In contrast to file transfers in a wholesale banking environment characterised by exchanges of large volume, between mainframes, in a relatively high-security environment ("bulk file transfers"); those in a retail banking environment are characterised by low volumes and a lower degree of reliability of environment in which downloaded devices are operated. Such devices may be, but not limited to, an electronic point of sale terminal (EPOS), an automated vending machine (AVM), an automated teller machine (ATM), or a merchant server in communication with payment gateways.It is assumed that a pre-established relationship exists between the entities involved in the secure file transfer, especially to cover the legal and commercial aspects related to the file transfer liabilities.This International Standard applies to the different kinds of file transfer used in retail banking environment, but does not cover transaction messages identified in ISO 8583.The transfer may require timeliness, and requires at least one of the following security services:- message origin authentication;- receiver authentication;- integrity;- confidentiality;- non repudiation of origin;- non repudiation of delivery;- auditability.It is assumed that all data forwarded by the originator shall have been confirmed as legitimate and correct prior to the transfer.The different types of files to be transferred could contain:- software;- the retail transactions which have been performed and registered, (uploading);- technical data related to an acquirer (access parameters...), (downloading);- application data related to an acquirer (BIN list, hot list, ...), (downloading).Characteristics of such file transfers are the following:a) the type ofdata tobe transferred canbe- non-secret data (collection of retail transactions, technical data and application data); or- secret data.b) the number of entities to receive the data can be:- one;- more than one (broadcast with even thousands of receivers).c) the communication channels can consist of one or both of the following examples:- telecommunication: public network, private network;d) the nature of the transfer can be:- direct-connect, real-time transfer (also known as circuit switching ); or- store-and-forward transfer (also known as message switching).NOTE This International Standard considers the security service during the transfer. Requirements to ensure that transferred files have not been altered after transfer achievement are outside the scope of this International Standard.