New Release – Fiscal Client 1.2.7.

The current version of the Fiscal Client – v. 1.2.7. – is available for download: https://www.retailforce.cloud/downloads/Version%201.2.7/. The version contains an important update for Austria (FiscalAT).

FiscalAT

Due to an error, the automatic annual receipt is not created correctly. This bug has been fixed in the current version. We recommend that all customers upgrade to the latest version so that the annual receipt can be checked correctly via FinanzOnline.

Furthermore, the reduced tax rates for all food and beverages in the catering sector, as well as services in the cultural sector, which were reduced to 5% in the course of the Corona measures, were set back to the original values of 10% and 13%.

Docker Hub

As of this version, the Docker container of the Fiscal Client can be downloaded directly from the Docker Hub. Below is the link to download: https://hub.docker.com/r/retailforce/trusted-fiscal-service.

Digital receipt

Another innovation concerns our “digital receipt” service. The delivery page for digital receipts can be adapted to the company’s own corporate design. We will be happy to support you in this. Please contact us via the contact form contact form, or send us an e-mail.

As usual, you will find all changes of version 1.2.7. in the Release-Notes.

Maintenance work FinanzOnline

Once again, the Austrian Ministry of Finance informs us about a FinanzOnline maintenance window: Extensive maintenance work (network, server, databases) will be carried out at the Federal Computing Centre on 22 January, 2022, between 09:00 and 19:00 CET. FinanzOnline is not available during this period. Furthermore, the operation of FinanzOnline may be disrupted outside this time, from 00:00 on Saturday 22 January 2022 to 23:00 on Sunday 23 January 2022.

As usual, the RetailForce system forwards any cash register messages (registrations, deregistrations, message of failed signature creation devices) to FinanzOnline as soon as the portal is available again without restrictions. We recommend that planned cash register registrations are carried out at a later date, if possible.

New year and new release

The coming turn of the year brings with it a change in the VAT regime in Austria. As part of the measures adopted by the federal government in the course of Corona, the VAT rates of 10% and 13% were temporarily reduced to a reduced rate of 5%. The measure applied to gastronomy, the hotel industry, the cultural sector as well as the publication sector. This temporary regulation expires at the end of the year. As of 01 January 2022, the old VAT rates pursuant to § 10 of the Value Added Tax Act (UStG 1994).

Cash register systems and other electronic recording systems must be converted accordingly in good time. The VAT department of the Federal Ministry of Finance (BMF) has issued a statement on the offsetting of services extending over the turn of the year.

Zitat: “For reasons of administrative economy, turnover in the hotel and catering sector that is exported during the night from 31 December 2021 to 1 January 2022 may be treated uniformly in accordance with the legal situation up to 31 December 2021 or in accordance with the legal situation from 1 January 2022.”

This means that hotels and restaurants that entertain guests in the night from 31.12.2021 until midnight and provide services that are not invoiced until after the turn of the year can choose whether to apply the reduced tax rate or the old one.

The new “old” VAT rates can be validated from version 1.2.7, which will be made available by us this week.

Version 1.2.6

Since this week, a new version of the Fiscal Client is available for download. As announced, the Fiskal Client is now available as a Docker Container on the Docker Hub: https://hub.docker.com/u/retailforce. Instructions for commissioning the container can be found on our support portal at: https://support.retailforce.cloud/hc/en-gb/articles/4413162938641-Linux-TrustedFiscalService-as-Docker-Container.

Significant new functions and improvements

  • Austria: the RestoreByCloud function now automatically checks whether the cash register is already registered in FinanzOnline. If this is not the case, the cash registration will be carried out.
  • Austria: to avoid rounding differences, VAT totals can be transmitted for the entire document (Document model version 1.0.3.)
  • General: the last saved document can be retrieved by the Fiscal Client

Furthermore, the error handling has been improved.

As always, you will find all changes, additions and improvements in the current Release-Notes.

