How To Guide Fiscal Austria
Fiscal Overview
For shared background, see Fiscal Overview.
Description
The fiscal approach in Austria is based around singing transactions. It is necessary to use an external device with a certificate purchased for the purpose to complete this signing process, there are two possible approaches. Either the retailer can purchase a card reader and a card which contains the certificate, or they can use a third-party service which will hold the certificate on a HSM and sign transaction on request via a REST web service. Both approaches are supported by Enactor.
It is the retailers responsibility to purchase a signing solution that is capable of supporting their business operations there are a number of suppliers available, current customers have used https://en.cryptoshop.com/products/rksv-registrierkassenverordnung.html and been happy with the service provided.
Once the certificate has been purchased and configured to work with the POS it is necessary to perform on the POS an initial transaction which has been signed with the new certificate. This must then be submitted by the retailer to the Austrian Tax Authority along with the certificate details and an encryption key. After this initial transaction there is no requirement to submit further individual sales transactions to the tax authority. However, each receipt, which must be provided to the customer with each sale, has a QR code. Within this QR code are sales and tax totals for the POS which have been encrypted with the key given to the Tax Authority along with the initial transaction. This allows the tax authority to make an unannounced test purchase from which the QR code can then be used to ensure that the sales and tax reported match the amounts reported and paid to the tax authority by the retailer.
Customers can also use a tool to scan this QR code and be confident that the retailer is registered with the tax authority and paying the tax due. The sales and tax totals will not be visible to customers who do not have the key needed to decrypt them.
The POS also supports export of transactions in a predefined format, a DEP export. The tax authority can request this export from the retailer during an inspection. It is also necessary for the retailer to close reporting periods daily by running end of day, month and year functions which each are signed and produce paper receipts which must be retained by the retailer. Functions to do this are provided within the POS and can be accessed through the menu system controlled though privileges as usual.
Certification of the POS solution is not necessary; only the signing device itself requires certification.
Notes
Although Enactor support the key card approach all our customers up to now have chosen to use the service-based approach. Since final testing requires an account with the Tax Authority and these are only available to retailers the first customer to use the key card approach will need to conduct joint testing with Enactor prior to rollout.
Submissions to the FinanzOnline web services and validation of the Fiscal Device Status occur only when the FON_RegistrationType is set to Automatic.
Configuration Overview
The following configuration changes are needed and should be broadcast to all Austrian devices in preparation for go live.
POS Terminal Template
The POS Terminal Template used by all devices in Austria should be configured to have the fiscalisation Type set to Austria. Currency should be set to Euros and Locale to Austrian.
No sale receipt should be set to Fiscal No Sale 4XX Col where XX is the correct printer column width.
Within the Tax section the Tax region should be set to Austria and the tax scheme to AT VAT
Location
Each location in Austria should have its Tax Region set to Austria and Tax Scheme set to AT VAT.
Tax Groups
The following tax groups should be configured and broadcast to the Austrian devices.
| Tax Group ID | Description |
|---|---|
| AT1 | AT Normal Tax Group |
| AT2 | AT Reduced 1 Tax Group |
| AT3 | AT Reduced 2 Tax Group |
| AT4 | AT Zero 2 Tax Group |
| AT5 | AT Special 2 Tax Group |
Tax Schema
The following tax schema should be configured and broadcast to the Austrian devices.
| Tax Schema ID | Description | Price Include Tax |
|---|---|---|
| AT | AT VAT | TRUE |
Tax Rates
The following tax rates should be configured and broadcast to the Austrian devices.
| Tax Rate ID | Description | Display Code | Percentage |
|---|---|---|---|
| AT_R1 | AT Normal | T | 20% |
| AT_R2 | AT Reduced 1 | R | 10% |
| AT_R3 | AT Reduced 1 | r | 10% |
| AT_R4 | AT Zero | Z | 0% |
| AT_R5 | AT Special | s | 10% |
Tax Group Tax Methods
The following tax group tax methods should be configured and broadcast to the Austrian devices.
| Tax Group ID | Tax Scheme ID | Description | Tax Rate |
|---|---|---|---|
| AT_1 | AT | AT Normal | AT Normal |
| AT_2 | AT | AT Reduced 1 | AT Reduced 1 |
| AT_3 | AT | AT Reduced 1 | AT Reduced 1 |
| AT_4 | AT | AT Zero | AT Zero |
| AT_5 | AT | AT Special | AT Special |
Product Tax
The following tax configurations should be configured againts the products and broadcast to the appropriate Austria devices.Tax group can be defined to either configure the tax group or have a tax group by tax region.
