evaders on one side, but you can also have corrupt government officers on the other, too. This is reality. In every country in the world, in every civilization, there is always a mix of people: you have law abiding citizens and you have people that will always show a complete disregard of law, order and sense of duty. You have people that the only sense of duty they have is the duty to make the most profits for themselves.

To make things even worse, the modern economic environment is a complicated network of complex computers, networks, relationships, opportunities and legalities that make proper tax verification and collection a very difficult task indeed.

So, how can a government go about securing public revenue?

Every tax authority in the world, in any country, be it developed or not, faces the same problem. Admittedly some countries with very developed economies can rely on their huge industries to provide the public revenue they want. Germany can rely on its huge industries to provide sufficient revenue and does not need to worry controlling a great number of small businesses. But countries like Greece, for example, where one has a huge number of small businesses and very little big ones, one has to find cost efficient ways in securing the public revenue.

Today a great number of both developed and developing countries come to rely on the so called fiscal system which we will examine in detail in the following pages.

2. The Fiscal System: What is it?

The basic idea behind the fiscal system is this:

Create a trusted device that will record all economic activity and provide evidence of this in a technically easy and undisputed way. Make everyone use such devices and use that data to control revenue. Use advances in technology (GPRS - Internet) to automate the process.

The so-called fiscal solution to the problem of securing public revenue, either in the form of income tax or VAT tax, must be viewed as a whole system with legal, technical and auditing aspects of equal importance.

Key components in a fiscal system:

i) A clear and specific law is in placeii) Detailed technical specifications for the devices that are to be trusted with tax informationiii) The tax authority must control conformance to the specifications and issue approval before any device can be soldiv) There has to be an active enforcement via controls, inspections and legal adjustments so that everyone will use the devicev) the tax authority should plan all future audits so as to make maximum use of the tax reports stored in fiscal devicesvi) NEW TOOL: Use of GPRS Modems to automate (iv) and (v) above

Key benefits of a fiscal system:i) A clear line of liability is created so nobody can evade the system without assuming too much riskii) Because of this line of liability and the embedded security features of any approved device the data coming from the device can be trustediii) Proper enforcement and stability of the system make everyone realize that there is an objective reporting system in placeiv) Objective data means less corruptionv) Objective data means a fair economic environmentvi) Objective data means increased public revenue

3. What Economic Sectors can be covered?

Building a fiscal system means that you target to control specific economic sectors. The concept of having a trusted fiscal device to record economic activity and helping the auditors examine objective data to decide about the tax liability of a person can be applied to virtually any kind of economic activity. Usually governments try to target the most important economic sectors and then build on that experience to expand control in more sectors.

For example, you target the retail activity in all kinds of shops and then you can take that experience to initiate control on public transport or gasoline stations or taxis or entertainment markets.

The timing of fiscal deployment and the sectors it will cover is decided by the tax authority taking into account the countrys specific situation. Targeting most high volume or profit sectors comes usually first, and sensitive geographical areas (for example, extremely poor zones) are usually either exempt or fiscalized last.

NOTE: The Fiscal Electronic Signature Device (ESD) is not only used for B2B sectors. It is a most flexible device and today is widely used to fiscalize any PC based retail installation.

4. The History & Evolution of Fiscal Systems

1 9 8 3Italy introduces fiscal lawItaly was the first European country to introduce a law about secure storage of VAT and turnover data for the retail sector.Italy pioneered the fiscal law in an effort to control its high number of small to medium size businesses and secure public revenue coming from VAT and income tax. Today over 1 million fiscal devices are in use in the country covering

1 9 8 9Greece introduces fiscal lawGreece followed Italys example soon after. Greek economy is characterized by a very large number of small businesses and the most cost effective way of securing public revenue from small tax payers is the use of fiscal devices which became mandatory in the retail sector. Today more than 300,000 fiscal devices are in use.In 2003 Greece expands the fiscal law to include Electronic Signature Devices to control Business to Business (B2B) commerce. Today 120,000 businesses issue all financial documents using ESD technology.All technologies are approved by European Union.

2 0 0 6Central East Europe is fiscalizedToday almost every east / central European developing country has adopted one kind or other of fiscal system.Latest country to introduce the system is Sweden in 2010 using a highly advanced Electronic Signature Device for all tax payers.

