A Step-by-Step Positive Pay Implementation Checklist
Positive pay is a fraud control where you send your bank a list of the checks you issued, and the bank pays only checks that match that list. Anything that does not match, a wrong check number, a changed amount, an altered payee, or a check you never wrote, gets flagged as an exception for you to review. Rolling it out the first time is mostly a setup and process problem, not a technical one. The steps below put them in order.
If you want background on the mechanics before you start, read what is positive pay and how positive pay stops check fraud. When you are ready to build the file, the free positive pay file generator handles the formatting.
1. Enroll and decide standard vs payee positive pay
Start by enabling the service through your bank's treasury management or business banking team. Many banks first set up your account in an inactive or test status so you can practice loading a file before it affects real check matching.
While you are enrolling, decide which version you want:
- Standard positive pay matches the check number, amount, and account number.
- Payee positive pay also checks the payee name, which is what stops check washing and altered-payee fraud. It usually costs more and requires the payee name in your file.
See payee positive pay for the trade-offs, and positive pay cost for typical pricing.
2. Get the exact file spec in writing
Every bank defines its own file layout. Ask your bank for the issued check file specification as a written document. There is no universal format, so do not assume a layout from another bank applies to yours. The spec tells you whether the bank wants fixed-width or CSV, the field order, the date format, and how amounts are written. Many banks expect implied decimal amounts, where $1,234.56 is written as 123456 with no decimal point.
The core fields are almost always the same: account number, check number, amount, issue date, and a void or issue status flag. Payee positive pay adds the payee name. For a field-by-field explanation, see the positive pay file format reference. Because the exact byte positions are account-specific, never guess them. If the bank's layout is unusual, the custom format builder lets you match it field by field.
3. Export the check register and build a test file
Your accounting system holds the data the file needs. Set up a check register export that includes every field the spec requires. Most platforms can do this; see the guides for QuickBooks Online and QuickBooks Desktop if you use those.
Take that export and build a small sample file in your bank's format, then submit it as a test. The goal is to confirm the bank accepts the layout before any real checks depend on it. If the bank rejects it, fix the format and resubmit; see why positive pay files get rejected for the common causes. Remember to include voided checks with the correct status code so a void cannot be cashed.
4. Confirm cutoff times and the default decision
Positive pay runs on a daily clock. Two times matter. First, when the bank expects your issued check file, which should be before you hand out the checks. Second, the deadline to decide on flagged exceptions, which most banks set sometime between late morning and mid-afternoon local time.
Just as important, confirm the default decision the bank applies if you miss the exception cutoff. Some banks default to return, others to pay, and the wrong setting can either bounce a legitimate check or let a fraudulent one through. Get this in writing. See positive pay cutoff times for more detail.
5. Assign exception review and the pay/return decision
Every business day, the bank may present exception items that did not match your file. Someone has to look at each one and tell the bank to pay or return it before the cutoff. Name a primary reviewer and a backup so the decision is never missed when someone is out. The reviewer should know how to tell a real timing difference from actual fraud, and should have authority to make the pay or return call.
6. Document the process, then go live
Write down the whole routine: who exports the register, when the file is sent, the bank's file and decision cutoffs, who reviews exceptions, the backup reviewer, and the default action. A one-page procedure keeps the control working when staff change.
Once your test file is accepted, roles are assigned, and cutoffs are documented, have the bank move your account from test to active and go live. From then on, send the issued check file the same day you cut checks, and check for exceptions every business day. If you are still deciding whether the service fits, see do I need positive pay and positive pay for small business. Citi's overview of the check positive pay process is a useful outside reference.