Account Credentials
Account credentials must be set up with the details of the service that will be used to sign transactions. These details will be included in the correspondence from the supplier at the time of purchasing the service. There are two sets of account credentials that must be configured for signing. A third set of account credentials is needed to store the AES 256 key that is used to encrypt the grand totals on the receipt.
Get Certificate
This set of account credentials is used to obtain the certificate from the API.
From the document received (example above) you will need the
-
User ID
-
The Shared Secret which is the password
-
The Basis-URL which is used to create an account credential property
-
The Key ID which is also used to create an account credential property
First create a new account Credential called GET_CERTIFICATE
-
Set the account type to GET_CERTIFICATE
-
Set the name to GET_CERTIFICATE
-
Set the User ID to the user id received in the document.
-
Is Live should be checked.
-
Use System Key should be checked.
Click change password and on the resulting prompt supply the Shared Secret from the document as the password.
Next on the Other properties tab two properties need to be created
-
fiscalSuiteId of type string with a value R1_AT3
-
url of type string with a value that built from values provided in the
document as shown below
Format: **[BASIS-URL]/rs/keys/ **[Key ID]/certificate.pem
Example: https://yt-4gc7836.ps.primesign.com/rs/keys/9d9dnje3/certificate.pem
SIGN_TRANSACTION
This set of account credentials is used sign transactions with the API.
From the document received (example above) you will need the
-
User ID
-
The Shared Secret which is the password
-
The Basis-URL which is used to create an account credential property
-
The Key ID which is also used to create an account credential property
First create a new account Credential called SIGN_TRANSACTION
-
Set the account type to SIGN_TRANSACTION
-
Set the name to SIGN_TRANSACTION
-
Set the User ID to the user id received in the document.
-
Is Live should be checked.
-
Use System Key should be checked.
Click change password and on the resulting prompt supply the Shared Secret from the document as the password.
Next on the Other properties a single property needs to be created
- url of type string with a value that built from values provided in the
document as shown below
Format: [BASIS-URL]/rs/rk/keys/[Key ID]/signatures/r1"
Example: https://yt-4gc7836.ps.primesign.com/rs/rk/keys/9d9dnje3/signatures/r1
FISCAL_AUSTRIA
This set of account credentials is used to encrypt the grand totals on the receipt.
The key should be generated using the following command:
openssl rand -base64 32
First create a new account Credential called FISCAL_AUSTRIA
-
Set the account type to FISCAL_AUSTRIA
-
Set the name to FISCAL_AUSTRIA
-
Set the User ID to the user id received in the document.
-
Is Live should be checked.
-
Use System Key should be checked.