Italy, Greece, Sweden, Poland, Bulgaria, Romania, Hungary, Serbia, Macedonia, Bosnia, Ukraine, Cyprus, Malta, Latvia, Lithuania, Russia, Turkey

What happens in the rest of the world?

Apart from Europe, a lot more countries around the world are already fiscalized. Most important examples are Brazil and China!

Is there a global fiscal standard?

No. The countries we call fiscal have adopted different approaches to suit their specific economies.

By calling a country fiscal we are actually saying that the key components of a fiscal system, as described above, are present in a country. That is to say you have a specific law, special security specifications, supplier and device approval and clear enforcement / auditing procedures.

A country can chose different specifications from another, so there is no universal fiscal system that can be accepted by different fiscal countries. For example, in China a fiscal cash register must use government supplied paper only and must have a smart card connection through which an auditor can get direct access to tax data.

These features are unique for China as no other country places such requirements. Nevertheless, we call China a fiscal country because it has the key components of a fiscal system in place. This does not mean that you can take a Chinese fiscal ETR and get approval for it in Czech Republic, for example.

Different specifications apply and to get a license in a country you have to follow the specifications put forward by that countrys authorities.

What is the technological framework of a fiscal system? A fiscal system attempts to create a trusted, secure device for tax data collection, storage and reporting. So, common to all variations of fiscal systems, you find specifications that make use of the following:

a non-volatile, permanent memory, independent of power supply, must be provided in the fiscal device a host of security features: mechanical, such as the fiscal seal, electronic, such as the separate non-volatile secure memory, software, such as the inherent stability and safety of the software running in fiscal devices and organizational such as the approved service engineers the fiscal devices communicating with PC or other electronic systems have intrinsically safe protocols with no back-doors that will allow external commands to alter secure data service operations by a technician are time and date stamped, recorded in secure memory and have strict limitations so they can not be performed more than a few times The time and date of the fiscal ETR is secure and trusted as it can not be changed by the operator. A change of date or time requires a service code only a registered and authorized technician know and the operation is recorded in secure memory

What are the results of a fiscal system implementation?

No matter how good a system may look in theory, we all know that the ultimate test is the result it produces. Fiscal legislation is about creating a tool of auditing targeted to eliminate tax evasion. So the ultimate test of the system is what results it produces in terms of decreasing the number of tax evaders and in increasing total tax revenue for the state.

According to data collected the first five years of fiscal law implementation in Greece in 1989 - 1994, the fiscal law implementation achieved an immediate 18% increase in revenues by first year of implementation and a steady 5% increase (over and above the 3-4% normal increase in the size of the economy) in VAT tax revenue for every consecutive year. This number, when viewed over the whole of the economy makes a really big difference in state revenue and the fact that remained steady for many years proves that such a measure is a long term success if followed properly.

But the increased state revenue is by no means the only benefit coming from fiscal adoption: For the law abiding citizens, fiscal adoption means a step towards a more fair society since everybody is forced to pay his share of taxes. For the businesses alike competition loses any unfair advantage under fiscal scrutiny. For the tax authorities it means less time and effort wasted in futile investigations.

In short, by going fiscal a country aims to achieve:

higher annual revenue from taxes (Greece: +18% first year)

a fair marketplace

streamlined tax auditing with less wasted effort

boost the level of technology used in business

prepare the electronic commerce environment

The simple fact that, starting from a single fiscal country in Europe in 1983, we have more than 19 fiscal countries in 2010 nine of which are members of the European Union and two of which are into the Euro zone, proves beyond doubt that this system not only provides true benefits but is also hard to replace with something more efficient.

5. Kenyas Example: A big step forward for Africa

2 0 0 5Kenya introduces fiscal law

Kenya is the first of the African countries to investigate the possibilities of fiscal tools for improving public revenue.

KRA officials did a thorough research on European legislature and arrived at establishing a Kenyan fiscal law with the most up to date technical specifications.

Kenya is in a totally different economic phase than the European countries. The fiscal reform is not just another effort in collecting money: it profoundly changes the business environment, fights corruption, creates adequate technical infrastructure and enhances employment of technically competent people.

