Most local POS systems employ a standard network protocol known as FTP, or file transfer protocol, to transmit files or data by batches between computers or between your server and POS stations via the Internet.
FTP is a four-decade old free technology. However, the concern is about security on your IT infrastructure.
Data Security
When data is exchanged between your server and POS terminals using FTP, your sensitive data including user name and password are not encrypted and transmitted over the Internet in human-readable clear text. This makes your sent data vulnerable to data sniffing by outsiders easily accessing your sales revenues, inventory costs, customer details and other information present in each file.
Computer Network Security
When your server and remote POS terminals are connected via the Internet without Virtual Private Network (VPN), your network of computers are vulnerable to Internet threats besides data sniffing when ports are opened on your firewall to the public.
Therefore, securing your IT infrastructure with VPN is paramount.
About VPN
A virtual private network is a technology that creates an encrypted connection over a less secure network. The benefit of using a VPN is that it ensures the appropriate level of security to the connected systems when the underlying network infrastructure alone cannot provide it.
VPN uses a public telecommunication infrastructure like the Internet to provide remote users secure access to their organization's network. A VPN client on the remote user's computer or mobile device connects to a VPN gateway on the organization's network, which typically requires the device to authenticate its identity, then creates a network link back to the device that allows it to reach internal network resources (e.g., MS SQL database on the central server) as though it was on that network locally.
IRMCS leverages VPN technology to help protects our clients' network of server, computers and POS terminals. This also serves to protect their customers' personal information at the same time adhering to the Personal Data Protection Act 2012.