Next on the Other properties following properties needs to be created:
| Property Key | Type | Value | Comments |
|---|---|---|---|
| AES_SECRET_KEY | String | The value should be a Base64 key. | Set this property to be write-only. |
| FON_RegistrationType | String | Automatic | Registration type with FON (Automatic or Manual). |
| TID | String | Eg: 12805814w135<br>(Should be 8 to 12 characters) | Identification number of participants in a service. |
| UID | String | Eg: ATU48822403<br>(Should be 10 to 24 characters) | VAT identification number of the software supplier. |
| url | String | https://finanzonline.bmf.gv.at:443 | FON service end point URL. |
| SUBMISSION_TYPE | String | Eg: T | P for production submission or T for test submission. |
| PIN | String | Eg: Enactor_Test01<br>(Should be 5 to 128 characters) | User password/PIN. |
| BEN_ID | String | Eg: WebUser2<br>(Should be 5 to 12 characters) | User ID. |
Privileges
Users who are authorised to perform fiscal functions should have the following privileges: AuthorisesDEPExport, DEPExportAllowed, AuthorisesFiscalControlReceipt, FiscalControlReceiptAllowed
For Fiscal POS Terminal Maintenance following privileges will need to be configured against the appropriate roles and broadcast to the Austria devices. Consideration should be given to whether it is desirable for all operators to have all of these privileges or if some should only be granted to managers. For more detail on Privileges and roles refer to the How-To Guide Configuring User, User Roles and User Templates
| Privilege ID | Application Package | Process | Remarks |
|---|---|---|---|
| enactor.fiscalPOSTerminalMaintenance.Edit | Fiscal Maintenance | Fiscal POSTerminal Maintenance | Mandatory |
| enactor.fiscalPOSTerminalMaintenance.List | Fiscal Maintenance | Fiscal POSTerminal Maintenance | Mandatory |
| enactor.fiscalPOSTerminalMaintenance.New | Fiscal Maintenance | Fiscal POSTerminal Maintenance | Mandatory |
| enactor.fiscalPOSTerminalMaintenance.Remove | Fiscal Maintenance | Fiscal POSTerminal Maintenance | Mandatory |
| enactor.fiscalPOSTerminalMaintenance.View | Fiscal Maintenance | Fiscal POSTerminal Maintenance | Mandatory |
Option Set Maintenance Changes
Related to the Type: Fiscal POS Terminal Attributes
Navigate to Attribute / Option Set Maintenance.
A new Option Set should be created with the following properties for the Fiscal POS Terminal Attributes Type. Although users have the flexibility of exporting the Option Set through the File export maintenance and uploading via File import maintenance in Estate Manager.
| Attribute / Option Set ID | Type | Region |
|---|---|---|
| AUSTRIA_FISCAL | Fiscal POS Terminal Attributes | AUSTRIA |
Add a Text option using the "Add" button.
Set the option name and ID as "DEVICE_STATUS".
Menus
The POS menu structure should be modified to add a fiscalisation folder for operators that should be able to perform fiscal operations on the POS. The menu can be created at a convenient place within the current POS menu structure, suggested:
Sales > More > Fiscalisation
The following items should be added to the new Fiscalisation folder
| Event | Label | Id | Data Name | Data Java Type | Data Value |
|---|---|---|---|---|---|
| Fiscal_PrintControlReceipt | Initial Receipt | InitialReceipt | enactor.pos.ControlReceiptType | String | initial |
| Fiscal_PrintControlReceipt | Monthly Receipt | MonthlyReceipt | enactor.pos.ControlReceiptType | String | monthly |
| Fiscal_PrintControlReceipt | Yearly Receipt | YearlyReceipt | enactor.pos.ControlReceiptType | String | yearly |
| Fiscal_PrintControlReceipt | Final Receipt | FinalReceipt | enactor.pos.ControlReceiptType | String | final |
| Fiscal_PrintControlReceipt | Cumulated Receipt | CumulatedReceipt | enactor.pos.ControlReceiptType | String | cumulatedCtx |
| Fiscal_ExportDEP | Export DEP | exportDEP | N/A | N/A | N/A |
| enactor.coreUI.MenuBack | Back | back | N/A | N/A | N/A |
Fiscal Type Maintenance Menu
Within the Fiscalisation folder, the "Add a new Execute Process Item"
option should be selected, and the following configurations should be
added.
Within the General Tab,
-
Application Process to Run - Fiscal Type Maintenance
-
ID -
Maintenance/FiscalType/FiscalTypeMaintenance
-
Item label - Fiscal Type Maintenance
-
Item message ID - FISCAL_TYPE_MAINTENANCE
-
Item Message Base -
com.enactor.maintenance.pages.fiscalType.FiscalTypeMaintenanceMessages
-
Image URL - fiscaltype.svg
Within the Data tab, the name and value should be entered.
-
Name - enactor.maintenance.FiscalisationType
-
Value - AUSTRIA (This should be your Fiscalisation Type)
Fiscal POS Terminal Maintenance Menu
Within the Fiscalisation folder, the "Add a new Execute Process Item" option should be selected, and the following configurations should be added.
