Q2 Holdings today announced two new capabilities—User Activity Monitoring and Restricted Entitlements Mode—that combine AI-enabled detection with real-time response, helping financial institutions detect and stop account takeover fraud. These products integrate with the existing Q2 fraud portfolio, enabling a continuous approach to account takeover protection across the digital banking journey.
User Activity Monitoring uses AI-assisted behavioral detection during live digital banking sessions.
Restricted Entitlements Mode applies restrictions in response to high-risk signals in real time.
More than a third of alerts from UAM aligned to confirmed fraud in initial testing.
Builds on Q2 Patrol and Q2 Sentinel for full lifecycle fraud defense.
Addresses coordinated, multi-step account takeover attacks spanning login, session behavior, and transactions.
IDC Research notes closing gap between threat identification and action without manual intervention.
Account takeover has evolved into a coordinated, multi-step attack that spans login, session behavior, account changes, and transactions. This evolution exposes wide gaps in point-in-time fraud controls and reactive strategies against fraud. Because criminal behavior grows more sophisticated over time, banks and credit unions face increasing pressure to move beyond reactive detection toward continuous, real-time protection. Unlike traditional fraud tools that operate at isolated moments in the end user experience, Q2's holistic and AI-driven approach to continuous account takeover enables financial institutions to move from fragmented controls to coordinated protection.
Q2's approach brings together multiple solutions embedded within the Q2 Digital Banking Platform and introduces two new capabilities that power this detection-and-response system:
User Activity Monitoring (UAM): Uses AI-assisted behavioral detection to continuously analyze behavioral signals and identify high-risk patterns during live digital banking sessions, combining deterministic rules with a foundation for future machine learning.
Restricted Entitlements Mode (REM): Acts as a deterministic enforcement layer that applies restrictions in response to high-risk signals, limiting access, adjusting permissions, or containing compromised accounts in real time.
These capabilities build on existing protections, including Q2 Patrol for high-risk account actions and Q2 Sentinel for transaction monitoring and anomaly detection. Together, they form a closed-loop, continuous fraud defense system that detects, evaluates, interrupts, and contains attacks, connecting intelligence and enforcement across the full lifecycle of account takeover.
In initial testing, First Bank reported strong signal quality from User Activity Monitoring, with more than a third of alerts aligning to confirmed fraud and a meaningful portion identifying risk not detected elsewhere. IDC Research highlighted the significance of combining behavioral signal detection with direct control over enforcement.
As Jeff Scott, Q2 Managing Director, Fraud Intelligence, stated: "Fraud no longer happens at a single point; it unfolds across the entire digital session. With this continuous approach to account takeover protection, we're embedding intelligence directly into digital banking session workflows to help institutions shift from reactive detection to taking immediate, dynamic action before fraud occurs. Threats get stopped earlier, reducing both fraud losses and operational burden."
John Schulte, First Bank VP and Digital Banking Lead, added: "In just a few months of testing, we've seen strong signal quality from User Activity Monitoring, with more than a third of alerts aligning to confirmed fraud and a meaningful portion identifying risk we hadn't detected elsewhere. It's helping us uncover high-risk activity earlier, refine our fraud strategies proactively, and collaborate more closely with Q2 to continuously improve detection accuracy."
Sam Abadir, IDC Research Director for Risk, Compliance and Financial Crime, said: "What is notable about Q2's approach is the combination of behavioral signal detection with direct control over enforcement. By connecting User Activity Monitoring with real-time action through Restricted Entitlements Mode, Q2 is addressing one of the more persistent challenges in fraud operations: the lag between identifying a threat and acting on it. Closing that gap within a single session, without requiring manual intervention, is what makes this model worth attention."
About Q2 Holdings, Inc.
Q2 is a leading provider of digital transformation solutions for financial services, serving banks, credit unions, alternative finance companies, and fintechs in the U.S. and internationally. Q2 enables its financial institution and fintech customers to provide comprehensive, data-driven digital engagement solutions for consumers, small businesses and corporate clients. Headquartered in Austin, Texas, Q2 has offices worldwide and is publicly traded on the NYSE and NYSE Texas under the stock symbol QTWO.
TechIntelPro empowers B2B technology decision-makers with the latest industry trends, deep insights, leadership perspectives and actionable intelligence to drive both organizational and professional milestones—and thrive on the tech pulse.