Stop fraud at the source: why ACH + check Positive Pay belong in every treasury's toolkit
Payments fraud is evolving fast. In 2024, nearly eight in ten organizations reported being victims of attempted or actual payments fraud. Checks remain the most common target, hitting 65% of businesses, while ACH credits have overtaken wires as the top vector for business email compromise.
At the same time, ACH itself is booming: Same Day ACH processed over 1.2 billion payments in 2024, a 45% year-on-year increase.
That combination of high fraud exposure and rapidly scaling volumes makes Positive Pay more relevant than ever. Treasury leaders can't afford back-office controls that miss cut-offs or leave them chained to their desktops. They need fraud prevention tools that are fast, mobile-first, and embedded directly into their digital banking experience.
The new frontline of fraud prevention
The new frontline of fraud prevention is mobile-enabled, real-time Positive Pay that covers both checks and ACH transactions. Today's fraud climate demands this unified approach due to three critical realities: persistent check fraud, ACH's growing vulnerability, and the need for mobile-first exception control.
Check fraud still dominates
Even in an era of declining check use, checks remain the top fraud method. For corporates handling high-value B2B payments, the risk is persistent and costly.
How Check Positive Pay works: Matches issued check files against presented items and flags anomalies before payment.
ACH is the new battleground
BEC (business email compromise) scams are increasingly shifting from wires to ACH credits, exploiting higher transaction volumes and weaker protections.
ACH Positive Pay gives businesses rule-based control through:
- Known originator filtering: Only allows transactions from approved sources
- Threshold controls: Blocks payments above set dollar amounts
- Attribute matching: Validates specific transaction characteristics
Anything outside those parameters is flagged as an exception.
Mobile matters more than ever
Exception decisions are time-sensitive, often bound by midday cut-offs. If the review window is missed, a fraudulent item can slip through or a legitimate payment can be returned. Mobile access ensures decision-makers can approve or block suspect items on the go, cutting losses and improving adoption.
Building a stronger Positive Pay framework
The strongest Positive Pay platforms unify checks and ACH under one system. They provide consistent features across both rails, supported by shared controls like alerts, entitlements, and audit-ready reporting.
Check Positive Pay
With Check Positive Pay, every presented check is matched against the company's issued check file. If any details fail to align, the system immediately flags the transaction as an exception before funds are released.
Key validation points:
- Check number: Ensures issued numbers match presented items
- Payment amount: Flags discrepancies in dollar amounts
- Payee name: Validates recipient through Payee Positive Pay
FAQ: How quickly must check exceptions be resolved?
Treasurers typically have just a few hours before cut-off windows close, making mobile access critical for timely decisions.
ACH Positive Pay
For ACH transactions, businesses gain greater control through customizable rules. They can specify which transactions to allow while automatically blocking anything outside those boundaries.
Rule-setting options include:
- Known originators: Allow transactions only from approved vendors
- Dollar thresholds: Set maximum amounts for automatic approval
- Account filters: Control which accounts can receive payments
Exceptions are flagged before posting, intercepting fraudulent transactions at the gate rather than detecting them after the fact.
Shared capabilities
Across both check and ACH protections, treasurers stay in control with shared capabilities that enhance speed, compliance, and oversight:
- Real-time alerts: Enable instant decisions at the desk or on mobile
- Role-based entitlements: Give CFOs, controllers, and AP clerks appropriate access levels
- Audit-ready reporting: Provide searchable, exportable trails for regulatory compliance
Implementation approaches & measurable ROI
Delivering ACH + Check Positive Pay usually follows one of two paths, each with its own strengths and considerations.
Core-banking add-ons
For many banks implementing treasury management capabilities, the simplest starting point is to enable Positive Pay through an existing core-banking module. These solutions are typically faster to implement, with lower upfront costs and easier integration into current systems.
However, they can come with trade-offs. Functionality may be limited, the user experience can feel dated, and extending the solution across web and mobile can be a challenge. While core add-ons provide a useful entry point for banks looking to stand up a service quickly, they may fall short of delivering the modern experience clients now expect.
Third-party SSO integrations
The alternative is to partner with third-party providers and embed their capabilities into the bank's digital channels via single sign-on (SSO). These solutions tend to offer richer features, better customization, and a stronger user interface.
The integration work is more complex, requiring careful planning to create a unified experience across ACH and checks, but the payoff is significant. When done well, this approach creates a true "pane of glass" where treasurers can manage rules, exceptions, and approvals seamlessly. For banks competing on client experience, third-party integrations often provide the flexibility and polish needed to differentiate.
Where the value shows up
The value of Positive Pay is clear and quantifiable:
- Faster decision times: Mobile access and real-time alerts shrink exception handling windows from hours to minutes, dramatically reducing fraud exposure
- Losses prevented: Both check and ACH fraud attempts can be tracked in avoided costs. A single blocked transaction can save tens of thousands of dollars
- Higher adoption: A better user experience encourages treasury teams to use Positive Pay consistently, extending fraud protection across more transactions
- SLA compliance: Meeting cut-off deadlines with fewer exceptions missed improves service levels, strengthens trust, and supports long-term client retention
Making Positive Pay work where it matters most
For most banks, the challenge is delivering Positive Pay in a way that's intuitive and truly useful for treasury clients. Backbase addresses this gap by embedding Positive Pay directly into commercial banking channels. On desktop and web, clients get the full suite: check file matching, ACH allow/block rules, exception reviews, approvals, cut-off timers, and audit-ready reporting.
On mobile, we've focused exclusively on decision-making where treasurers feel the most pressure: time-sensitive ACH exceptions. Clients can review flagged items, approve or reject them, and complete the approvals flow instantly — helping prevent fraud or avoid unnecessary payment delays while on the move.
For ACH rules and check exceptions, the full capabilities remain available on web, ensuring treasurers have comprehensive control when more detailed review is required.
The result is a Positive Pay experience that reflects how treasurers actually work: fast decisions on mobile when timing is critical, and comprehensive controls on desktop when detail and oversight matter most.
FAQ: What's the difference between mobile and web Positive Pay functionality?
Mobile focuses on time-sensitive ACH exception decisions for on-the-go approvals, while web provides comprehensive controls for ACH rules setup and detailed check exception reviews.
