Positive Pay: Is It Time To Get Serious?
Last March the Association for Financial Professionals (AFP) released the results of its latest Payments Fraud and Control Survey. For financial institutions and their business customers, it provides fascinating reading and food for thought. Of the respondents, 66 percent experienced attempted or actual payments fraud in 2011.
Checks continued to be the most popular target for criminals, and 85 percent of organizations that experienced actual or attempted fraud were victims of check fraud. ACH debit fraud attempts were lower and reported by 23 percent of survey respondents. Of reported actual and/or attempted payments fraud, 74 percent resulted in no financial loss. When it did, the typical fraud loss for the year 2011 was $19,200. On the upper end, the potential or actual loss for 12 percent of those experiencing payments fraud was $250,000 or greater.
Sixty-two percent of organizations reported the fraud attempts had occurred throughout the year, not at the same time or close together as one might expect. Although the total 2011 numbers were down from the previous two years, they remained significant with 28 percent reporting more fraud attempts.
In 2012, how many businesses can afford a typical fraud loss over $19,000? How many of those fraud dollars will financial institutions be willing to absorb? Not surprisingly, the AFP Survey reported that “fraud controls like positive pay and daily reconciliation unquestionably prevent fraud losses. And, they save time because the review is limited to exceptions.”
Reinforcement for positive pay services is contained in the latest FFIEC guidance “Supplement to Authentication in an Internet Banking Environment” published in June, 2011. Interestingly, the FFIEC update twice suggested positive pay. It would appear that use of positive pay could become more than just a suggestion.
From the updated guidance: “Effective controls that may be included in a layered security program include, but are not limited to…the use of positive pay, debit blocks, and other techniques to appropriately limit the transactional use of the account.” The case for positive pay is noted again in the Appendix, Threat Landscape and Compensating Controls: “Additionally, institutions can look to traditional and innovative business process controls to improve security over customers’ online activities. Some examples include…establish payee whitelisting (e.g., positive pay) and/or blacklisting.”
Download the AFP Survey report and the updated FFIEC guidance and read about it for yourself. Maybe it’s time to offer your business customers a proven fraud prevention tool for both check and ACH. Maybe it’s time for positive pay.
Gil Grey serves Q2ebanking as Vice President of Product Management for Treasury Services. He has an extensive background in financial services, including SVP with Goldleaf Financial Solutions, a Senior Manager with Jack Henry & Associates, Associate Regional Director, Finance and Operations at the FDIC/RTC, and a Senior Manager in financial services consulting with Ernst & Young. He spent many years in banking and started his career in the finance department of a large manufacturing company. He holds a Bachelor of Business Administration in Marketing and Management and an MBA in Finance from Armstrong State University. He is also an Accredited ACH Professional (AAP) from NACHA and regularly participates in their councils and rules groups.