PUBLIC NOTICE No 52 - GUIDE FOR PURCHASE AND INSTALLATION OF FISCAL DEVICES  
 

 

1. What type of device should I use?

Every person or company that uses a computer accounting system for Business to Business transactions and issues financial documents such as invoices and transport documents need to fiscalize the procedure by the use an appropriate of Special Secure Fiscal Device for Record Signing – SSFDRS which in this case is the Electronic Signature Device – ESD only.
Persons or Companies that issue exclusively retail receipts are not obliged to use SSFDRS but can use Fiscal Cash Registers or Printers. They may, however, be required to use SSFDRS instead if they use a Personal Computer - PC to issue retail receipts.
Persons or Companies that issue both retail receipts and financial documents using a PC have to use an SSFDRS for all documents for the retail receipts and SSFDRS for the invoices and other accounting documents.
Persons who issue only hand written retail receipts will begin to use Electronic Tax Registers – ETR to generate fiscal receipts.
Retailers issuing hand written financial documents will be required issue receipts using ETR to be attached to the hand written invoice.
Persons or Companies that issue only retail receipts using a computer may use Fiscal Printers and keep electronic copies of the retail transactions instead of paper copies. The Fiscal Printer with Electronic Journal is approved if its specifications are as described below.

2. What are the software and hardware specifications of a SSFDRS?

Hardware Specifications

An SSFDRS is a PC peripheral device that contains one printer, a simple keyboard and display and offers at least one serial port and one Ethernet port for connection with the host PC.
An SSFDRS has a fiscal memory securely fitted permanently inside the plastic case and the plastic case is sealed exactly like the Fiscal Cash Register is sealed.
The keyboard and display should allow the tax inspection teams from KRA, using the SSFDRS detached from the PC, to get printouts of the contents of the fiscal memory showing the electronic signatures that are kept in fiscal memory for each working day.
The internal working memory of the SSFDRS has to have the capacity to hold at least 10,000 single document signatures before it requires a Z signature.
The SSFDRS as a PC peripheral does not need an internal battery for operation without mains power, but it must have adequate internal battery so that it will not lose any data during sudden power failures and be also supplied with internal Real Time Clock that will keep time even when the device is turned off.
The display of the device must be alphanumeric and provide easy to understand messages for the user and tax inspection authorities.
The network configuration of stand alone where one computer shall operate a single SSFDRS. Sharing of SSFDRS is not permissible.

Software Specifications

The SSFDRS, being a PC peripheral device, can only get approval if it is accompanied by software capable of the following:
An SSFDRS has to be accompanied by appropriate Software Driver for Windows 98, 2000 and XP allowing the easy installation and operation of the device in such operating environments.
The above Software Drivers have to communicate with the SSFDRS, capture data from windows applications running on the PC, get the electronic signature for each document, create electronic copies in the form of files in the PC for every document and each relative signature, provide for automatic backup of such files and handle the end-of-day Z report and signature files.
An SSFDRS has to be accompanied also by software libraries that allow Software Developers to modify their software using the libraries so that they can integrate the Fiscal Electronic Signature Operation with new versions of their software.
Fiscal SSFDRSs must use international standard algorithm SHA-1 to produce the electronic signature of one entire financial document whether this may be a one line text document or a multi-paged document.

3. Back up of PC data

  • 3.1 Any PC that uses the SSFDRS as it fiscal peripheral must be backed up on a daily basis. The responsibility of the trader is to maintain two copies of data processed by their PC. Technically a backup should occur after a record has been issued a signature by the SSFDRS. This is Compulsory.


  • 3.2 KRA shall enforce the daily backing up of PC information as the day’s ‘Z’ signature report is taken at close of day.

4. FED – Fiscal Electronic Devices security requirements: that

  1. The ETR stores reconnection reports each time the Fiscal Memory may be disconnected either for service or maliciously. Such is evidence in the court of law. The reconnection reports shall include time/date stamp of the event,


  2. The ETR dates are rendered irreversible. This ensures integrity of records so that no room for backdating shall exist,


  3. The ETRs shall enforce Password Controls during servicing. The delegation proposed a user password length of six or more characters, supervisor password length of sixteen or more characters both of which must enforce character and digits combination as well as password expiry,


  4. The ETR shall kick out a service man after 3 failed login attempts. This is a measure to frustrate hackers.


P.B.O. ODENY
SENIOR DEPUTY COMMISSIONER, TAX PROGRAMS


  
 
 
 
Copyright © 2004, Kenya Revenue Authority. All Rights Reserved.