Abstract: Aspects of the disclosure relate to deploying and utilizing a dynamic record identification and analysis computer system with event monitoring components. A computing device may receive account reconnaissance data identifying a first plurality of user accounts that have experienced at least one event associated with account security concern characteristics. The computing platform may analyze event history data associated with the first plurality of user accounts to identify one or more common interactions associated with a subset of the first plurality of user accounts. The computing platform may identify a point of compromise among the subset of the first plurality of user accounts. Subsequently, the computing platform may search enterprise user account records to identify a second plurality of user accounts that have at least one event associated with the point of compromise. The computing platform may add the second plurality of user accounts to an alert table.

Abstract: Aspects of the disclosure relate to deploying and utilizing a dynamic record identification and analysis computer system with event monitoring components. A computing device may receive account reconnaissance data identifying a first plurality of user accounts that have experienced at least one event associated with account security concern characteristics. The computing platform may analyze event history data associated with the first plurality of user accounts to identify one or more common interactions associated with a subset of the first plurality of user accounts. The computing platform may identify a point of compromise among the subset of the first plurality of user accounts. Subsequently, the computing platform may search enterprise user account records to identify a second plurality of user accounts that have at least one event associated with the point of compromise. The computing platform may add the second plurality of user accounts to an alert table.

Abstract: Aspects of the disclosure relate to deploying and utilizing a dynamic record identification and analysis computer system with event monitoring components. A computing device may receive account reconnaissance data identifying a first plurality of user accounts that have experienced at least one event associated with account security concern characteristics. The computing platform may analyze event history data associated with the first plurality of user accounts to identify one or more common interactions associated with a subset of the first plurality of user accounts. The computing platform may identify a point of compromise among the subset of the first plurality of user accounts. Subsequently, the computing platform may search enterprise user account records to identify a second plurality of user accounts that have at least one event associated with the point of compromise. The computing platform may add the second plurality of user accounts to an alert table.

Abstract: Aspects of the disclosure relate to deploying and utilizing a dynamic record identification and analysis computer system with event monitoring components. A computing device may receive account reconnaissance data identifying a first plurality of user accounts that have experienced at least one event associated with account security concern characteristics. The computing platform may analyze event history data associated with the first plurality of user accounts to identify one or more common interactions associated with a subset of the first plurality of user accounts. The computing platform may identify a point of compromise among the subset of the first plurality of user accounts. Subsequently, the computing platform may search enterprise user account records to identify a second plurality of user accounts that have at least one event associated with the point of compromise. The computing platform may add the second plurality of user accounts to an alert table.

Abstract: Aspects of the disclosure relate to a system to monitor devices for unauthorized access of an external account. A computing platform may receive, via a communication interface, and from a first user device, metadata comprising first user device identification information and accessed account information. The computing platform may determine, based on the first user device identification information, whether the first user device is one of a plurality of internal user devices. The computing platform may identify, based on the accessed account information, an action indicating the first user device is accessing an account. The computing platform may determine, based on the action and the accessed account information, whether the action is authorized. The computing platform may receive information indicating unauthorized use of the account by the first user device. The computing platform may transmit the information indicating unauthorized use of the account by the first user device.

Abstract: Aspects of the disclosure relate to controlling device data collectors using omni-collection techniques. A computing platform may receive configuration settings associated with a first collector and a second collector. Subsequently, the computing platform may generate one or more configuration commands for a native collector based on the configuration settings. The computing platform may send, to a client interface computing platform associated with the native collector, the one or more configuration commands generated for the native collector. Thereafter, the computing platform may receive state information collected by the native collector based on the one or more configuration commands generated for the native collector.

Abstract: Aspects of the disclosure relate to a system to monitor devices for unauthorized access of an external account. A computing platform may receive, via a communication interface, and from a first user device, metadata comprising first user device identification information and accessed account information. The computing platform may determine, based on the first user device identification information, whether the first user device is one of a plurality of internal user devices. The computing platform may identify, based on the accessed account information, an action indicating the first user device is accessing an account. The computing platform may determine, based on the action and the accessed account information, whether the action is authorized. The computing platform may receive information indicating unauthorized use of the account by the first user device. The computing platform may transmit the information indicating unauthorized use of the account by the first user device.

Abstract: Systems and arrangements for detecting unauthorized activity and implementing proactive controls to avoid future occurrences of unauthorized activity are provided. The system may receive one or more occurrences of unauthorized activity and may identify similar pairs of occurrences. The pairs of occurrences may then be compared to generate occurrence clusters. The occurrence clusters may be analyzed to determine a common merchant or other attribute. This common merchant or other attribute may be used to query a database to identify one or more devices also associated with the merchant or attribute. One or more proactive controls may then be implemented on the identified devices.

Abstract: Aspects of the disclosure relate to controlling device data collectors using omni-collection techniques. A computing platform may receive configuration settings associated with a first collector and a second collector. Subsequently, the computing platform may generate one or more configuration commands for a native collector based on the configuration settings. The computing platform may send, to a client interface computing platform associated with the native collector, the one or more configuration commands generated for the native collector. Thereafter, the computing platform may receive state information collected by the native collector based on the one or more configuration commands generated for the native collector.

Abstract: Methods, systems, and computer-readable media for identifying unauthorized activity events, assessing the unauthorized activity event and evaluating a potential impact of the unauthorized activity event are provided. In some examples, upon detection of an unauthorized activity event, merchant data may be received for a first evaluation time period. If a sufficient number of events has occurred in the first evaluation time period, additional data may be retrieved and analyzed to determine a control limit related to an expected rate of events. The number of events in the first evaluation time period may then be compared to the control limit and, if the number exceeds the control limit, a priority score for the merchant may be generated. Additional data, such as merchant category, particular state, and/or particular city data, may be analyzed in order to provide a more granular evaluation of a merchant.