Platform Security Overview
The Platform Security Overview report contains data for your FI on authentication score, transaction authorization score, and administrative score against the Q2 FI average scores.
Terms
Authentication Score card
The following table defines terms you may see in the Authentication Score card:
| Term | Definition |
| Password Policy: TACs valid for greater than 15 minutes | The Transaction Authorization Code (TAC) is valid for longer than 15 minutes. |
| Password Policy: Passwords Never Expire | The password won't expire. |
| Password Policy: Minimum Characters Req'd is less than 8 | The password can be longer or shorter than 8 characters long. |
| Password Policy: Special Character is not Req'd | Special characters aren't required for the password. |
| No MFA | Multi-factor authentication (MFA) isn't required to log in. |
| MFA with Challenge Codes Only |
Authenticated users unable to receive a Secure Access Code (SAC) can log in using a one-time challenge code set up through MFA. |
| MFA using Browser Registration where e-mail is an available target for TAC delivery | Users have the ability to register a browser and have the access code delivered by email. |
| TACs at each login where e-mail is an available target for TAC delivery | An access code is required for each login, and can be delivered by email. |
Transaction Authorization Score card
The following table defines terms you may see in the Transaction Authorization Score card:
| Term | Definition |
| No Q2 Sentinel in place |
Q2 Sentinel isn't leveraged to scan for, identify, or block fraudulent transactions. |
| No Transaction Authorization TAC/Token Requirement or Dual Approval in place | A TAC or dual-approval isn't required to authorize a transaction. |
| Transaction Authorization using TACs with e-mail as an available target for TAC delivery | A transaction can be authorized using a TAC delivered by email. |
| Dual Approval in place |
The person who approves a transaction can't make changes to the transaction. |
| Transaction Authorization using OOB Tokens | A transaction can be authorized using out-of band (OOB) authorization. |
Administrative Score card
The following table defines terms you may see in the Administrative Score card:
| Term | Definition |
| Average % of Users w/Draft Right, Never Drafted a Transaction | The average amount of users with draft rights that have never drafted a transaction. |
| Average % of Users w/Draft Right, Limit > $1M Higher than Largest Tran in History | The average amount of users with the ability to initiate a transaction of one million dollars higher than the largest transaction a customer has ever done. |
| New users added via OLB are NOT Disabled until Reviewed by FI |
Users have the ability to create new users and log in immediately (without FI review). |
| CSR Roles grant high level of access to all employees |
CSR roles in Q2 Central and Console that grant high-level access to all employees. |
| Security alert profiles inappropriately matched with Groups |
Security Alert Profiles at the Group level aren't matched to the appropriate Group, such as Retail Alerts for a Commercial Group. |