-
Application Process to Run - Fiscal POS Terminal Maintenance
-
ID -
Maintenance/FiscalPOSTerminal/FiscalPOSTerminalMaintenance
-
Item label - Fiscal POS Terminal Maintenance
-
Item message ID - FISCAL_POS_TERMINAL_MAINTENANCE
-
Image URL - fiscalposterminal.svg
After setting the Menu configurations, the Fiscalisation folder should be displayed as shown below.
Reasons
An new reason type needs to be created with the following details:
| TypeID | Description | Namespace URI | Prefix | Local Part |
|---|---|---|---|---|
| FISCAL_NO_SALE | Fiscal no sale | http://www.enactor.com/retail | retail | noSaleReason |
The following reasons then need to be created:
| Reason Id | Reason Type | Region | Description |
|---|---|---|---|
| CUMULATED_CTX | FISCAL_NO_SALE | AUSTRIA | Cumulated Fiscal Receipt |
| FINAL_FIS_CTRL_RPT | FISCAL_NO_SALE | AUSTRIA | Final fiscal control receipt |
| INITIAL_FIS_CTRL_RPT | FISCAL_NO_SALE | AUSTRIA | Initial fiscal control receipt |
| MONTHLY_FIS_CTRL_RPT | FISCAL_NO_SALE | AUSTRIA | Monthly fiscal control receipt |
| YEARLY_FIS_CTRL_RPT | FISCAL_NO_SALE | AUSTRIA | Yearly fiscal control receipt |
Initial Setup
Once the above configuration steps have been completed it is necessary to login to the Finanzonline portal and register both the security device, and the POS devices that will be using the security device. The portal uses the term security device, in this solution this is the HSM hosted by PrimeSign for which details will have been provided when you subscribed to PrimeSign. In other solutions this could be a card or some other type of HSM device hence the use of the generic term security device by the tax authority.
This can be done at the location shown in the screenshot below, once you have logged in to the Finanzonline portal with the credentials provided by the tax authorities. These will be different to the credentials used in the account credentials set up in the previous section.
This will link to the following page from which both the security device and the POS can be registered. First we will register the security device.
This link marked with a red arrow will lead to the following page where the drop downs should be set as shown below and the final text box should contain the serial number of the device provided by PrimeSign (obscured in the screenshot below by the lowest black box).
Serial number will be provided in the PrimeSign documentation in the Seriennummer desSignaturzertifikats section.
After providing these details and clicking the register button you should get a message to indicate success.
Next we will return to the earlier screen to register the POS.
Clicking this link indicated by the red arrow in the screenshot above will take you to the following screen. Where you will need to provide device ID of the POS you are registering in the first box, a description of the POS in the second box and finally in the third box the AES 256 key from the FISCAL_AUSTRIA account credential.
The last box is for a checksum in case you are typing the AES key from a piece of paper, since it's expected that the key will be copy pasted from the Account Credential maintenance page in the EM this value is not provided or required.
Once you click the register button a confirmation message should appear and this completes the registration process.
This process will need to be repeated for every production POS.
Receipts
Note: While some of the following receipts appear to contain little information they are important the detail will be within the QR code and recorded in the DEP records.
Initial Receipt
Once all of the setup has been completed and broadcast to a POS it's necessary to produce an initial receipt.
If the FON_RegistrationType is set to Automatic in the FISCAL_AUSTRIA account credentials and the DEVICE STATUS is REGISTERED, the initial receipt will be printed automatically upon the first login to the POS.
Otherwise, it should be printed manually using the "Initial Receipt" menu button on the POS, which is configured in the menu section of this document.
This receipt needs to be retained for your records and no transactions should be performed on the POS until it has successfully been created as it initialises the signature chain for that POS.
Monthly Receipt
At the end of each month it's necessary to produce and retain a monthly receipt using the button configured in the menu section of this document.
Annual Receipt
At the end of each year it's necessary to produce and retain a annual receipt using the button configured in the menu section of this document.
Offline
Should the communication with PrimeSign fail and the POS therefore be unable to sign transactions the POS will not be prevented from completing transactions. Instead the following message will be displayed and a default offline signature will be used.
Communication will be attempted for each following transaction and when communication is reestablished the following message will be displayed.
