A Advanced Fraud Academyby AFS
Track 1: Foundations Lesson 6 of 6
~12 min read
What you'll learn
  • The framework for evaluating any Positive Pay vendor
  • The fraud-prevention features that are table stakes vs. differentiators
  • The operational considerations that determine whether the platform will work for your team
  • A printable 12-question checklist for your next vendor demo

The Positive Pay Buyer's Guide.

When to read this lesson.

Three triggers make this the right time:

  • You don't have Positive Pay yet and you're starting to evaluate.
  • You have it, but it's a legacy product your business clients won't use.
  • You're due for a contract renewal and want to know what to ask for.

Same framework applies to all three.

Fraud-prevention features: table stakes vs. differentiators.

Check Positive Pay — table stakes. Every modern platform has it. If a vendor doesn't, walk.

ACH Positive Pay — table stakes in 2026, not 2016. If a vendor offers only Check PP, they're shipping a 2016 product. Walk.

Payee Match — differentiator. AI-powered image analysis that catches the check-washing scenario where the dollar amount is unchanged but the payee was altered. The single biggest gap in legacy systems. Make sure your shortlist has it.

Reverse Positive Pay — useful for larger commercial clients who can't generate a full issued check file. Their bank sends them daily reports of cleared checks for review. Most platforms support it. Confirm yours does.

Operational considerations: what determines whether the platform works.

This is where vendors differ wildly. The fraud features tend to converge. The operational realities don't.

Scalability. Will the platform serve your 20 smallest business clients and your three largest at the same time? Some platforms are built for big-bank deployments and can't gracefully serve small businesses. Some are built for small business and can't scale. You need both.

Accessible pricing. Positive Pay used to come with a big-bank price tag. Today's platforms are more accessible. Look for clear per-client or per-account pricing, not enterprise contracts. If the vendor won't quote without a sales cycle, that's a signal.

Cross-device access. Your business clients are on phones. If the platform isn't mobile-first with SMS notifications, your adoption ceiling is built in. Non-negotiable in 2026.

File-format flexibility. QuickBooks, Sage, NetSuite, fixed-length, headerless, no MICR. Your business clients use what they use. The platform has to accept whatever they export. If onboarding one client takes two months because of file-format friction, you have the wrong platform.

Integration with core and digital banking. SSO from your digital banking platform is the lowest-friction onboarding for clients. API access matters if your IT team plans to embed PP data in dashboards. Confirm integration depth before you sign.

FI-controlled defaults. Your team should be able to set the default action — pay or return — when a client misses the cutoff. The business client shouldn't be able to toggle settings that change your liability picture.

"Most institutions are underpriced on Positive Pay. They set the price at conversion and never revisit it."

Community bank CTO, Southeast

The 12-question vendor evaluation checklist.

Take this list to any vendor demo. If a vendor can't answer any of these directly, that's your answer.

  1. Do you offer Check Positive Pay, ACH Positive Pay, and Payee Match in one platform?
  2. Does Payee Match use AI image analysis to read handwriting nuances?
  3. How does your platform handle file formats from QuickBooks, Sage, and other accounting software?
  4. Can a business client decision an exception from a mobile device with an SMS notification, end-to-end?
  5. What's your average implementation time per business client?
  6. Are default decisions controlled at the FI level or the business client level?
  7. Show me the visible cutoff time UX — is it on every screen or just one?
  8. Do you support SSO from our digital banking provider, with no separate login for the business client?
  9. What does the audit trail look like, and how do examiners receive it?
  10. What's your average client enrollment rate at FIs our size, 12 months after launch?
  11. How do you support our internal team during the first 30 client onboardings?
  12. What's the pricing structure — per business client or per FI?

The procurement workflow.

Four stages. Plan a realistic timeline:

Stage 1: Identify risks (Week 1–2). Talk to treasury, IT, compliance. Understand what types of fraud your FI is seeing, what transaction volume your business clients run, and what your current systems can and can't do.

Stage 2: Evaluate (Week 3–6). Shortlist three vendors. Demo each. Use the 12-question checklist. Ask each vendor for two reference customer calls.

Stage 3: Select (Week 7–8). Compare pricing, integration depth, and service model. Reference calls matter more than demos.

Stage 4: Integrate and go live (Week 9 onward). First 30 business clients in the first 60 days. Internal feedback. Client feedback. Iterate.

Do this

Download the 12-question checklist from the sidebar. Pin it to your wall. Take it to every vendor demo for the next 12 months — whether you're actively switching or just staying sharp on what a modern platform looks like.

Where to go from here.

You've completed Track 1. You now have:

  • A working definition of modern Positive Pay
  • The two-products framing
  • A grip on which lane to lead with
  • The macro picture and the stats
  • A clear picture of the buying paths available to your FI
  • A buyer's checklist that holds up to any demo

Track 2 starts on the adoption side. We'll show you the 4 levers that get business clients from enrolled to engaged, the fraud-as-trigger script one community bank used to put 100+ commercial clients on PP, and the operational mechanics that scale. Enroll below to be notified when Track 2 drops.

Self-check

3 quick questions

Which of these features is a real differentiator — not table stakes — on a modern Positive Pay platform?
A Check Positive Pay
B ACH Positive Pay
C AI-powered Payee Match
D Reverse Positive Pay
Correct. Payee Match is the next-gen feature most legacy systems don't have. Check and ACH PP are now table stakes — if a vendor doesn't have both, that's an automatic disqualifier.
Not quite. Check and ACH PP are table stakes — every modern platform should have both. Payee Match is the real differentiator: AI image analysis that catches check washing.
What's the right response when a vendor can't tell you their average enrollment rate at peer FIs 12 months after launch?
A It's confidential — that's normal
B They probably haven't been tracking it — which tells you they don't run a real program
C Adoption isn't their responsibility
D Move on and pick by price
Correct. Vendors who run real programs know this number cold. If they don't have it, they either aren't tracking adoption or the number isn't flattering.
Not quite. Vendors who run real programs know their enrollment rates at peer FIs. If they can't answer, that's a signal — either they haven't been tracking it or the number is embarrassing.
Which of these is the strongest signal that you have the wrong PP platform?
A Your CEO doesn't know what Positive Pay is
B Onboarding one business client takes two months because of file-format issues
C Your vendor offers a free trial
D The platform has a green color scheme
Correct. File-format friction is the single biggest indicator of a legacy product. Two months to onboard one client means every onboarding costs that — and compounds across your entire book.
Not quite. File-format friction — two months to onboard one client — is the clearest operational signal that your platform wasn't built for the businesses your clients actually run.
← Previous Direct vs. partner: how community FIs actually buy Track 2 coming soon → Enroll to get notified
Track 1 complete

You finished Foundations.

Track 2 — The Adoption Playbook — drops summer 2026. Enroll free to get it in your inbox the day it launches.

Enroll for Track 2 notifications →