Slashdot Mirror

← Back to Stories (view on slashdot.org)

Norway Tax Auditors Want To Open Source Cash Registers To Combat Fraud

Posted by Soulskill on from the open-source-the-cashiers-while-you're-at-it dept.

Qedward writes "The Norwegian Ministry of Finance seems to be taking a bit of stick at the moment. It wants all the existing cash registers in the country thrown out and replaced with new ones. Not surprisingly, this massive upgrade is not popular. But it is apparently being pushed through in an attempt to prevent cash registers' figures being massaged downwards in use so as to reduce tax. The Norwegian association of tax auditors said: 'The source code must be opened.' 'Without source code it is not possible to determine whether or "hidden" functionality exists or not. Just knowing that the tax authorities have access to the source code of the application, will reduce the effort to implement hidden functionality in the software.'"

6 of 161 comments (clear)

  1. Re:Of course, It begs the question... by whoever57 · · Score: 4, Informative

    I had a friend who installed POS systems in small businesses for a living. At restaurants, the most important feature of any POS system was the ability to make a table disappear out of the records.

    --
    The real "Libtards" are the Libertarians!
  2. Re:Just releasing the source may not fix it by Anonymous Coward · · Score: 5, Informative

    Are there examples of cash registers which are running code which have illegal, hidden functionality?

    Oh yes; here in Sweden there was registers that had hidden features that could be activated in order to reduce the reported sums/amount of transactions by the users choice. Typically used in restaurants/bars. Since a couple of years all registers have to certified and connected to a 'black box' supplied by our equivalent to the IRS.
    There was also frequent manipulation of the meters in taxis.

  3. Re:Of course, It begs the question... by Interfacer · · Score: 5, Informative

    Far from dodgy companies. This is a common feature in many (all?) cash registers used in small business, especially restaurants.
    I know people who work in restaurants, and they told me that this is a public secret.

    The way it works is that at the end of the day, you can make the register change the numbers by an amount or a percent. Ther register will then do the math to change the number of coffees served and muffins sold and things like that. It does this so that the numbers still make sense and correlate with expected ratios.
    At that point, the business day is closed, the register is printed, and you get some money out of the till under the table. If the inspectors should come in during the day, you can just print whatever the current status is, which will then be immutable at the end of the business day to avoid discrepancies.

    This functionality is not advertized in writing, but all sales persons know about it and know how they can explain this to the owners. All major registers have features like this, and I can understand why the inspectors would require open source. Because skimming money becomes an order of magnitude more difficult if you don't have a register to help you create a phony audit trail.

  4. Re:How exactly are the 'massaging' the numbers? by vlad30 · · Score: 4, Informative
    10-15 years ago I also wrote some POS software and it opened my eyes to the way many cash businesses operate. I was asked specifically to add by many of the businesses to add a "reduction feature" which I politely refused to do I would say 80% of potential sales were lost for this one reason. On competitor software they often demonstrated this feature would delete a percentage of completed cash transaction before the End of Month commit and rollover so auditing the data would show nothing this was so pervasive the owners of a franchise with at the time 350 + franchisees also requested it

    On the other hand business who bought and used my software found much of their income was being fudged by employees usually through cancelled transactions. When a customer pulls out cash and says no receipt necessary the transaction is cancelled an the cash pocketed.

    --
    Your'e all thinking it, I just said it for you
  5. Re:Like the Nevada rules for slot machines by storkus · · Score: 3, Informative

    I was a slot mechanic in the mid-late 90's in Nevada. Much of what was written in the parent message is new to me, but matches what we were doing back then with older tech. One thing to remember about selling a gaming machine in Nevada: the saying is, "If you can pass inspection in Nevada, you can pass anywhere." Nevada's Gaming requirements are simply the toughest in the world, and are why many machine manufacturers you might see at Indian casinos are not found in Nevada, and conversely why those that do almost always have an office there.

    In the two casinos I worked for, we would keep "master" ROMs along with a dual-slot programmer in the vault. During inspections by the Nevada Gaming Commission (NGC), every time during large jackpots, or if a machine was paying out too much (percentage was too high), we would turn off the machine, open up mobo box (which was lockable, though this was only done at the casinos I worked at for Megabucks--this was an IGT and NGC requirement, and the only non-cash locks we didn't have keys for on the floor), pull the ROM out of the machine and do a direct compare to the master via the programmer--no PC needed. The master ROMs themselves could be compared to a master ROM that the manufacturer and NGC had; both also had the source code, as manufacturers have to give the source to NGC (but not the casinos).

    We got some newer machines later that didn't run on 8051's: Bally Game Makers were relatively new at the time I was working my first casinos, and VLC and Williams were just getting into it by the time I left; Odyssey came out in between, which was the first (AFAIK) platform based on a PC. With the former machines, if I remember right, we just checked CRC's printed on a screen. I'm sure there was a better way, but if there was, I don't remember it; with the Odyssey, I never knew what you would verify it with: I'm assuming comparing one drive to another since it didn't have a CD-ROM and was pre-USB and such. It really didn't matter because, despite being so over priced (IMHO), they were never connected to any progressives and only had standard jackpots (under the $1,200 IRS-reporting limit, if I remember correctly).

    WRT the cash machine problem, the issue is not whether you can open-source the software, but that the binaries are unaltered that are running on the machine. Most of you here on /. deal with this every day, and the method of simply running a hash on the ROM and comparing it to the "accepted" compile of the open software is all you need to prove it hasn't been tampered with. Sure, it can be replaced, but if the inspections are by surprise, they won't have time; alternately, you can do what they do with CB's here in the US and pot the shit out of the ROM--at that point, an inspection need not be more than visual.

  6. Re:Of course, It begs the question... by daem0n1x · · Score: 3, Informative

    Here in Portugal, the government has mandated all cash-registers to run certified programs that regularly upload transaction data to our Tax Authority.

    Tax evasion has always been blatantly huge in restaurants, bars and cafés. It's no wonder the restaurant associations are up in arms with this. They've declared war on card payments too, which is something that pisses me off. They claim the bank rates are too high, but guess what the real reason is?

    Just like the constructions business, they've had practically a licence to print money during the latest decades. Now with the economic crisis, they're going down the toilet. I'm not shedding a tear for them. I just pity their poor employees that will be out of work and are certainly not finding another anytime soon. They had shit-paid, stressful, long-hour jobs, but it's better than no job.