At this point it's necessary to to use the Cumulated Receipt to produce and retain a cumulated receipt.
Final Receipt
When the POS is removed from service it is necessary to use the menu button to produce and retain a final receipt.
DEP Export
If a store is audited by the Tax Authority the store manager may be asked to produce a DEP report for a POS. This can be done using the DEP Export button configured in the menu section.
The following screen will be shown to allow the operator to select a fiscal period for which to perform the DEP Export.
After selecting the required period and clicking OK the following message will be displayed and the export file will be written to the POS file system at: ???
Estate Manager Maintenance Process Flow
In addition to the general configuration, make the following changes to continue with the fiscal maintenance.
While configuring the below maintenance users should follow the same order mentioned in the document below. Although users have the flexibility of exporting the Fiscal POS Terminal through the File export maintenance and uploading via File import maintenance in Estate Manager. And these changes should broadcast to the appropriate Austrian devices.
Fiscal Type Maintenance
You will be directed to the Fiscal Type Maintenance, based on the fiscalisation type provided within the Fiscal Type Maintenance Menu.
In the General tab, enter a description for your fiscal type.
Then, in the Included Region tab, you can add regions to the fiscal type. Be sure to save your changes before exiting.
Fiscal POS Terminal Maintenance
Navigate Fiscal POS Terminal Maintenance click Create Fiscal POS Terminal button at the left bottom in Fiscal POS Terminal Maintenance page.
Select the relevant Device ID from the drop down menu and click Create
Navigate to the Attributes tab. Do the following configuration changes within the "AUSTRIA_FISCAL " attribute set. The data should follow the following format.
Set the DEVICE_STATUS: NEW
After saving the Fiscal POS Terminal, You can register the device in FON Service, using the configuration tab. You can access this tab by clicking the edit icon of the fiscal POS terminal.
"Register": This allows registering clients in the FON service and updates the device status to "REGISTERED" within the Fiscal POS Terminal Maintenance Attributes. This button will be visible only when the device status is "NEW".
"Register Manual Registration": This allows updating the device status to "REGISTERED" within the Fiscal POS Terminal Maintenance Attributes when client registration is done directly on the FON portal. This button will be visible only when the device status is "NEW".
"Set Device Out Of Service": This allows setting the device out of service in the FON service and updates the device status to "INACTIVE" within the Fiscal POS Terminal Maintenance Attributes. This button will be visible only when the device status is "REGISTERED".
"Record Manual Device Out Of Service": This allows updating the device status to "INACTIVE" within the Fiscal POS Terminal Maintenance Attributes when the device is set out of service directly on the FON portal. This button will be visible only when the device status is "REGISTERED".
"Set Device Back In Service": This allows setting the device back in service in the FON service and updates the device status to "ACTIVE" within the Fiscal POS Terminal Maintenance Attributes. This button will be visible only when the device status is "INACTIVE".
"Record Manual Device Back In Service": This allows updating the device status to "ACTIVE" within the Fiscal POS Terminal Maintenance Attributes when the device is set back in service directly on the FON portal. This button will be visible only when the device status is "INACTIVE".
"Decommission Device": This allows decommissioning clients in the FON service and updates the device status to "DECOMMISSIONED" within the Fiscal POS Terminal Maintenance Attributes. This button will be visible only when the device status is "REGISTERED", "INACTIVE", or "ACTIVE".
"Record Manual Device Decommissioning": This allows updating the device status to "DECOMMISSIONED" within the Fiscal POS Terminal Maintenance Attributes when client decommissioning is done directly on the FON portal. This button will be visible only when the device status is "REGISTERED", "INACTIVE", or "ACTIVE".
- Before decommissioning a POS, print the final receipt. Once the
receipt is printed, the device can be decommissioned in the EM.
In the Fiscal POS Terminal Maintenance, a new filter is introduced as Fiscalisation Type. Select the "Austria" as the fiscalisation type. Then austria fiscal type related all the fiscal pos terminals, their device status can be seen.
Bottom buttons in the Fiscal POS Terminal Maintenance
"Register All Unregistered POS Terminals" : This button registers the unregistered fiscal POS Terminals with FON service.