Security breach “Log4Shell”

Currently, a critical vulnerability in the logging library for JAVA applications log4j is increasingly being used for cyber attacks. By logging a specific string, remote code execution is made possible. The security vulnerability is listed under the term “Log4Shell”. All RetailForce systems (RetailForce Cloud, Fiskal Client,…) are free of this security vulnerability, as no JAVA-based services are being used.

According to our information, the Fiscal Cloud Connectors (FCC) of Cloud TSEs of the providers swissbit and Deutsche Fiskal are affected by “Log4Shell”. According to swissbit / Deutsche Fiskal, external tools of the AZURE environment of the TSE web services as well as the central cloud applications were assessed according to the current state of the art and classified as non-critical. Physical TSEs (“hardware TSE”) are also not affected by the vulnerability.

Recommendation on the part of the Cloud TSE providers:

Check of the Fiscal Cloud Connector (FCC).
To immediately fix the vulnerability, we strongly recommend all customers to set the environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS=true on the account running the FCC application. The FCC service must then be restarted afterwards.
For all customers who cannot perform this procedure, we will provide an update of the FCC as soon as possible as version 3.2.4, which will perform the adjustment of the environment variables during the update process.

Statement DF on BSI CVE-2021-44228

Further information can be found in the BSI publication (“Critical vulnerability in log4j published”): https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2021/2021-549032-10F2.pdf?__blob=publicationFile&v=3

Complete statement / customer information of Deutsche Fiskal (DF):

Dear users of the Fiskal Cloud,
On behalf of DF Deutsche Fiskal GmbH, we would like to provide you with an update on the current security situation with regard to the security notice published by the BSI on 11.12.2021 (BSI: CVE-2021-44228).
DF Deutsche Fiskal GmbH also uses JAVA based services and therefore cannot exclude that its systems might be affected.
Within the scope of a task force the following measures have been defined and partly already implemented. Details on this as of 13.12.2021 are given below:

Check all external JAVA-based services/tools:
According to current knowledge, the security measures recommended by the BSI and the manufacturers have been implemented for the external tools in the AZURE environment.
(STAT 12/13/21: Done).

Check of Bundesdruckerei’s central TSE web service:
D-Trust GmbH, as a subsidiary of Bundesdruckerei and operator of the TSE web service, has confirmed in a preliminary information that the aforementioned “log4j logger” is not used in the central TSE web service environment.
(STAT 12/13/21: Done).

Check of all internal central Fiscal Cloud applications:
According to initial findings, the prerequisite for exploiting the vulnerability is that the Log4j 2 parameter “formatMsgNoLookups” must be set as a value of “false” and a Java Runtime 8 Update 191 or 11.0.1 or older is in use for the exploit to work. For newer versions, the exploited functionality is disabled by default by the Java Runtime.
However, since there are ways to bypass the JDK protection, all Fiscal Cloud services have been additionally reconfigured to prevent the exploit from working in order to increase security. Furthermore, in FCC version 4.0.0. the new library (from version 2.15) will be used to increase the protection again. die neue Bibliothek (ab Version 2.15) genutzt werden, um den Schutz nochmals zu erhöhen.
(STAT 12/13/21: Done).

Check of the Fiscal Cloud Connector (FCC).
To immediately fix the vulnerability, we strongly recommend all customers to set the environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS=true on the account running the FCC application. The FCC service must then be restarted afterwards.
For all customers who cannot perform this procedure, we will provide an update of the FCC as soon as possible as version 3.2.4, which will perform the adjustment of the environment variables during the update process.

We are continuing the analyses and as soon as new findings are available, we will inform you immediately.

With kind regards
Your DF Support Team

Important Fiscal Cloud customer information / statement DF on BSI CVE-2021-44228

We recommend that all users of the Fiscal Cloud Connector take the steps recommended by DF to close the vulnerability.

