Payments Security

Check fraud – busting the ‘two signatures’ myth

Check fraud – busting the 'two signatures' myth. Images: Freepik
Written by Tana Law

Tana Law looks at the prevalence of check fraud in the US, and how the ‘two signatures’ process is preventing companies from moving to electronic payments.

Two signatures on a check has been seen as the gold standard for internal financial control for generations. A whole generation in management is attached to this paper process. They consider signing a check to be the ultimate in authority, approval and security. There are a lot of people in accounts payable (AP) who could log their 10,000 steps a day just walking around the building trying to collect those signatures. The irony is that requiring two signatures has prevented companies from moving to electronic payments, which are actually more secure, because most fraud is external.

Up until now, there hasn’t been a way to mimic the two-signature process electronically. With today’s technology, they can pay electronically, and with two approvers, providing greater internal and external control.

The check fraud problem

Mass credit card breaches make the headlines, but check fraud is a bigger problem for businesses. According to the 2014 AFP Payments Fraud and Control Survey, 60% of organizations had actual or attempted fraud in 2013. 82% of respondents reported that checks were the primary target of fraud attacks. When I speak at gatherings of AP and finance professionals, I ask how many people in the audience have experienced check fraud. Almost everyone in the audience raises their hand. It’s happened to everyone at least once.

According to the AFP study, the most common check fraud method is altering the MICR (Magnetic Ink Character Recognition) line on the check. Positive Pay and daily reconciliations are the most common ways companies guard against check fraud.

Bank information walking

With electronic payments, your bank information can’t fall into the wrong hands. About 80% of fraudsters are outside the company, but it’s still not a good idea to have your banking information walking around the building on a piece of paper. With a third party payments provider, even your internal people don’t see it.

Paying electronically is more secure and is cost effective, and with cloud technology, you’ll also have greater approval control than even two signatures can provide, all in one workflow.

These days, many AP departments process payments in batches according to the invoiced amount. One day, it’s payments up to $10,000. The next day, it’s anything between $10,000-50,000. The following day it’s anything between $50,000 and $100,000, and it has to go to the COO for signature. Then there’s yet another batch for anything over $100,000, which additionally has to go to the CEO to sign.

Putting down the pens

Instead of segregating your payments by amount and signature controls, you can unify them into a single workflow by configuring different routing, permission and approval levels in the payment system. People still have the power to approve and the appropriate credentials to sign off at different levels.

You also have an electronic audit trail of everybody who touched it or signed it, along with the date and the time. Best of all, your exposure to potential fraud is mitigated since no account numbers are exposed anywhere.

In Europe, governments regulate invoicing and the postal system isn’t always reliable. As a result, checks (or cheques) long ago became obsolete. European finance professionals express surprise when they learn that they’re still so prevalent in the US. This needs to change.

Companies can and should cut way back on writing checks. They can achieve significant time and cost savings by eliminating fees and manual processes, with no loss of control. The two signatures myth is holding us back. It’s time to put down the pens and move forward.

About the author

Tana Law

Tana Law is the co-founder and senior vice president of sales for Nvoicepay, a provider of B2B payment solutions for the enterprise.

1 Comment

  • Hi,

    Have you ever encounter a situation where the same person signs twice differently on a two signature authorization requirement transaction?

Leave a Comment