Retail Network Infrastructure: Keeping POS Online and Customers Connected
A retail network failure is not just an IT problem — it stops sales. POS downtime costs $5,000–$20,000 per hour in a mid-size retail operation. And as inventory, loss prevention, loyalty, and customer-facing technology all run over the network, the stakes keep rising.
## Core Retail Network Requirements
Retail networks have four primary functions that must work reliably together:
1. **Point-of-Sale (POS):** Payment processing, inventory lookup, customer order management
2. **Loss prevention:** IP security cameras, access control, EAS (Electronic Article Surveillance) systems
3. **Guest Wi-Fi:** Customer-facing SSID for loyalty app access, in-store navigation, and satisfaction
4. **Back-office operations:** Inventory management, staff communications, office functions
These four functions must be on separate, properly secured network segments.
## POS Network Design
POS is the highest-priority function on a retail network. If the register cannot process cards, the store cannot sell:
POS VLAN requirements:
- Isolated from all other traffic (PCI DSS requirement) - Redundant internet connectivity (primary fiber + LTE failover) - Firewall allowing only authorized POS-to-payment processor communication - No guest devices, no camera traffic, no general internet browsing on POS VLAN - Jumbo frames and QoS prioritization for payment traffic
Redundant connectivity is non-negotiable:
A single internet circuit that goes down takes the entire store offline. A 4G/5G LTE failover that automatically activates within 30 seconds of outage detection is essential insurance.
POS terminal security:
- Change from default credentials - Remove unnecessary network services from POS OS - Whitelist only payment processor and inventory management IPs - Physical tamper-evident seals on POS hardware
## Loss Prevention Network Design
IP Camera requirements:
- Dedicated surveillance VLAN, isolated from POS and guest - NVR on surveillance VLAN — cameras communicate only to NVR - RAID storage with minimum 30-day retention (90+ days for high-theft areas) - Outdoor cameras: IP66 rated, PoE for power simplicity - Motion analytics APs where camera coverage overlaps for traffic heat mapping
Access control integration:
- Badge readers on management VLAN - Integration with loss prevention CCTV for event correlation
## Guest Wi-Fi Design
Customer Wi-Fi should be genuinely good — not an afterthought: - Minimum 25 Mbps guaranteed per device during peak hours - Simple on-boarding (loyalty app single sign-on or one-click accept-terms) - Complete isolation from POS and back-office VLANs - Bandwidth management to prevent one user from monopolizing the circuit - Separate SSID for staff devices (employee SSID, isolated but higher trust than guest)
Marketing value: Guest Wi-Fi with loyalty app integration enables: - In-store push notifications when loyalty app is connected - Visit frequency tracking - Personalized offers based on location within the store
## Internet Redundancy for Retail
Recommended setup:
- Primary: Business fiber (25–100 Mbps symmetric minimum per location) - Failover: 4G/5G LTE at dedicated business data (not shared consumer plan) - SD-WAN or dual-WAN router for automatic detection and failover under 30 seconds
ISP diversity:
If both your primary fiber and LTE use the same physical infrastructure (e.g., both Verizon), a physical conduit cut could take both out. Where possible, use different carriers.
Critical consideration:
LTE data caps can be exhausted quickly if used for general internet traffic during an outage. Configure LTE failover to carry POS traffic only, with bandwidth shaping to prevent backup exhaustion.
## Multi-Location Retail Consistency
Multi-location retailers need consistent network standards across all locations:
- **Standardized hardware SKUs:** Same switches, APs, and firewalls at every location for simplified support
- **Centralized cloud management:** Cisco Meraki, Aruba Central, or Juniper Mist for single-pane visibility of all locations
- **Template-based activation:** New location is configured from template, not from scratch
- **Remote visibility:** IT can see status of every POS, every camera, every AP from HQ
Best-in-class for multi-location retail:
Cisco Meraki (full stack: switch, firewall, AP, cameras) with cloud management is the most common choice for retailers with 5+ locations.
## PCI DSS Compliance Checklist for Retail
- [ ] POS on isolated VLAN with firewall between POS and all other VLANs
- [ ] Network segmentation verified by quarterly internal vulnerability scan
- [ ] Unique user credentials on all POS systems (no shared accounts)
- [ ] MFA for all remote access to POS network
- [ ] Quarterly ASV scan by approved scanning vendor
- [ ] Annual security awareness training for store staff
- [ ] Daily physical inspection of POS terminals for skimming devices
- [ ] Change management policy for any changes to POS environment
Summit DNC designs and deploys retail network infrastructure for single-location boutiques through multi-state chains across California, Nevada, and Arizona. We specialize in PCI-compliant, high-availability designs that keep registers running.
Related Comparisons
Industries We Serve
Related Articles
PCI DSS Network Segmentation: Reducing Your Compliance Scope
Network segmentation is the most effective way to reduce PCI DSS compliance scope and cost. Learn how to properly segment your cardholder data environment.
CybersecurityIT Compliance Frameworks Explained: HIPAA, PCI DSS, SOC 2 Implementation Guide
A practical implementation guide for the most common IT compliance frameworks — HIPAA, PCI DSS, and SOC 2 — with actionable steps for each requirement.
CompliancePCI DSS Compliance: IT Requirements for Retail and E-Commerce Businesses
Understand PCI DSS compliance requirements for businesses that process credit card payments. Covers network segmentation, encryption, access controls, and logging.
Need Help With Your Infrastructure Project?
Summit DNC designs and deploys the systems covered in this article. Contact us for a free consultation.