Finance glossary

What is ACH positive pay?

Bristol James
4 Min

ACH Positive Pay is a fraud protection service offered by banks to businesses that make transactions on the ACH network. The ACH network is the primary facilitator of bank-to-bank transfers in the United States.

Businesses use this service to pre-authorize certain vendors with filters that stipulate who can make debits and credits in their accounts.

How does ACH positive pay work?

1. Establishment

To start, the business must enroll in ACH Positive Pay with their bank. Depending on the bank, the business can submit an online request or apply for the service via their online banking platform or app.

2. Configuration

Once approved for ACH Positive Pay, the business needs to provide the bank with the types of ACH transactions it wishes to authorize.

To that end, transactions may be authorized for specific payees, transaction types or dollar amounts. The company can also set parameters for transaction frequency and define start and end dates.

3. Notification

Debits presented for payment are paid when they satisfy the conditions established in the previous step.

For security purposes, the business will receive an alert via email, text or online banking if:

  • An unknown party attempts to debit its account.
  • There is mismatched data, or
  • Certain criteria are not met

From there, the relevant employee can choose to accept or reject the transaction.

In any case, the business can establish a list of approved payees and waive notification alerts for associated transactions. This eliminates the need to maintain ACH debit blocks and filters which can be resource-intensive and prone to human error.

If, for whatever reason, the employee does not act on an ACH debit notification, the transaction will be returned or cancelled by default.

General summary of ACH Positive Pay
A general summary of the ACH Positive Pay process (Source: Bank of Marin)

Benefits of ACH positive pay

Monitoring

Potentially suspect ACH payments are flagged by financial institutions once detected. As mentioned earlier, notifications can be delivered across several communication mediums. This allows the business to respond swiftly to any perceived threat and minimizes potential losses and operational disruptions.

Customization

The positive pay system is also customizable in that it enables businesses to filter transactions based on a range of metrics.

The criteria the business implements depends on its:

  • Desired level of security
  • Risk tolerance, and
  • Transaction patterns

What else can positive pay be used for?

The principles that make ACH positive pay successful can also be applied to check-based fraud mitigation.

Some US banks offers a check positive pay service to detect fraudulent, counterfeit or altered checks.

To achieve this, it compares issued checks against those in a business’s check register. If there are discrepancies in the check number or its dollar amount, a notification is sent. It is then up to the business to pay the check or return it.

Reverse positive pay

Reverse positive pay reverses the order of the positive pay mechanism.

Instead of the business sending a list of issued checks to the bank for verification, the bank sends a list of presented checks to the business for the same purpose.

In most cases, a daily report is posted to the business’s online portal the day after checks are presented. The business must then verify each check using the same information as above.

One key difference between positive pay and reverse positive pay is the default decision.

While the default decision for positive pay is to return the check, the default decision for reverse positive pay is to approve it. This difference is critical because it shifts fraud detection responsibility from the bank to the business.

Investing in ACH security

While utilizing ACH positive pay or reverse positive pay processes do allow for an additional layer of security, it shouldn’t be your last line of defense. Cyber security threats and attempts at fraud are becoming significantly more refined, adding a layer of risk many businesses cannot afford to take on. For example, using ACH Filters only protects you to the extent that your ACH positive pay list is correct in comparison to your list of vendors at the time of upload.

If a criminal or an internal employee has access to access your system, they may be able to update your vendor details, particularly the account details, committing ACH fraud by rerouting payment to the wrong account.

Investing in a final line of defense when it comes to accounts payable is an important consideration for CFOs in 2024. Eftsure is currently protecting thousands of businesses across Australia, New Zealand and the US from various forms of payment fraud,  cybercrime and potential human error, specifically related to automated payments.

Summary:

  • ACH Positive Pay is a fraud prevention service offered by banks that enables businesses to authorize ACH transactions before they are processed.
  • ACH Positive Pay has several benefits. For one, active monitoring of potential fraud enables the business to minimise disruption.  What’s more, the customisability of ACH Positive Pay allows businesses to adjust certain parameters according to their risk tolerance.
  • Aspects of ACH Positive Pay are also used to mitigate against check fraud. Positive Pay and Reverse Positive Pay are two such solutions a business can use depending on its size and desired level of involvement in the check verification process.
Eftsure's financial controls guide
Your Guide to Rock-Solid Financial Controls
When it comes to protecting your company's finances strong Financial Controls are the best way place to start. Download our guide and see how your controls stack up.

Related articles

Finance glossary

What is vendor management?

Vendor management is the act of ensuring that your third-party vendors meet regulatory requirements and contractual obligations. This safeguards your business from …

Read more
Finance glossary

What is MFA?

Multi-factor authentication (MFA) is a security method that requires users to prove their identity using two or more distinct factors before accessing …

Read more
Finance glossary

What are imposter scams?

Imposter scams are a type of fraud where scammers pretend to be trusted individuals, companies, or government agencies to deceive victims into …

Read more

The new security standard for business payments

End-to-end B2B payment protection software to mitigate the risk of payment error, fraud and cyber-crime.