Such a reform obviously touches on every tax evader. Tax evasion within a fiscal environment becomes much more risky than before. This explains why the reform was met with fierce opposition during 2005 early 2006, with traders going to court against KRA over fiscalization.

Every government was met with resistance when trying to enforce fiscal regulations but whenever there is political will the project goes through. So far not a single country in the world was stopped by the opposition from implementing these regulations.

6. The Electronic Tax Register (ETR) Technology

Fiscal Cash Registers are designed to work on most retail outlets in a standalone fashion, without the need of any connection with a PC or other systems.

Fiscal Electronic Cash Registers (or Fiscal ECRs) are also referred to as Electronic Tax Registers (ETR) to reflect the fact that are specially designed equipment and not normal, non-trusted and non-fiscal Electronic Cash Registers.

Modern ETRs come with the capacity to be connected in networks with other IT equipment or even be part of a GPRS wireless network so that they can supply real time data to centralized servers for auditing or business reporting.

Because ETRs play a central role in any fiscal system, we present here ETR Terminology and Technical Specifications that must form the basis of any good fiscal implementation:

6.1 ETR Terminology

Here are some fundamental concepts and terms used today in all Fiscal Systems:

Fiscal Memory Module (or simply FM): This is an electronically and physically secure non-volatile memory where all tax totals are stored in the form of specific records (Z records) per day. It follows that a FM must have the capacity to store daily Z records for as many years as are necessary by each countrys Tax regulations. For a 5 year data retention, 5 X 365 = 1825 records are needed. Each record holds separate totals per VAT category used in the country.The FM is a separate electronic module that is covered with epoxy resin in such a way as to be virtually impossible to separate the module from the bottom plastic casing of the ETR.

Fiscal Memory Reading Port:All ETRs should have an Input/Output port that the tax authorities can use to gain access to the FM data by simply plugging in a standard PC. This port may be any of the standard PC industry types: Serial RS232, USB or Ethernet. All types are accepted as long as the manufacturer supplies the Tax Authority with proper software to enable such FM reading.

Fiscal Seal:The most common and basic form of physical protection for all ETRs / ESDs is the Fiscal Seal. The Fiscal Seal is a chemical sealant (wax or other) that covers one screw in such a way that the plastic case cannot be opened unless someone breaks the seal.This protection has worked well over the years but it is now complemented by a host of other, software based, features such as technicians passwords and detailed records of every technical intervention in the FM.

Fiscal Memory Map:

A Fiscal Memory Map is the structure in terms of electronic records that are kept in the FM.Details of every record are specified by Tax Authority according to the specific needs.

An example of Fiscal Memory Map is shown here depicting all obligatory records.

Note that there are separate record groups for:

a) Header Records that keep the Owners Data such as VAT number, Address etcb) CMOS Resets Records that keep the time and date a Technician has performed CMOS (Hardware) Resetsc) Technician Service records that keep the time and date a Technician has entered his passcoded) VAT Rates keep records each time a change in VAT rate was maded) This is the main area of everyday Z records with all numerical totals recorded.e) This area is specific to Ethiopian standards: the tax payers TIN number is stored herea) H

Communication Protocols:Protocols here mean a specific set of commands and instructions that the ETR can follow to transmit or accept data from an attached PC, GPRS Fiscal Modem or other such device.To ensure data protection and authenticity, the Manufacturer must declare that there are no hidden commands in the ETR protocols that can perform actions not documented in the literature.

ETR - GPRS Fiscal Modem Protocol:This is a set of commands that are needed so that the ETR can connect and transmit data via the GPRS Fiscal Modem. It needs to be defined so that external GPRS modems can connect and operate correctly. SERVER - GPRS Fiscal Modem Protocol:This is a set of data structures and commands that the GPRS Modem needs to understand in order to correctly connect and transmit data to the Tax Server.

VAT Categories:Each country uses different VAT categories: one country may use, for example, VAT Category A with VAT rate 4% and one VAT Category B with VAT rate 18% and another country may use 5 categories with VAT rates 4%, 8%, 18%, 36% and 0%.As rates of VAT may change by government decision the VAT categories are used as variables to hold VAT rates.Any change in VAT rates cannot be entered into the ETR by the user (to avoid meddling with the rates) but it needs an authorized technician to break the seal of the ETR and change the rates after giving his password, while the whole change is registered permanently in the FM.

