ACH Positive Pay is a fraud protection service offered by banks to businesses that make transactions on the ACH network. The ACH network is the primary facilitator of bank-to-bank transfers in the United States.
Businesses use this service to pre-authorize certain vendors with filters that stipulate who can make debits and credits in their accounts.
To start, the business must enroll in ACH Positive Pay with their bank. Depending on the bank, the business can submit an online request or apply for the service via their online banking platform or app.
Once approved for ACH Positive Pay, the business needs to provide the bank with the types of ACH transactions it wishes to authorize.
To that end, transactions may be authorized for specific payees, transaction types or dollar amounts. The company can also set parameters for transaction frequency and define start and end dates.
Debits presented for payment are paid when they satisfy the conditions established in the previous step.
For security purposes, the business will receive an alert via email, text or online banking if:
From there, the relevant employee can choose to accept or reject the transaction.
In any case, the business can establish a list of approved payees and waive notification alerts for associated transactions. This eliminates the need to maintain ACH debit blocks and filters which can be resource-intensive and prone to human error.
If, for whatever reason, the employee does not act on an ACH debit notification, the transaction will be returned or cancelled by default.
Potentially suspect ACH payments are flagged by financial institutions once detected. As mentioned earlier, notifications can be delivered across several communication mediums. This allows the business to respond swiftly to any perceived threat and minimizes potential losses and operational disruptions.
The positive pay system is also customizable in that it enables businesses to filter transactions based on a range of metrics.
The criteria the business implements depends on its:
The principles that make ACH positive pay successful can also be applied to check-based fraud mitigation.
Some US banks offers a check positive pay service to detect fraudulent, counterfeit or altered checks.
To achieve this, it compares issued checks against those in a business’s check register. If there are discrepancies in the check number or its dollar amount, a notification is sent. It is then up to the business to pay the check or return it.
Reverse positive pay reverses the order of the positive pay mechanism.
Instead of the business sending a list of issued checks to the bank for verification, the bank sends a list of presented checks to the business for the same purpose.
In most cases, a daily report is posted to the business’s online portal the day after checks are presented. The business must then verify each check using the same information as above.
One key difference between positive pay and reverse positive pay is the default decision.
While the default decision for positive pay is to return the check, the default decision for reverse positive pay is to approve it. This difference is critical because it shifts fraud detection responsibility from the bank to the business.
While utilizing ACH positive pay or reverse positive pay processes do allow for an additional layer of security, it shouldn’t be your last line of defense. Cyber security threats and attempts at fraud are becoming significantly more refined, adding a layer of risk many businesses cannot afford to take on. For example, using ACH Filters only protects you to the extent that your ACH positive pay list is correct in comparison to your list of vendors at the time of upload.
If a criminal or an internal employee has access to access your system, they may be able to update your vendor details, particularly the account details, committing ACH fraud by rerouting payment to the wrong account.
Investing in a final line of defense when it comes to accounts payable is an important consideration for CFOs in 2024. Eftsure is currently protecting thousands of businesses across Australia, New Zealand and the US from various forms of payment fraud, cybercrime and potential human error, specifically related to automated payments.
Financial planning and analysis (FP&A) combines planning, forecasting, budgeting, and analytical activities to support a company’s major business decisions and overall financial …
Cybercrime is any illegal activity that involves computers, the internet, or other information communications technologies (ICTs). This includes illegal activities both directed …
Social media profiling involves the collection and analysis of data from social media platforms to create detailed profiles of individuals or groups.
End-to-end B2B payment protection software to mitigate the risk of payment error, fraud and cyber-crime.
