Abstract: Aspects of the disclosure relate to deploying and utilizing a dynamic record identification and analysis computer system with event monitoring components. A computing device may receive account reconnaissance data identifying a first plurality of user accounts that have experienced at least one event associated with account security concern characteristics. The computing platform may analyze event history data associated with the first plurality of user accounts to identify one or more common interactions associated with a subset of the first plurality of user accounts. The computing platform may identify a point of compromise among the subset of the first plurality of user accounts. Subsequently, the computing platform may search enterprise user account records to identify a second plurality of user accounts that have at least one event associated with the point of compromise. The computing platform may add the second plurality of user accounts to an alert table.

Abstract: Aspects of the disclosure relate to deploying and utilizing a dynamic record identification and analysis computer system with event monitoring components. A computing device may receive account reconnaissance data identifying a first plurality of user accounts that have experienced at least one event associated with account security concern characteristics. The computing platform may analyze event history data associated with the first plurality of user accounts to identify one or more common interactions associated with a subset of the first plurality of user accounts. The computing platform may identify a point of compromise among the subset of the first plurality of user accounts. Subsequently, the computing platform may search enterprise user account records to identify a second plurality of user accounts that have at least one event associated with the point of compromise. The computing platform may add the second plurality of user accounts to an alert table.

Abstract: Aspects of the disclosure relate to deploying and utilizing a dynamic record identification and analysis computer system with event monitoring components. A computing device may receive account reconnaissance data identifying a first plurality of user accounts that have experienced at least one event associated with account security concern characteristics. The computing platform may analyze event history data associated with the first plurality of user accounts to identify one or more common interactions associated with a subset of the first plurality of user accounts. The computing platform may identify a point of compromise among the subset of the first plurality of user accounts. Subsequently, the computing platform may search enterprise user account records to identify a second plurality of user accounts that have at least one event associated with the point of compromise. The computing platform may add the second plurality of user accounts to an alert table.

Abstract: Aspects of the disclosure relate to deploying and utilizing a dynamic record identification and analysis computer system with event monitoring components. A computing device may receive account reconnaissance data identifying a first plurality of user accounts that have experienced at least one event associated with account security concern characteristics. The computing platform may analyze event history data associated with the first plurality of user accounts to identify one or more common interactions associated with a subset of the first plurality of user accounts. The computing platform may identify a point of compromise among the subset of the first plurality of user accounts. Subsequently, the computing platform may search enterprise user account records to identify a second plurality of user accounts that have at least one event associated with the point of compromise. The computing platform may add the second plurality of user accounts to an alert table.

Abstract: An illustrative method for identifying information associated with a ring of individuals performing improper financial activities may include combining a list of user identifiers with one or more attributes tables corresponding to the financial transactions. A computer device may analyze a first list of identifiers in relation to an attribute table, where the identifiers may be associated with one or more suspected improper financial activities and the attribute table may include attributes of one or more financial transactions performed over a specified duration. The computer device may then link the first list of identifiers with one or more attributes included in the attribute table to determine a second list of identifiers and the process may be repeated until a stopping condition has been reached. After the stopping condition has been met, the computer device may communicate a report to a user.

Abstract: An illustrative method for identifying information associated with a ring of individuals performing improper financial activities may include combining a list of user identifiers with one or more attributes tables corresponding to the financial transactions. A computer device may analyze a first list of identifiers in relation to an attribute table, where the identifiers may be associated with one or more suspected improper financial activities and the attribute table may include attributes of one or more financial transactions performed over a specified duration. The computer device may then link the first list of identifiers with one or more attributes included in the attribute table to determine a second list of identifiers and the process may be repeated until a stopping condition has been reached. After the stopping condition has been met, the computer device may communicate a report to a user.

Abstract: Systems and arrangements for detecting unauthorized activity and implementing proactive controls to avoid future occurrences of unauthorized activity are provided. The system may receive one or more occurrences of unauthorized activity and may identify similar pairs of occurrences. The pairs of occurrences may then be compared to generate occurrence clusters. The occurrence clusters may be analyzed to determine a common merchant or other attribute. This common merchant or other attribute may be used to query a database to identify one or more devices also associated with the merchant or attribute. One or more proactive controls may then be implemented on the identified devices.

Abstract: Aspects of the disclosure relate to detection of unauthorized usage in debit card transactions using a transaction management computing platform and an analytics computing platform. A computing platform may monitor a plurality of transactions at an automated teller machine. Subsequently, the computing platform may identify at least one unusual activity in the plurality of transactions at the automated teller machine. In response to identifying the at least one unusual activity in the plurality of transactions, the computing may analyze each account corresponding to the plurality of transactions to identify a common point of purchase for a subset of accounts. Thereafter, the computing platform may flag the subset of accounts for unauthorized usage.

Abstract: Systems and computer-readable media are disclosed for utilizing one or more databases to detect a point of compromise (“POC”). A POC detection computing platform may receive data associated with a potential point of compromise from a first computing system. The POC detection computing platform may extract data associated with the potential point of compromise from one or more central servers and/or databases. The extracted data may then be analyzed to determine if a point of compromise has been detected. The POC detection computing platform may transmit the results of the analysis to a second computing system.

Abstract: An illustrative method for identifying information associated with a ring of individuals performing improper financial activities may include combining a list of user identifiers with one or more attributes tables corresponding to the financial transactions. A computer device may analyze a first list of identifiers in relation to an attribute table, where the identifiers may be associated with one or more suspected improper financial activities and the attribute table may include attributes of one or more financial transactions performed over a specified duration. The computer device may then link the first list of identifiers with one or more attributes included in the attribute table to determine a second list of identifiers and the process may be repeated until a stopping condition has been reached. After the stopping condition has been met, the computer device may communicate a report to a user.

Abstract: Systems and computer-readable media are disclosed for utilizing one or more databases to detect a point of compromise (“POC”). A POC detection computing platform may receive data associated with a potential point of compromise from a first computing system. The POC detection computing platform may extract data associated with the potential point of compromise from one or more central servers and/or databases. The extracted data may then be analyzed to determine if a point of compromise has been detected. The POC detection computing platform may transmit the results of the analysis to a second computing system.

Abstract: Methods, systems, and computer-readable media for identifying unauthorized activity events, assessing the unauthorized activity event and evaluating a potential impact of the unauthorized activity event are provided. In some examples, upon detection of an unauthorized activity event, merchant data may be received for a first evaluation time period. If a sufficient number of events has occurred in the first evaluation time period, additional data may be retrieved and analyzed to determine a control limit related to an expected rate of events. The number of events in the first evaluation time period may then be compared to the control limit and, if the number exceeds the control limit, a priority score for the merchant may be generated. Additional data, such as merchant category, particular state, and/or particular city data, may be analyzed in order to provide a more granular evaluation of a merchant.

Abstract: An illustrative method for identifying information associated with a ring of individuals performing improper financial activities may include combining a list of user identifiers with one or more attributes tables corresponding to the financial transactions. A computer device may analyze a first list of identifiers in relation to an attribute table, where the identifiers may be associated with one or more suspected improper financial activities and the attribute table may include attributes of one or more financial transactions performed over a specified duration. The computer device may then link the first list of identifiers with one or more attributes included in the attribute table to determine a second list of identifiers and the process may be repeated until a stopping condition has been reached. After the stopping condition has been met, the computer device may communicate a report to a user.