Is Modernizing Legacy Positive Pay Systems Enough to Stop Check Fraud?
- Positive Pay still relies on manual file uploads, overburdening business customers & limiting adoption
- Banks lean on complex PDF “quick guides,” turning Positive Pay setup into an IT project
- TMonit’s CheckSync & OrboGraph solutions automate & modernize Positive Pay to strengthen fraud prevention
Positive Pay, as currently deployed by many financial institutions, is stuck in a 1990s workflow that puts too much operational burden on business customers and keeps adoption stubbornly low, according to a recent LinkedIn article by Max Koenig, VP Sales & Partnerships at Monit. In “Positive Pay Hasn't Changed Since the 90s. That's a Problem,” Mr. Koenig notes that while fraud risk has exploded—driven in part by AI—core Positive Pay processes have barely evolved in more than 30 years.
Gaps of Legacy Positive Pay
Mr. Koenig notes that most companies maintain only 30–60 days’ worth of cash on hand; about 90% continue to rely on checks, and approximately 65% of fraud attempts are directed at them. A single successful incident can quickly trigger payroll disruptions and strained supplier relationships, especially for SMBs. Yet many banks still rely on legacy file‑upload models that expect clients to manually export, format, and upload check issue files every day.
Additionally, the post's review of bank websites shows that institutions are talking about fraud, offering Positive Pay, and then handing out multi‑page PDF “quick guides” explaining file templates, field rules, and error codes. These documents amount to simplified instructions for a complex IT task that business owners are neither trained for nor eager to perform. The result is long support calls, poor user experience, and persistent under‑utilization of Positive Pay—even among enrolled clients.
Lastly, we must not forget about the underlying technology of legacy positive pay systems. Many do not offer payee-name verification which enables altered checks to still clear even when you transmit a full issue file. Often fraudsters will substitute the original payee with their own while leaving numbers and amounts intact. Or, as we reported earlier, if the check business check is large enough, the fraudster can simply register for an LLC with a similar name to the payee, along with a business account—I.e. the original check is written to ACME Corp and the fraudster registers an LLC and business checking account for ACME LLC—and deposits the stolen check.
Positive Pay: Is It Enough?
While payee positive pay systems are an essential component for a financial institution's overall check fraud detection strategy, more technology is needed to ensure that financial losses are not taken by both the bank and its customers.
For example, to detect the type of fraud where an LLC is opened, FIs need to deploy specific analysers like "new account" and "state-of-deposit" that are included in transactional analytics and image forensic AI systems. Both analyzers provides a risk score that can identify if the check has been false deposited— adding protection against this new fraud scheme.
By combining multiple technologies—including payee positive pay, transaction monitoring, behavioral analytics, image‑forensic AI, and consortium data—financial institutions can create a multilayered defense. This approach helps ensure that if a fraudulent check slips through one control, another layer is likely to identify the item and route it for further review.