Departments (DPT):Departments are groups of similar products (Items or PLUs). For example, the Department named BEVERAGES may include the specific items 0,5lt Water, Coca Cola, PEPSI and lemonade while the Department named MENS SHOES may include Black Leather shoes of all sizes, sports shoes of all sizes etc.In the Fiscal System it is obligatory to use AT LEAST as many departments as there are VAT Categories.The reason for that is that every VAT category is mapped and paired with at least one Department. In this way, the operator can sell all items that are taxed at VAT rate of Cat A under DPT1 and all items that are taxed at VAT rate of Cat C under DPT3 etc.See Examples in the User Instructional Leaflet

Price Look Up Tables (PLU):PLU means simply an individual item (product) that is separately sold.The name comes from old time use of non fiscal cash registers and simply means a database stored in the ECR where the machine can look up at a table of items and find the price of every item together with many other data like the Department where this item belongs to, description of the item, quantity that is in stock, barcode code for the item etc.

Under a fiscal system it is NOT necessary to oblige the user to use that level of detail. Most small shops and small businesses do not have either the knowledge nor the capability to use thousands of different entries in a PLU database.

What is of paramount importance in a Fiscal System is that the sale of an item to be recorded under the proper for the item Department representing the proper VAT rate.See Examples in the User Instructional Leaflet

Barcode Coding:Although detailed use of item coding may not be practical or even possible for a small shop, all large shops that deal with thousands of items must use some form of control and follow their sales on a per item basis. For such organized recording the use of Barcode Codes on every item is mandatory and usually is taken care of by the manufacturers of the individual products.As far as the ETRs are concerned, Barcode Coding is supported in the PLU database and electronically by the availability of communication ports to which an external Barcode Scanner is connected.See Examples in the User Instructional Leaflet

Legal Receipt:This is the paper slip that the buyer is getting from the merchant that documents the transaction.In Fiscal Systems a Legal Receipt is clearly marked with the words START LEGAL RECEIPT in the beginning of the transaction and the words END OF LEGAL RECEIPT at the end of the receipt.The Tax Authority must specify what must be printed in a Legal Receipt. For example, should there be separate printout of the VAT the tax payer is paying or is it enough to mention the VAT inclusive price?

Illegal Receipt:

Electronic or Paper Journal:Journal is the exact copy of any receipt or report that is printed out of an ETR or ESD.A copy can be maintained in 2 possible forms: it can be either a PAPER COPY (PAPER JOURNAL) or an ELECTRONIC COPY (EL. JOURNAL).

CMOS Reset or Service Reset:

CMOS Reset is comparable with pressing CTRL ALT DEL in a PC.It basically REBOOTS the ETR system ERASING (RESETING) ALL variables of the system in the process.This effectively ERASES the TAX TOTALS of the specific day that have not YET been stored in the FM because the user did not get a chance to perform Z report.

CMOS Reset is a last resort operation when the system has hanged down or crashed and no keyboard or other external operation is possible.

Because CMOS Reset will erase the daily totals that are not yet stored in FM (but NOT the FM Z records that are non-volatile) there are SECURITY features that make sure only AUTHORIZED and TRUSTED technicians can perform the RESET.

These procedures include (a) breaking the fiscal seal, (b) setting specific jumpers (as shown in picture at the left)

Authorized Service Technician:

Maintenance Service Booklet:Every ETR / ESD is accompanied by its Service Booklet. This is a special booklet with pages where the authorized technician must record and properly sign every time service is performed, whether this involves CMOS Reset or VAT Rates change

Z Report:Z Report (the name reflects the fact that it is the LAST action taken every day like the letter Z is the last letter of the alphabet) is calculated and printed at the end of the day. Each Z report is then securely stored as a separate record in the FM.

6.2 ETR Specifications

The Tax Authority should formulate the Technical Specifications that must be met for an ETR to be accepted as Fiscal Devices.