Current release – Fiscal Client v. 1.2.5.

As of today, the new version 1.2.5. of our Fiscal Client is available for download at https://retailforce.cloud/downloads/. IIn this version we have extended and improved the integration possibilities of the Fiscal Client for different operating systems. You can also access the preview version of the licence accounting in the RetailForce portal.

Docker Container

The RetailForce Fiscal Service is now available as a Docker container for the country implementations Germany and Austria. If you are interested in the implementation via Docker, please contact us by (office at retailforce dot cloud) or via our Solution Center (RetailForce Software GmbH).

For Germany, the following technical security devices (TSE) are supported under Linux:

  • swissbit Cloud TSE
  • fiskaly Cloud TSE (v. 2.0)

From the upcoming version 1.2.6. the Docker Container will be available on Docker Hub.

Fiskal Service as nuget package

As a further integration variant, we are now providing the Fiscal Service as a nuget package. You can find the packages in the nuget-store at: https://www.nuget.org/profiles/RetailForceDevelopment.

Fiskaly 2.0

The integration of the Fiskaly Cloud TSE into the Fiscal Service has been completed and can also be used as of v. 1.2.5. If you use the automatic configuration of the Fiscal Clients (ConfigClient byCloud), the fiskaly Cloud TSEs are automatically provisioned via the RetailForce Cloud and stored in the Fiscal Client.

Preview for v 1.2.6.

In the next release, we plan to include the following features and functions, among others:

  • Support swissbit hardware TSE under Linux (Docker Container)
  • Deploy Docker Containers on Docker Hub

All detailed information about the new version can be found in the Release notes.

RKSV certificates expire

After five years, some certificates of the signature and seal creation units used within the framework of the Cash Register Security Ordinance (RKSV) in Austria are now expiring. The signature or seal creation unit is part of the technical security device with which every cash register must be equipped since 1 April 2017. The three Austrian trust service vendors (TSV) that issue RKSV signature creation devices (a-trust, Globaltrust and PrimeSign) have each given their RKSV products different certificate validities. While PrimeSign and a-trust certificates are issued for a period of 5 years, Globaltrust offers its RKSV signature smart cards with a validity period of 3, 5 or 10 years.

Continued use of expired certificates

Expired certificates may continue to be used regularly in normal cashiering operations according to § 15 para. 3, provided that the signature algorithm in the certificate is considered secure. Currently, there is no information that the algorithm would be considered unsafe.

Commissioning of new cash registers

However, if a cash register is to be put into operation for the first time, a new signature or seal creation unit with an unexpired certificate must be used. Otherwise, the registration will be rejected by FinanzOnline.

HSM / Remote Signing

In addition to the signature smart cards, the a-trust signature service of the 1st generation is also affected by the certificate expiry. The online certificates were issued with a validity of 5 years at the time of introduction and are no longer renewed. a-trust discontinues its old signature service (a.sign RK Online). As an alternative, a-trust offers the signature service (2nd generation) a.sign RK HSM. RemoteSigning certificates from PrimeSign are not affected. The provider always automatically extends the validity of the HSM certificates by one year.

What to do?

If the certificates of your signature or seal creation units expire in the coming year, we will be happy to advise you on an exchange. Contact us via our contact form, or via email at office at retailforce dot cloud.

Firmware Update Swissbit Hardware TSE

A firmware upgrade is available for the Swissbit hardware TSE. We recommend that all customers who use a Swissbit hardware TSE in Germany to comply with the KassenSichV and received it before 01 July 2021 upgrade to the current firmware. According to swissbit, the new firmware (version 1.1.0.) increases product reliability and should be installed to prevent hardware defects that may occur in rare cases.

The functionality of the TSE is not affected by the firmware update, downward compatibility is confirmed by swissbit. The testing of the new software version by the BSI has already been successfully completed.

