Back to articles

The Internet Went Down During the Rush—Can Your POS Keep Selling Without Losing Data?

An internet outage should not force a store to stop trading, duplicate sales, lose payments, or corrupt inventory. Learn how a modern POS should handle offline transactions, local device storage, payment limits, receipt numbering, stock conflicts, delayed sync, and recovery testing.

The Internet Went Down During the Rush—Can Your POS Keep Selling Without Losing Data?

The Internet Went Down During the Rush—Can Your POS Keep Selling Without Losing Data?

An internet outage should not force a store to stop trading, duplicate sales, lose payments, or corrupt inventory. Learn how a modern POS should handle offline transactions, local device storage, payment limits, receipt numbering, stock conflicts, delayed sync, and recovery testing.

Offline Mode Is a Business Continuity Feature, Not a Checkbox

Offline mode is not simply a screen that keeps accepting button presses after the internet disappears. It is a complete continuity design covering catalog availability, prices, taxes, staff access, payments, receipts, local storage, inventory movement, and later synchronization.

The system should define exactly which actions remain available offline. Basic sales may continue, while customer creation, gift-card lookup, loyalty redemption, permission changes, online order checks, or high-value refunds may be restricted because they depend on central data.

Consider a real outage scenario: Offline mode is not simply a screen that keeps accepting button presses after the internet disappears. It is a complete continuity design covering catalog availability, prices, taxes, staff access, payments, receipts, local storage, inventory movement, and later synchronization. Local records should include item lines, price, tax, discounts, tender, employee, device, branch, time, sequence, and sync status. Sensitive data should be encrypted and access should remain role-based even without the server. The POS should apply offline payment limits by amount, customer risk, card type, device, branch, and duration of the outage. Staff need a clear signal that approval is provisional rather than guaranteed. The workflow should be tested with cash, an offline card attempt, a device restart, two terminals selling the same low-stock item, a central price change, duplicate sync retry, and a refund before upload.

Consider a real outage scenario: When connectivity returns, synchronization should happen in a controlled queue. The POS must upload transactions, confirm acceptance, update local status, and retry failures without losing the original record. Duplicate identifiers create serious problems when syncing because two different sales may appear to be the same event. The system also needs idempotency so retrying an upload does not create a second sale. The system should define exactly which actions remain available offline. Basic sales may continue, while customer creation, gift-card lookup, loyalty redemption, permission changes, online order checks, or high-value refunds may be restricted because they depend on central data. The workflow should be tested with cash, an offline card attempt, a device restart, two terminals selling the same low-stock item, a central price change, duplicate sync retry, and a refund before upload.

Local Transactions Need Durable and Encrypted Storage

Every offline transaction must be written immediately to durable local storage. It should survive an app restart, device battery failure, accidental logout, or temporary crash. A transaction that exists only in memory is not a transaction the business can trust.

Local records should include item lines, price, tax, discounts, tender, employee, device, branch, time, sequence, and sync status. Sensitive data should be encrypted and access should remain role-based even without the server.

Consider a real outage scenario: Local records should include item lines, price, tax, discounts, tender, employee, device, branch, time, sequence, and sync status. Sensitive data should be encrypted and access should remain role-based even without the server. Receipt numbers, order numbers, and transaction IDs must remain unique across devices. A safe design can reserve number ranges per device or combine branch, device, date, and local sequence. Every offline transaction must be written immediately to durable local storage. It should survive an app restart, device battery failure, accidental logout, or temporary crash. A transaction that exists only in memory is not a transaction the business can trust. The workflow should be tested with cash, an offline card attempt, a device restart, two terminals selling the same low-stock item, a central price change, duplicate sync retry, and a refund before upload.

Payments Require Separate Offline Risk Rules

Card payments are different from cash sales. Some providers support store-and-forward or offline authorisation, but the merchant may carry the risk if the card is later declined, stolen, over limit, or unverifiable.

The POS should apply offline payment limits by amount, customer risk, card type, device, branch, and duration of the outage. Staff need a clear signal that approval is provisional rather than guaranteed.

Consider a real outage scenario: The system should define exactly which actions remain available offline. Basic sales may continue, while customer creation, gift-card lookup, loyalty redemption, permission changes, online order checks, or high-value refunds may be restricted because they depend on central data. When connectivity returns, synchronization should happen in a controlled queue. The POS must upload transactions, confirm acceptance, update local status, and retry failures without losing the original record. Offline mode is not simply a screen that keeps accepting button presses after the internet disappears. It is a complete continuity design covering catalog availability, prices, taxes, staff access, payments, receipts, local storage, inventory movement, and later synchronization. The workflow should be tested with cash, an offline card attempt, a device restart, two terminals selling the same low-stock item, a central price change, duplicate sync retry, and a refund before upload.

Consider a real outage scenario: Duplicate identifiers create serious problems when syncing because two different sales may appear to be the same event. The system also needs idempotency so retrying an upload does not create a second sale. Every offline transaction must be written immediately to durable local storage. It should survive an app restart, device battery failure, accidental logout, or temporary crash. A transaction that exists only in memory is not a transaction the business can trust. Receipt numbers, order numbers, and transaction IDs must remain unique across devices. A safe design can reserve number ranges per device or combine branch, device, date, and local sequence. The workflow should be tested with cash, an offline card attempt, a device restart, two terminals selling the same low-stock item, a central price change, duplicate sync retry, and a refund before upload.