These Specifications come in 4 parts:

PART 1: Security & Quality of the DeviceThese specifications must ask for:1.1 Presence of a Fiscal Seal1.2 Declaration of Manufacturer about security of Fiscal Module1.3 Declaration of Manufacturer that the product follows International Standards (CE mark)1.4 Declaration of Manufacturer about spare parts availability for 5 years1.5 Each ETR is UNIQUELY numbered and identified in factory so it carries a unique ID

PART 2: Electronics and Peripherals SpecificationsThese specifications must ask for:2.1At least one standard communication port so that a tax auditor can attach a cable and read fiscal memory contents right from the ETR. One of RS232, USB or Ethernet must be provided.2.2 Capacity to attach an EXTERNAL GPRS modem with proper protocol support2.3Various usability and ergonomic restrictions, for example a minimum height of screen numbers, minimum size of printed numbers and letters on the receipt printer etc2.4 Electronic Journal type and specifications allowed

PART 3:Software Functions, Printouts and ProtocolsThese specifications must ask for:3.1Number of VAT Categories to be supported3.2Structure of a Legal Receipt3.3Structures to be allowed as Illegal Receipts (Statistic Reports, Advertisements, Coupons etc)3.4Contents of obligatory reports like Z Report / Auditing Printouts3.5PC communication protocol (if any) to be submitted and Manufacturer Declaration of Protocol Security3.6GPRS Fiscal Modem communication protocol (obligatory)

PART 4:Specific Product Literature such as Manuals, Service Booklet etcThese specifications must ask for:4.1Submission of Users Manual4.2Submission of Authorized Technicians Service Manual4.3Submission of Service Booklet

7. The Electronic Signature Device (ESD) Technology

The concept of electronic signature :

For the tax authorities the concept of electronic signature has the following key characteristics:

1. the electronic signature device (ESD) has a fiscal memory, just like the retail ECRs2. the electronic signature device (ESD) has a unique serial number just like the retail ECRs and is uniquely assigned to the business that buys it3. the electronic signature device (ESD) is used in conjunction with the PC system of a company that is running the accounting software normally used to print the financial documents such as invoices etc.4. each and every financial document, to be valid and acceptable, must bear at the end of it the electronic signature5. each and every financial document is kept as electronic copy in computer files, together with its electronic signature as issued by the ESD6. The companies do not need anymore to keep paper copies of their financial documents since now the tax authorities have a trusted device (the fiscal memory in the Electronic Signature Device) which can certify beyond doubt the authenticity of the computer file

To whom does the fiscal electronic signature apply?

This law applies to any computer based, printed tax documents issued to a third party. Here 'tax documents' include every document in business to business transaction and every document in business to consumer transaction (retail). These tax documents mainly are invoices and transportation documents. Ifyour accounting software issues (prints) invoices to third parties or goods transportation documents, it certainly needs to be upgraded to the new law. If your accounting software does not issue such documents you don't need to do anything. If you issue such documents by hand, again you do not need to do anything.

If you issue only retail receipts you can chose between cash register/fiscal printer technology OR Electronic Signature technology. Electronic Signature Technology is much more cost effective in places with more than one service point. This happens because a single Signature Device can be networked and electronically sign all documents issued by many PC stations. Networking can be such that a single ESD device in the central offices in one city can be used to sign and authenticate financial documents issued by a point of sale located in another city!

How does it actually work?

It works based on fiscal memory. Fiscal Memory is a device the authorities can trust. This means that the tax authority can trust the electronic signatures stored in fiscal memory. Beginning with this undisputed and trusted signature, the authorities can verify the authenticity of any document stored in electronic form in the users PC and accounting software.This law in a nutshell has three requirements:

Suppose you are to print an invoice or even a Retail Receipt from a PC based equipment.

1. the text of the invoice / receipt passes through the 'Electronic Signature Device' and gets a signature created by algorithm HASH-1. The electronic signature is 40 bytes long and is printed at the last line of the invoice document, along with some other information like the devices serial number and date/time.2. the text of the invoice / receipt is saved in a file named DDMMSSSSS_a.txt, thedigital signature is saved in a file named DDMMSSSSS_b.txt, the DDMMSSSSS part of the name meant to contain day, month, serial number of document and serial number of ESD3. You do that for every invoice / receipt of a day4. at the end of the working day you request from the ESD to perform theHASH-1 algorithm over all the _b.txt signatures of the day. The electronic signature thus created is saved in a file under the name DDMMSSSSS_c.txt and also kept in ESD's fical memory (PROM memory).This is called a 'Z' report.So, for every working day you keep in your computer (or server) a number of_a.txt and _b.txt files which correspond to the tax documents you issued that day and one _c.txt file that contains the signature of all _b.txt signatures of that day.The idea is that now you do not keep paper copies of your tax documents andyou issue tax documents on plain paper.The _a.txt and _b.txt files are enough. The tax authority when auditing the authenticity of tax reports will:

a) read from the ESD fiscal memory the _c.txt permanentrecord for any given day. b) Using this _c.txt signature will verify all the_b.txt signatures kept in your computer for that day andc) Using the _b signatures will verify the _a.txt document which is the copy of the original issued invoice.

B E F O R E E S DNormal, Un-fiscalized Accounting

Very difficult to audit Chaotic systems and formats No trusted platform No authentic electronic files Loss of files due to crashes leave no evidence behindunauthenticated files mean nothing

A F T E R E S DAccounting with Electronic Authentication

ESD

ESD acts as a trusted, external peripheral, simple to access directly and independently of PC installation audits can be automated through special software all electronic files kept in non-secure PC environment are authenticated through the trusted device and can be electronically communicated the files have now the status of OFFICIAL documents and regular backups are mandatory with the exception of very old, DOS-only PCs all other computer environments are supported: Win98, Win2000, WinXP up to Win7, Linux, Unix, AS400

What are the benefits of this technology?

The use of electronic signatures has the following benefits:

A. Benefits for the user:

A1. USER KEEPS HIS PREVIOUS HARDWARE AND SOFTWARE: This is the strongest point of ESD technology: thanks to the ingenious use of DRIVERS, the ESD will attach itself to ANY PC installation using the provided DRIVERS without forcing the user to change anything in his existing infrastructure. This means that the user will continue to work as he used to, with his existing software and existing printer/PC.

A2. NO PAPER COPIES NECESSARY: An additional important benefit for the user is that all paper copies are not necessary anymore. Once electronic files of documents are authenticated with this technology then they are the only copies a user must keep for any tax inspection.

The reason is that ELECTRONIC SIGNED FILES can be VERIFIABLE by the ESD signature.

This means that a company can forget about keeping paper archives of its documents, saving on storage and handling costs. This saving alone can pay for the implementation, especially in large companies.

Furthermore, electronic files are much more easy to duplicate and thus protected by regular backups. Electronic files do not take up any space and they can be duplicated as many times as it is necessary to be safely archived.

A3. ANY PRINTING MEDIA ALLOWED: The invoices or Receipts can be printed on any paper using any technology (laser, inkjet, dot matrix) and any printer.

Because there is no need for paper copies and the electronic copies are enough for the law, the company can issue single sheet invoices using any type of technology. This was previously unavailable because of the need of many paper copies that meant that you had to use dot matrix impact technology and chemical paper copies.

A4. PROOF OF INNOCENCE OR GUILT: The trusted fiscal memory in the device can prove beyond doubt the innocence of the end user in case some dispute arises with the authorities. This means that the el. Signature works both ways: it can prove that a user committed a tax crime or it can prove his innocence.

A5. NETWORKING: End users that operate many points of service can make use of networking. This means that with just one Electronic Signature Device plugged into the Ethernet network all documents (retail or business to business) printed by any point of service in the network can be validated and fiscalized.

B. Benefits for the tax authorities

B1. COMPUTERIZING THE TAX AUDITING PROCESS: The verifiable, authentic electronic files and the fiscal memory device make it possible for the tax authorities to use computers and software to verify instantly a large number of invoices (or retail receipts digitally signed) for their authenticity to the last letter and digit. In this way, the workload of the inspectors gets much less and so the same number of tax inspectors can perform much more controls with great improvement not only in numbers but also in accuracy.

B2. LESS WORK FOR TAX AUTHORITIES: The local tax authorities issue an electronic signature device to a certain company / user that covers all the needs of the user to issue tax documents.This saves a lot of time and personnel for the tax authority that was previously needed to control and authorize the issue of electronic documents for the various companies in the tax territory.

