Abstract: Aspects of the disclosure relate to deploying and utilizing a dynamic record identification and analysis computer system with event monitoring components. A computing device may receive account reconnaissance data identifying a first plurality of user accounts that have experienced at least one event associated with account security concern characteristics. The computing platform may analyze event history data associated with the first plurality of user accounts to identify one or more common interactions associated with a subset of the first plurality of user accounts. The computing platform may identify a point of compromise among the subset of the first plurality of user accounts. Subsequently, the computing platform may search enterprise user account records to identify a second plurality of user accounts that have at least one event associated with the point of compromise. The computing platform may add the second plurality of user accounts to an alert table.

Abstract: Aspects of the disclosure relate to deploying and utilizing a dynamic record identification and analysis computer system with event monitoring components. A computing device may receive account reconnaissance data identifying a first plurality of user accounts that have experienced at least one event associated with account security concern characteristics. The computing platform may analyze event history data associated with the first plurality of user accounts to identify one or more common interactions associated with a subset of the first plurality of user accounts. The computing platform may identify a point of compromise among the subset of the first plurality of user accounts. Subsequently, the computing platform may search enterprise user account records to identify a second plurality of user accounts that have at least one event associated with the point of compromise. The computing platform may add the second plurality of user accounts to an alert table.

Abstract: Aspects of the disclosure relate to deploying and utilizing a dynamic record identification and analysis computer system with event monitoring components. A computing device may receive account reconnaissance data identifying a first plurality of user accounts that have experienced at least one event associated with account security concern characteristics. The computing platform may analyze event history data associated with the first plurality of user accounts to identify one or more common interactions associated with a subset of the first plurality of user accounts. The computing platform may identify a point of compromise among the subset of the first plurality of user accounts. Subsequently, the computing platform may search enterprise user account records to identify a second plurality of user accounts that have at least one event associated with the point of compromise. The computing platform may add the second plurality of user accounts to an alert table.

Abstract: Aspects of the disclosure relate to deploying and utilizing a dynamic record identification and analysis computer system with event monitoring components. A computing device may receive account reconnaissance data identifying a first plurality of user accounts that have experienced at least one event associated with account security concern characteristics. The computing platform may analyze event history data associated with the first plurality of user accounts to identify one or more common interactions associated with a subset of the first plurality of user accounts. The computing platform may identify a point of compromise among the subset of the first plurality of user accounts. Subsequently, the computing platform may search enterprise user account records to identify a second plurality of user accounts that have at least one event associated with the point of compromise. The computing platform may add the second plurality of user accounts to an alert table.

Abstract: An illustrative method for identifying information associated with a ring of individuals performing improper financial activities may include combining a list of user identifiers with one or more attributes tables corresponding to the financial transactions. A computer device may analyze a first list of identifiers in relation to an attribute table, where the identifiers may be associated with one or more suspected improper financial activities and the attribute table may include attributes of one or more financial transactions performed over a specified duration. The computer device may then link the first list of identifiers with one or more attributes included in the attribute table to determine a second list of identifiers and the process may be repeated until a stopping condition has been reached. After the stopping condition has been met, the computer device may communicate a report to a user.

Abstract: Aspects of the disclosure relate to a system to monitor devices for unauthorized access of an external account. A computing platform may receive, via a communication interface, and from a first user device, metadata comprising first user device identification information and accessed account information. The computing platform may determine, based on the first user device identification information, whether the first user device is one of a plurality of internal user devices. The computing platform may identify, based on the accessed account information, an action indicating the first user device is accessing an account. The computing platform may determine, based on the action and the accessed account information, whether the action is authorized. The computing platform may receive information indicating unauthorized use of the account by the first user device. The computing platform may transmit the information indicating unauthorized use of the account by the first user device.

Abstract: Aspects of the disclosure relate to a system to monitor devices for unauthorized access of an external account. A computing platform may receive, via a communication interface, and from a first user device, metadata comprising first user device identification information and accessed account information. The computing platform may determine, based on the first user device identification information, whether the first user device is one of a plurality of internal user devices. The computing platform may identify, based on the accessed account information, an action indicating the first user device is accessing an account. The computing platform may determine, based on the action and the accessed account information, whether the action is authorized. The computing platform may receive information indicating unauthorized use of the account by the first user device. The computing platform may transmit the information indicating unauthorized use of the account by the first user device.

Abstract: An illustrative method for identifying information associated with a ring of individuals performing improper financial activities may include combining a list of user identifiers with one or more attributes tables corresponding to the financial transactions. A computer device may analyze a first list of identifiers in relation to an attribute table, where the identifiers may be associated with one or more suspected improper financial activities and the attribute table may include attributes of one or more financial transactions performed over a specified duration. The computer device may then link the first list of identifiers with one or more attributes included in the attribute table to determine a second list of identifiers and the process may be repeated until a stopping condition has been reached. After the stopping condition has been met, the computer device may communicate a report to a user.