Replacement of TSE, in case of hardware defects will only be carried out if they already contain the new firmware. In principle, Swissbit only delivered TSEs with the new firmware version after 01 July 2021. Due to scheduling overlaps in hardware shipping, it cannot be ruled out that TSEs with older firmware still arrived at customers shortly after 01 July.

We therefore recommend checking the firmware version of swissbit hardware TSEs in use.

We have created a solution article for you in the RetailForce Support Portal, which describes how to check the firmware version of the TSE and perform the firmware update. You can find the article at: https://support.retailforce.cloud/hc/de/articles/4411327044497-Firmware-Update-swissbit-Hardware-TSE-1-1-0-

The new firmware version can be found in the download section of the RetailForce website at: https://www.retailforce.cloud/downloads/Swissbit/TseFirmwareUpdate/

2nd November Maintenance window FinanzOnline

The Austrian Federal Ministry of Finance informs about extensive maintenance work on the network, servers and databases at the Federal Computing Centre and asks for your understanding. Due to this maintenance work, the FinanzOnline portal will not be available on Saturday 20 November 2021 in the period from 09:00 to 20:00 CET. Furthermore, the operation of FinanzOnline may also be affected outside of this period, from Saturday 20.11.2021, 0:00 hrs to Sunday 21.11.2021, 23:00 hrs.

As usual, the RetailForce system forwards any cash register messages (registrations, deregistrations, message of failed signature creation devices) to FinanzOnline as soon as the portal is available again without restrictions. We recommend that planned cash register registrations are carried out at a later date, if possible.

New release of the Fiscal Client – Version 1.2.4.

On 17.11.2021 we unscheduledly published a new release of the Fiscal Client – version 1.2.4. The version is dominated by the Swissbit hardware TSE in the USB form factor.

Seamless TSE exchange

The current update enables a seamless replacement of the swissbit Micro USB TSE if, for example, the certificate has expired. All data on the TSE can be exported. After the new TSE has been plugged in, cashiering can continue without interruption. The function is also available for defective TSEs. If no more data can be retrieved from the memory of the TSE, however, it must be confirmed to continue working without exporting data. Furthermore, improvements to the daily TAR file backup have been implemented in the current version of the middleware.

Firmware Update TSE

The new version 1.2.4. offers a function to upgrade the firmware of the swissbit Micro USB TSE to a new version. The update must be carried out intentionally.

Client recovery

Another security feature is the new Restore by Cloud function. This enables the complete recovery of a Fiscal Client after a hardware defect of the cash register.

Config by Cloud

Furthermore, we have improved the well-known function of configuring Fiscal Clients centrally in the RetailForce Cloud so that configurations can now be validated. After creating a configuration, it can be checked in the terminal view whether the configuration would run without errors when downloaded by an installed client or whether it would lead to an error.

As always, you can find an overview of all changes and improvements in the release notes for the new version at: https://www.retailforce.cloud/downloads/Version%201.2.4/ReleaseNotes1.2.4.md

Fiscal Client – new version 1.2.3.

The new version of the Fiscal Client (v. 1.2.3.) has recently been made available for download at https://retailforce.cloud/downloads/ .

Especially for fiscalisation in Germany, version 1.2.3. is providing several stability fixes. We therefore recommend that all our clients upgrade their installed clients to the latest version. Furthermore, we have significantly improved the start-up time of the client compared to previous versions.

In the RetailForce Cloud, some monitoring functions have been added in the area of notification. Please check whether a technical contact has actually been defined at the organisation so that notifications – e.g. about the expiry of TSE certificates, TSE failures, etc. – are also forwarded to the appropriate persons within the organisation.

The display of digital receipts in the RetailForce portal has been supplemented with further search and filter criteria (available from product “Digital Voucher – Professional”). In addition, the receipt display has been visually improved.

All changes can be found, as usual, in the Release Notes at: https://www.retailforce.cloud/downloads/Version%201.2.4/ReleaseNotes1.2.4.md.