B3. LESS DISPUTES: Because of the nature of the fiscal device, much less disputes arise during a tax inspection. The fiscal memory can provide indisputable evidence for the innocence or guilt of the user. B4. INCREASED TAX REVENUE: Thanks to the tight security and the accuracy of all financial records authenticated by the electronic signature, the revenue of the tax payers is revealed and taxed much more easily, providing significant increase in tax revenue.

In conclusion, Electronic Signature Fiscal Devices is the next logical step forward in the tax auditing technology.

Questions and Concerns regarding ESD

1. What is the effect of system crashes and errors?

Whether there is an ESD in a system or not, a system error or crash has exactly the same effects. If the crash would cause loss of files without the ESD it would cause loss of files with the ESD.

Since the ESD device is an external peripheral, immune to viruses and system crashes, all authenticating signatures are safe against system crashes. However, the electronic files themselves, kept only in the PC system, are not only crucial for auditing but, with the ESD in place, have the status of official accounting books. This means that the tax payer should take care of proper backups as loss of files is equal to loss of accounting evidence, punishable by the tax authorities in exactly the same way as it would be done with paper evidence.

Without the ESD, loss of files is still critical for any business but not punishable by the tax authorities as the un-authenticated files have no real auditing value (they can easily be manipulated).

With the ESD, loss of files is CRITICAL and the user MUST take care of his data by taking regular backups. Negligence or bad practices are not tolerated.

Without the ESD audits are based on paper books and unsecured computer reports. Paper accounting books can be lost or destroyed, thus making audits impossible. Making safety backups of paper is very difficult and time consuming, so purposeful or accidental elimination of paper data is easier.

With the ESD audits are based on electronic files stored in computer systems. Paper copies have no meaning because they can not be checked for their validity automatically. Making safety backups of electronic data nowadays is easy, automatic and cheap. RAID arrays, USB disks, CD burners, USB sticks, tape backups are all widely available and cheap. The user is responsible for keeping proper computer safety practices and backup regularly his data.

2. What are the technological security measures that ensure that the HASH-1 algorithm can not be fraudulently manipulated in favor of tax avoidance?

An attack against the ESD system would NOT attempt to change the HASH-1 algorithm in the first place. The HASH-1 used in the ESD is an international standard and can be executed in exactly the same way by any PC software as well as by the ESD itself. If one was to manipulate the ESD internal HASH-1 algorithm to produce a different result than the original, the very first time an audit would take place will disclose the fact simply because the same HASH-1 is executed by the audit software and should produce exactly the same signature.

The only way to attack the system is simply not to use the system!

If one is really using the ESD system to print his financials he has to report exactly what he printed out because the audit will automatically find out if there is any discrepancy between what was printed and what was reported.

If one is NOT using the ESD system:

(b) just prints a garbage signature on his invoices without even turning on his ESD or(c) accidentally deletes his electronic files making audit impossible or(d) print correct invoices using correct signature from his ESD but then manipulate the files in his PC to show different totals than the originals(e) prints correct invoices using correct signature but uses copies of the same invoice to circulate many times different goods

In (a) and (c) above the very first audit would pinpoint immediately and automatically the problem.

In case (b) the user has to explain why he failed to produce regular backups and face an audit that will then be based on circumstantial evidence plus heavy fines for his negligence

In case (d) any inspection that will examine a printed invoice with the time and date stamp coming from the ESD (which by the way provides secure time stamping also) will immediately reveal what is happening and the user will face the relevant penalties.

To conclude we will repeat what was stated in the beginning: the FISCAL system is NOT about buying a device that magically will turn everything clear. The FISCAL system involves having a whole network of proper inspections and audits in place. When you have such a system in place, then the risk for a tax evader is getting higher and higher. Tax evasions are always present. By installing proper systems the authorities aim to make the risk for tax evasion be so high that the overall effect will be to make people think three times before they attempt to evade their taxes.

6. The Bigger Picture: Value Multipliers & New Services

An attack against the ESD system would NOT attempt to change the HASH-1 algorithm in the first place. The HASH-1 used in the ESD is an international standard and can be executed in exactly the same way by any PC software as well as by the ESD itself. If one was to manipulate the ESD internal HASH-1 algorithm to produce a different result than the original, the very first time an audit would take place will disclose the fact simply because the sTHE FISCAL SYSTEM: Securing Public Revenue 2011 page 1