Yep an early project of mine was building an import of account charges from an FTP file transmission. There was plenty of checking and validation, any records that didn't pass were rejected and the user got notified (I think via email) with the rejected records and the reasons. They could then correct them and resubmit.

Granted the only real security was the FTP username and password, but it was all internal and at the time (1990s) that was good enough.