By Bo Garner, CPA, MBA

Check fraud is rampant. Whether it’s from outside threats, like criminals stealing mail, or internal risks arising from gaps in internal controls, organizations need all the help they can get to safeguard their assets. There are several steps nonprofits can take to mitigate risk internally. Outside the organization, a bank service called positive pay allows organizations to proactively mitigate check tampering.

The Rise and Risk of Check Fraud

Internal check fraud is a type of fraudulent disbursement scheme and falls under the most common fraud category of asset misappropriation. The Association of Certified Fraud Examiners (ACFE) 2022 Report to the Nations found that check and payment tampering has one of the highest median losses – $100,000 per event – and represents ten percent of all asset misappropriation schemes. These schemes can go on for up to 18 months on average before being detected, and can cost can organization $5,600 per month.

Nonprofits’ reported fraud losses tend to be less than other types of entities, but the loss hits harder, especially for smaller organizations.

Most fraud occurs because of a lack of internal controls – or an employee decides to override them. Smaller organizations may be at a higher risk: separation of duties, a key anti-fraud safeguard, may not be possible.

But check tampering can occur outside the organization, too.

Nacha, the organization that governs the ACH direct deposit network, reported that check fraud has soared since the pandemic. The Financial Crimes Enforcement Network (FinCEN) noted that banks filed more than 680,000 suspicious activity reports in 2022 – about double from the year before. Fraudsters will steal mail, hoping to gain access to checks inside.

Check washing, where fraudsters use nail polish remover to take off the dollar amount and payee, is a common approach. From there, someone can rewrite the check and cash it themselves, or sell washed checks online. While banks will reimburse accounts for check fraud, this process takes time.

Organizations that still mail checks are at risk.

PBMares Insight: We’ve seen the effect of this first-hand. Many nonprofit clients without a positive pay feature in their business banking have experienced check fraud in the last year.

What is Positive Pay?

Positive pay is an automatic cash management tool that banks offer to mitigate check fraud. It can be offered as a stand-alone product or part of a suite of services for check disbursements. It does require a little more upfront work, but the benefit of protecting against check fraud more than outweighs a couple of extra minutes per check.

With positive pay, information like check number, account number, and dollar amount is provided to the bank ahead of time. Account owners can either enter the information manually or upload a file depending on how the bank’s service works.

When an account is enrolled in positive pay, the bank validates check information against what the account owner provided. If anything is a mismatch, the check is flagged and the account owner is given the opportunity to decline the transaction. Usually, this is done through check images, which account owners can access through a mobile or online portal.

Some banks charge monthly fees per account for positive pay and/or a nominal fee (2, 3, or 5 cents) per issued check. The service may also be covered in a business banking account.

Beyond the basic positive pay feature, there are two other types of services that organizations may want to consider.

Payee Positive Pay: The account owner submits the payee name with other check information, and the check’s payee name is validated too; often, the organization would submit a list of approved vendors along with a payment threshold that, if both items match, the bank can approve the check without flagging it for further review.

ACH Positive Pay: This works the same as above, except that unauthorized electronic debits are prevented with a pre-approved list of vendors and payment thresholds.

Additionally, another type of positive pay called Reverse Positive Pay lets account owners monitor their own flagged checks. This is considered to be less secure, since if the deadline passes to review the checks, the bank will process the payment.

Benefits of Positive Pay

Intercepting check fraud before it happens preserves funds essential to normal operations. When checks that are monitored with positive pay are cashed, the organization has peace of mind knowing that the payment was verified and safe.

Positive pay is also another means of ensuring that check tampering from within the organization isn’t happening. Especially in small nonprofits, it can be hard or impossible to have different people who would approve, sign, and review checks and other expenses. Positive pay is the automated safeguard.

Organizations would also monitor their online bank accounts more often, another advantage when it comes to preventing fraud. And with positive pay, there are fewer errors and less time involved than if a person manually reviews the checks.

Preventing Check Fraud at Your Nonprofit

Positive pay is an easy, effective way to reduce or prevent check tampering. There are more steps that nonprofits can take to mitigate check fraud and other types of asset misappropriation schemes.

When possible, segregate duties. When that isn’t possible, requiring a second signature on all checks is another safeguard.

Use high-quality checks if writing them in-house, and ensure that all checks have advanced security features so they’re harder to duplicate. Or, issue checks through the bank – online bill pay systems enable this feature. It’s also more secure to simply avoid writing and mailing checks altogether; instead, opt for direct deposit or another online bill pay feature.

And for nonprofits especially, ensure that all staff and Board members understand how money flows through the organization: who is responsible for which part of the process, and what internal controls are in place.

These and other internal controls protect nonprofit assets and employees at organizations large and small.

If your organization isn’t yet using positive pay or has gaps in internal controls, contact our Not-for-Profit Team Leader Bo Garner for more information.  Also, ensure to ask your banking partner about these various tools to help mitigate fraud.