Positive Pay and Other Defenses Against Check Fraud
 |
The use of positive pay systems has become the industry standard for preventing check fraud—and with good reason. Positive pay provides your bank with a file listing all the checks printed on a given day. When those checks are presented, the bank compares the checks against the list. If a check isn’t on the list, the signature or amount is incorrect, or any aspect is questionable, the bank will either notify you or return the check unpaid.
“Positive pay is extraordinarily effective in preventing check fraud,” says professor Clayton Gillette, Max E. Greenberg Professor of Contract Law at the New York University School of Law. “It definitely is the single most important technological advance to date to prevent check fraud.”
Gillette is generally considered to be one of the nation’s foremost experts on check fraud protection. He appears regularly as an expert witness in such cases, and is a consultant to many firms on the matter.
He notes that a recent American Bankers Association (ABA) survey showed that some 40 percent of fraud was the result of forgery. Another 12 percent came from counterfeit checks. Positive pay can stop both of these when used regularly and promptly.
How it Works
In concept, positive pay is a simple system. As noted above, when checks are printed, an electronic file listing the checks and all their pertinent data—check number, amount, payee, date, etc., is created. This is transmitted to the bank, which compares every check presented with the list. Many positive pay systems can be implemented at the teller level. Tellers can compare the check with the list at the teller window.
In fact, Gillette says many times the bank teller can catch attempted fraud. “A signature that isn’t right, a check that doesn’t look right that may have been produced on a ‘home’ computer, an amount that is wrong…the bank teller can, if trained, see these even if the check got through the system.”
This is basic positive pay. There are other positive pay programs that offer a different method of detection. One is reverse positive pay. In this program, when the bank is ready to pay the checks presented to it, it transmits a file to the customer listing the checks presented for payment. The customer then compares those with their file of outstanding checks.
Another form of reverse positive pay is image positive pay. The customer receives an image of the checks, front and back. This is especially good for catching forged or incorrect endorsements.
Reverse positive pay and image positive pay, however, are highly labor intensive for the AP department. In most situations, standard positive pay is used.
Besides helping to prevent fraud when a check is presented, positive pay also inhibits internal fraud because it adds additional levels of security that reduce each employee’s role in the check writing process. The electronic file generally is sent by a separate application from the one that writes the checks. There also is software available that completely separates the file that prints the checks from the actual printing (see below).
Don’t Get Complacent
As much as positive pay can do to help you prevent fraud, Professor Gillette warns it has its limitations.
“It is only as good as the data that is entered, and the willingness of both the bank and the company to use the data.”
He notes he is currently involved in a case in which the company alleges the bank never reported back that it had a mismatch, and paid the checks. It has not yet been determined by testimony why or how this happened. But one way similar situations can occur is by insider fraud within the bank.
“Positive pay does not work against insider fraud at the bank,” Gillette points out. “If there is an insider at the bank responsible for the positive pay system and they are in cahoots with the individual perpetrating the fraud, or if they are themselves the perpetrator, they won’t notify the company of a mismatch, so the fraud will be accomplished.”
Unfortunately, such situations do happen. The ABA estimates that in 2001, despite technology, banks suffered $700 million in losses due to fraud. And that’s just what the banks lost. There are no numbers to show what companies lost, but since 1990 companies have had to share in losses due to fraud.
On a more positive note, the ABA estimates that in the same year, through positive pay and other means, banks foiled $3.6 billion in attempted fraud. That of course is not all AP-related, but it demonstrates the magnitude of the problem.
UCC: Businesses Share Responsibility
Prior to 1990, Article 3 of the Uniform Commercial Code (UCC) said banks were totally responsible for paying fraudulent checks and had to bear all losses. In 1990, that article was changed to what Gillette terms a “comparative negligence system.” The result was that a company is now liable for losses if they are the negligent party. Gillette explains that where both the company and the bank are negligent (for instance, if a company doesn’t catch a duplicate check and the bank also does not catch it), the loss is split. But if the check is written by a check writing machine, and the signature is correct, it most likely will be the company’s responsibility.
