Account Takeover Protection

  1. Risk & Fraud Management
  2. Account Takeover Protection
  3. Q2 Restricted Entitlements Mode

A smarter response to suspected fraud.

Detecting suspicious activity is only half the battle. You need more options than just letting the session continue or shutting out the account entirely. Q2 Restricted Entitlements Mode gives financial institutions a more flexible way to respond—containing risk in real time by limiting what a potentially compromised account can do, without locking out the account holder or waiting to act until after a loss occurs.
Request a demo
rem-shadow

Close the gap between suspicion and certainty

Account takeover rarely announces itself with certainty. Fraud teams often see signals that feel wrong without having enough to immediately confirm that fraud is actually occurring. That gap between suspicion and certainty is where fraud slips through. With Restricted Entitlements Mode, institutions can dynamically introduce restrictions based on the level of risk, without cutting off access entirely or waiting to act until after losses occur.

Decide what gets restricted, and when

Not every suspicious situation is the same, and Restricted Entitlements Mode doesn’t treat them that way. Institutions define which actions get restricted, at what risk level, and under what conditions—whether that’s disabling wire transfers for a flagged account, blocking profile updates, or tightening daily transaction limits. 

  • Restrict specific transaction types, settings changes, or high-risk features based on your institution’s policies 
  • Trigger containment manually through Q2 Console or automatically via API, including through third-party fraud and risk platforms 
  • Restrictions are temporary and fully adjustable. You can lift them at any time as the situation evolves or the case is resolved
rem-configuration

Better investigations and a better account holder experience

By containing risk without cutting off access, Restricted Entitlements Mode gives your fraud team time to investigate properly, make a more confident call, and avoid the costly mistakes that come from acting under pressure. Meanwhile, account holders can still access their accounts and complete lower-risk activities—minimizing disruption.

  • Act before money moves. Contain risk during the session, not after a loss has occurred.  
  • Protect your account holder relationships. Legitimate users keep access to their accounts while the investigation proceeds, without the disruption of a full lockout. 
rem-investigations

FAQs

Does Restricted Entitlements Mode block users from their accounts?

No. Restricted Entitlements Mode is designed specifically to avoid that. Rather than cutting off access entirely, it allows financial institutions to limit specific high-risk actions—such as money movement, password changes, or profile updates—while the account holder can still log in and complete lower-risk activities. The goal is to reduce exposure without creating unnecessary friction for a potentially legitimate user. 

How does Restricted Entitlements Mode fit into Q2’s broader approach to account takeover?

Restricted Entitlements Mode is part of Q2’s continuous account takeover protection approach, which connects detection, response, and containment across the digital banking journey. It works alongside Q2 User Activity Monitoring, which surfaces suspicious in-session behavior, and Q2’s existing fraud products Sentinel and Patrol. When risk is detected, Restricted Entitlements Mode is the response layer that enables institutions to act during the session, before funds move, rather than after a loss has occurred. 

Additional products

  • User Activity Monitoring

    Detect suspicious in-session behavior before money moves 

  • Patrol

    Evaluate and protect high-risk account actions  

  • Sentinel

    Evaluate and protect high-risk account actions