Abstract: Systems and computer-readable media are disclosed for utilizing one or more databases to detect a point of compromise (“POC”). A POC detection computing platform may receive data associated with a potential point of compromise from a first computing system. The POC detection computing platform may extract data associated with the potential point of compromise from one or more central servers and/or databases. The extracted data may then be analyzed to determine if a point of compromise has been detected. The POC detection computing platform may transmit the results of the analysis to a second computing system.

Abstract: Aspects of the disclosure relate to deploying and utilizing a dynamic record identification and analysis computer system with event monitoring components. In some embodiments, a computing platform may receive, from a contact feed generation computer system, one or more contact feeds comprising contact data identifying one or more contacts associated with one or more user accounts. The computing platform may analyze the one or more contact feeds to identify a first subset of user accounts of the one or more user accounts having one or more attributes associated with one or more predetermined account security concern characteristics. Subsequently, the computing platform may add the first subset of user accounts of the one or more user accounts to an alert table maintained by the computing platform, and may send, to an analyst computer system, alert table listing information identifying contents of the alert table maintained by the computing platform.

Abstract: An illustrative method for identifying information associated with a ring of individuals performing improper financial activities may include combining a list of user identifiers with one or more attributes tables corresponding to the financial transactions. A computer device may analyze a first list of identifiers in relation to an attribute table, where the identifiers may be associated with one or more suspected improper financial activities and the attribute table may include attributes of one or more financial transactions performed over a specified duration. The computer device may then link the first list of identifiers with one or more attributes included in the attribute table to determine a second list of identifiers and the process may be repeated until a stopping condition has been reached. After the stopping condition has been met, the computer device may communicate a report to a user.

Abstract: Systems and computer-readable media are disclosed for utilizing one or more databases to detect a point of compromise (“POC”). A POC detection computing platform may receive data associated with a potential point of compromise from a first computing system. The POC detection computing platform may extract data associated with the potential point of compromise from one or more central servers and/or databases. The extracted data may then be analyzed to determine if a point of compromise has been detected. The POC detection computing platform may transmit the results of the analysis to a second computing system.

Abstract: Aspects of the disclosure relate to deploying and utilizing a dynamic record identification and analysis computer system with event monitoring components. In some embodiments, a computing platform may receive, from a contact feed generation computer system, one or more contact feeds comprising contact data identifying one or more contacts associated with one or more user accounts. The computing platform may analyze the one or more contact feeds to identify a first subset of user accounts of the one or more user accounts having one or more attributes associated with one or more predetermined account security concern characteristics. Subsequently, the computing platform may add the first subset of user accounts of the one or more user accounts to an alert table maintained by the computing platform, and may send, to an analyst computer system, alert table listing information identifying contents of the alert table maintained by the computing platform.

Abstract: Systems, apparatus, methods, and computer program products are provided for automatically monitoring cash balancing transactions conducted by individuals responsible for a cash drawer to determine unique behaviors/patterns of such individuals that are abnormal to the overall population of cash drawer users. Such proactive monitoring of cash balancing transactions provides for suspicious activity to be identified at the onset of such activity. As such, the identified suspicious activity can be further investigated to determine the cause of the activity. Thus, by identifying the suspicious activity at an earlier stage, financial losses to the financial institution can be reduced and reputational risk can be minimized.

Abstract: An illustrative method for identifying information associated with a ring of individuals performing improper financial activities may include combining a list of user identifiers with one or more attributes tables corresponding to the financial transactions. A computer device may analyze a first list of identifiers in relation to an attribute table, where the identifiers may be associated with one or more suspected improper financial activities and the attribute table may include attributes of one or more financial transactions performed over a specified duration. The computer device may then link the first list of identifiers with one or more attributes included in the attribute table to determine a second list of identifiers and the process may be repeated until a stopping condition has been reached. After the stopping condition has been met, the computer device may communicate a report to a user.

Abstract: Methods and apparatus according to the invention are directed towards providing means for identifying a selection of entity associates that may contain a perpetrator of claimed fraud against an entity account. Means are also provided for scoring the associates within the selection as to relative likelihood of being the perpetrator. Identification means and scoring means may include analyses of the number and nature of connections associates may have with the frauded account, with other entity accounts, with past claims of fraud, and with other associates.

Abstract: Methods and apparatus according to the invention are directed towards providing means for identifying a selection of entity associates that may contain a perpetrator of claimed fraud against an entity account. Means are also provided for scoring the associates within the selection as to relative likelihood of being the perpetrator. Identification means and scoring means may include analyses of the number and nature of connections associates may have with the frauded account, with other entity accounts, with past claims of fraud, and with other associates.