The code requires only that a company exercise “ordinary care” to limit its liability in cases of fraud. It isn’t like fiduciary responsibility in financial matters, but simple steps such as keeping the check stock separate from the check writing machine, not throwing ruined checks in the trash can, where a janitor can get them, and locking the machine and the stock up after the checks have been written.
Gillette says if a company shows that it did indeed exercise ordinary care, it will not be held liable for the loss. “The object of the law is to determine who was in the best position to avoid the fraud. If it is employee fraud, the courts have decided the company is in the best position to avoid the fraud, and so is liable for the loss. On the other hand, if it is a forged signature, the courts have said the bank must be able to determine that it is a forgery, and so must bear the loss,” he says.
He adds that the law does permit the customer and the bank to allocate losses by agreement, and many banks insist on such agreements—for instance, in that example of a check written by a check writing machine.
Because of the extra liability companies now face in cases of fraud, there have been major technological advances in check writing that do much to take the human element out of the process. Gillette says there are now rules-based systems that help tremendously.
Additional Check Precautions
Most consultants and many banks are recommending their clients do away with preprinted checks and use blank check stock. This would make it extremely difficult for a forger or perpetrator to obtain a check.
These systems separate the check image from the data for writing a check in a unique way. The check image, exists in a secure electronic form. But it can not be printed until the data software feeds in check data. The data initiates the check writing process.
Because the data stream is pure data, the system overcomes a major risk with preprinted checks—even if it is intercepted, a perpetrator can’t add or change anything. This makes it impossible to intercept a check and send it to a different printer, a ploy used often by those intent on fraud. With preprinted checks, it is possible to intercept the check data and add or change what goes on a check.
Using blank check stock makes it much more difficult for a would-be forger or fraud perpetrator to manipulate checks—that is, to change names, add zeros, etc. There simply is no check until the data stream comes into the printer.
As the checks are printed, the data is automatically transmitted to the bank. The bank then compares the check with the data files.
Other Steps
While positive pay is a significant weapon in the war on fraud, there are other steps companies need to take to further shore up the castle walls. Ray Podraza, senior vice president, Bank of America, in a presentation at Recap’s seventh annual Enhancing AP Operations conference, offered these suggestions:
- Have a policy that requires multiple signatures on checks exceeding a certain amount.
- Have your bank automatically return all checks over a pre-specified dollar amount.
- Have your bank automatically return all checks that exceed a designated time frame.
He also emphasized the need for having a number of security features on checks, whether they are preprinted or blank stock:
- Watermarks designed to be viewed at a 45-degree angle. This prevents them from being reproduced on a scanner or copy machine.
- VOID pantographs, so if the check is copied, “void” or “copy” appears.
- Warning bands that state the check has numerous security features.
- Laid lines—unevenly space lines on the check that make it difficult to electronically cut and past information from a scanned image.
- Chemically sensitive paper that reveals attempts to alter the paper with eradicators.
- Prismatic printing that makes it difficult to reproduce intricate colored backgrounds.
- Micro printing—a group of words so small that they appear as a line when copied or scanned.
Additional security features available in blank check stock include:
- Endorsement backer—a notice on the back of the check that informs your bank of the security features.
- Toner grip—a special surface treatment that creates adhesion of toner to the paper to help prevent lifting the toner off with tape.
- Fluorescent fibers that are invisible except when exposed to ultraviolet light.
“Like ‘location’ in real estate, the main ingredient in fraud prevention is training, training, training,” says Gillette. “Train your employees to take the steps needed to prevent fraud. Train them to recognize suspicious checks—a company they don’t recognize, a signature that doesn’t look quite right.”
He emphasizes that training must go to the executive level, particularly signatories. “If a busy executive is brought a batch of checks to sign, their inclination is to just sign them without really looking at them. They must look at the payee and amount to make sure it’s in line with history. The UCC revision makes the company completely liable for fictitious payees.”
# # #
Next Steps
