An apparatus is configured to receive a data feed. The data feed includes location data of a first card reader that may be compromised and an identifier of the party that initiated the alert. The apparatus is further configured to determine that the location data of the first card reader matches a location identifier associated with a first card reader owner profile. The apparatus is also configured to determine that the owner of the card reader is not the entity receiving the alert. The apparatus then determines that there is not a match between the identifier of the party that initiated the alert and a user identifier from a plurality of user account profiles. The apparatus is further configured to transmit a message to the card reader owner indicating that the card reader may be compromised.