Listrak's FTP service supports several protocols. We offer FTP, FTPS, and SFTP. FTP is a basic file transfer protocol which is easy to implement, but not secure. Listrak offers FTP mostly for the convenience of its customers, but does suggest the use of the FTPS or SFTP protocol instead for security reasons.
The FTP Protocol offers very little security but is easy to implement. The recommended use of FTP is for customers who are not uploading Personally Identifiable Information (PII). Listrak recommends a secure offering using FTPS or SFTP, as detailed below.
Listrak's File Transfer Environment supports FTP Explicit Security (FTPES). This protocol is essentially FTP encapsulated in Transport Layer Security (TLS). The current minimum supported TLS version for Listrak's FTPES implementation is TLS 1.1.
FTPS is an accepted secure protocol according to PCI-DSS 3.2.1, and therefore recommended for any website requiring PCI Compliance. FTPES can be difficult to implement because of a passive mode port configuration, which moves data channels to a high port range.
SSH File Transfer Protocol (SFTP), allows for more advanced security features. Similar to FTPS, SFTP is secure end-to-end and is an accepted secure protocol according to PCI-DSS 3.2.1 for any website requiring PCI Compliance. The current minimum supported TLS version for Listrak's SFTP implementation is TLS 1.1.
Implementation for SFTP is different than FTPS. SFTP can use username/password authentication or can be configured to use an RSA (an algorithm for public-key cryptography that is based on the presumed difficulty of factoring large integers) public/private keypair. The port used for communications does not change and is more predictable to configure behind a firewall.