Stop fraud at the source: why ACH + check Positive Pay belong in every treasury’s toolkit

Payments fraud is evolving fast. In 2024, nearly eight in ten organizations reported being victims of attempted or actual payments fraud. Checks remain the most common target, hitting 65% of businesses, while ACH credits have overtaken wires as the top vector for business email compromise. 

That combination of high fraud exposure and rapidly scaling volumes makes Positive Pay more relevant than ever. Treasury leaders can’t afford back-office controls that miss cut-offs or leave them chained to their desktops. They need fraud prevention tools that are fast, mobile-first, and embedded directly into their digital banking experience.

Today’s fraud climate is shaped by three realities: persistent check fraud, ACH’s growing vulnerability, and the need for mobile-first exception control.

Check fraud still dominates

Even in an era of declining check use, checks remain the top fraud method. For corporates handling high-value B2B payments, the risk is persistent and costly. Positive Pay provides a proven line of defence by matching issued check files against presented items and flagging anomalies before payment.

ACH is the new battleground

BEC (business email compromise) scams are increasingly shifting from wires to ACH credits, exploiting higher transaction volumes and weaker protections. ACH Positive Pay gives businesses rule-based control, allowing only transactions from known originators, within set thresholds, or with specific attributes. Anything outside those parameters is flagged as an exception.

Mobile matters more than ever

Exception decisions are time-sensitive, often bound by midday cut-offs. If the review window is missed, a fraudulent item can slip through or a legitimate payment can be returned. Mobile access ensures decision-makers can approve or block suspect items on the go, cutting losses and improving adoption.

The strongest Positive Pay platforms don’t separate checks and ACH. Instead, they provide consistent features across both rails, supported by shared controls like alerts, entitlements, and audit-ready reporting. Here’s what comprehensive Positive Pay looks like in practice:

Check Positive Pay

Treasurers can then step in to approve legitimate checks or reject fraudulent ones, a process that must happen quickly since cut-off windows are often just a few hours. 

Payee Positive Pay adds another level of protection by validating the payee’s name, closing one of the most common loopholes exploited in fraud schemes.

ACH Positive Pay

By setting thresholds or account filters, treasurers ensure that they only see exceptions that truly matter, minimizing distractions and focusing attention where the risks are highest. Importantly, exceptions are flagged before posting, which means fraudulent transactions are intercepted at the gate rather than detected after the fact.

Shared capabilities

Across both check and ACH protections, treasurers stay in control with shared capabilities that enhance speed, compliance, and oversight. Real-time alerts ensure that critical decisions can be made instantly, whether at the desk or on the move. 

Role-based entitlements allow CFOs, controllers, and AP clerks to each have the right level of access, keeping compliance intact while empowering decision-making. Finally, audit-ready reporting provides an easily searchable and exportable trail, helping organizations meet regulatory requirements without additional manual work.

Delivering ACH + Check Positive Pay usually follows one of two paths, each with its own strengths and considerations.

Core-banking add-ons

For many banks, the simplest starting point is to enable Positive Pay through an existing core-banking module. These solutions are typically faster to implement, with lower upfront costs and easier integration into current systems. 

However, they can come with trade-offs. Functionality may be limited, the user experience can feel dated, and extending the solution across web and mobile can be a challenge. While core add-ons provide a useful entry point for banks looking to stand up a service quickly, they may fall short of delivering the modern experience clients now expect.

Third-party SSO integrations

The alternative is to partner with third-party providers and embed their capabilities into the bank’s digital channels via single sign-on (SSO). These solutions tend to offer richer features, better customization, and a stronger user interface. 

The integration work is more complex, requiring careful planning to create a unified experience across ACH and checks, but the payoff is significant. When done well, this approach creates a true “pane of glass” where treasurers can manage rules, exceptions, and approvals seamlessly. For banks competing on client experience, third-party integrations often provide the flexibility and polish needed to differentiate.

Where the value shows up

The value of Positive Pay is clear and quantifiable:

• Faster decision times: Mobile access and real-time alerts shrink exception handling windows from hours to minutes, dramatically reducing fraud exposure.

• Losses prevented: Both check and ACH fraud attempts can be tracked in avoided costs. A single blocked transaction can save tens of thousands of dollars.

• Higher adoption: A better user experience encourages treasury teams to use Positive Pay consistently, extending fraud protection across more transactions.

SLA compliance: Meeting cut-off deadlines with fewer exceptions missed improves service levels, strengthens trust, and supports long-term client retention.

For most banks, the challenge is delivering Positive Pay in a way that’s intuitive and truly useful for treasury clients. Backbase addresses this gap by embedding Positive Pay directly into commercial banking channels. On desktop and web, clients get the full suite: check file matching, ACH allow/block rules, exception reviews, approvals, cut-off timers, and audit-ready reporting.

On mobile, we’ve focused exclusively on decision-making where treasurers feel the most pressure: time-sensitive ACH exceptions. Clients can review flagged items, approve or reject them, and complete the approvals flow instantly — helping prevent fraud or avoid unnecessary payment delays while on the move.

For ACH rules and check exceptions, the full capabilities remain available on web, ensuring treasurers have comprehensive control when more detailed review is required.

The result is a Positive Pay experience that reflects how treasurers actually work: fast decisions on mobile when timing is critical, and comprehensive controls on desktop when detail and oversight matter most.