Consider a real outage scenario: Conflicts may include an item sold offline that was also sold online, a price changed centrally during the outage, a customer edited on another device, or a refund attempted against a transaction not yet uploaded. Conflict rules should be explicit and visible. Offline mode is not simply a screen that keeps accepting button presses after the internet disappears. It is a complete continuity design covering catalog availability, prices, taxes, staff access, payments, receipts, local storage, inventory movement, and later synchronization. When connectivity returns, synchronization should happen in a controlled queue. The POS must upload transactions, confirm acceptance, update local status, and retry failures without losing the original record. The workflow should be tested with cash, an offline card attempt, a device restart, two terminals selling the same low-stock item, a central price change, duplicate sync retry, and a refund before upload.

Receipt and Order Numbers Must Stay Unique

Receipt numbers, order numbers, and transaction IDs must remain unique across devices. A safe design can reserve number ranges per device or combine branch, device, date, and local sequence.

Duplicate identifiers create serious problems when syncing because two different sales may appear to be the same event. The system also needs idempotency so retrying an upload does not create a second sale.

Consider a real outage scenario: Card payments are different from cash sales. Some providers support store-and-forward or offline authorisation, but the merchant may carry the risk if the card is later declined, stolen, over limit, or unverifiable. Dashierly or any POS should make an outage boring rather than chaotic. Staff should know what still works, what is restricted, how risk is shown, and how every transaction will safely reach the central system later. Conflicts may include an item sold offline that was also sold online, a price changed centrally during the outage, a customer edited on another device, or a refund attempted against a transaction not yet uploaded. Conflict rules should be explicit and visible. The workflow should be tested with cash, an offline card attempt, a device restart, two terminals selling the same low-stock item, a central price change, duplicate sync retry, and a refund before upload.

Synchronization Must Resolve Conflicts Transparently

When connectivity returns, synchronization should happen in a controlled queue. The POS must upload transactions, confirm acceptance, update local status, and retry failures without losing the original record.

Conflicts may include an item sold offline that was also sold online, a price changed centrally during the outage, a customer edited on another device, or a refund attempted against a transaction not yet uploaded. Conflict rules should be explicit and visible.

Consider a real outage scenario: Every offline transaction must be written immediately to durable local storage. It should survive an app restart, device battery failure, accidental logout, or temporary crash. A transaction that exists only in memory is not a transaction the business can trust. The system should define exactly which actions remain available offline. Basic sales may continue, while customer creation, gift-card lookup, loyalty redemption, permission changes, online order checks, or high-value refunds may be restricted because they depend on central data. Duplicate identifiers create serious problems when syncing because two different sales may appear to be the same event. The system also needs idempotency so retrying an upload does not create a second sale. The workflow should be tested with cash, an offline card attempt, a device restart, two terminals selling the same low-stock item, a central price change, duplicate sync retry, and a refund before upload.

Consider a real outage scenario: Receipt numbers, order numbers, and transaction IDs must remain unique across devices. A safe design can reserve number ranges per device or combine branch, device, date, and local sequence. Conflicts may include an item sold offline that was also sold online, a price changed centrally during the outage, a customer edited on another device, or a refund attempted against a transaction not yet uploaded. Conflict rules should be explicit and visible. Dashierly or any POS should make an outage boring rather than chaotic. Staff should know what still works, what is restricted, how risk is shown, and how every transaction will safely reach the central system later. The workflow should be tested with cash, an offline card attempt, a device restart, two terminals selling the same low-stock item, a central price change, duplicate sync retry, and a refund before upload.

Consider a real outage scenario: Stores should test outages deliberately: disconnect the router, make cash and card sales, restart the device, switch users, print receipts, reconnect, inspect duplicates, verify inventory, and compare payment settlement. The POS should apply offline payment limits by amount, customer risk, card type, device, branch, and duration of the outage. Staff need a clear signal that approval is provisional rather than guaranteed. Local records should include item lines, price, tax, discounts, tender, employee, device, branch, time, sequence, and sync status. Sensitive data should be encrypted and access should remain role-based even without the server. The workflow should be tested with cash, an offline card attempt, a device restart, two terminals selling the same low-stock item, a central price change, duplicate sync retry, and a refund before upload.

Recovery Should Be Tested Before the Next Outage

Stores should test outages deliberately: disconnect the router, make cash and card sales, restart the device, switch users, print receipts, reconnect, inspect duplicates, verify inventory, and compare payment settlement.

Dashierly or any POS should make an outage boring rather than chaotic. Staff should know what still works, what is restricted, how risk is shown, and how every transaction will safely reach the central system later.

Consider a real outage scenario: The POS should apply offline payment limits by amount, customer risk, card type, device, branch, and duration of the outage. Staff need a clear signal that approval is provisional rather than guaranteed. Card payments are different from cash sales. Some providers support store-and-forward or offline authorisation, but the merchant may carry the risk if the card is later declined, stolen, over limit, or unverifiable. Card payments are different from cash sales. Some providers support store-and-forward or offline authorisation, but the merchant may carry the risk if the card is later declined, stolen, over limit, or unverifiable. The workflow should be tested with cash, an offline card attempt, a device restart, two terminals selling the same low-stock item, a central price change, duplicate sync retry, and a refund before upload.

Keep reading