Systems and methods for triggering token alerts

What is claimed is: 1 . A system for triggering an alert included in an authentication token based on detecting malicious activity, comprising: one or more processors; and a non-transitory, computer-readable storage medium storing instructions that, when executed by the one or more processors, cause operations comprising: detecting the authentication token at a token reader, wherein the authentication token is built into a security pass; in response to detecting the authentication token at the token reader, initiating a communication session between the authentication token and the token reader during which an authentication request is transferred; processing, using a machine learning model, the authentication request to determine a probability that the authentication request satisfies a time threshold corresponding to one or more purchases associated with the security pass; in response to the probability being above a threshold, determining whether a user device associated with the authentication token is within a threshold distance of the authentication token, wherein a location of the user device is associated with geographical positioning system (GPS) information received from the user device; and in response to determining that the authentication token is not within the threshold distance of the user device, declining the authentication request, disabling the authentication token, and transmitting an alert request to the authentication token to emit an audio signal from a speaker included in the security pass. 2 . The system of claim 1 , further comprising: in response to determining that the authentication token is within the threshold distance of the user device, transmitting, to the user device, a verification request for the authentication request; and in response to receiving a user response to the verification request, transmitting the user response to the token reader. 3 . A method for triggering an alert included in an authentication token based on detecting malicious activity, the method comprising: detecting the authentication token at a reader, wherein the authentication token is built into a security pass; in response to detecting the authentication token at the reader, initiating a communication session between the authentication token and the reader during which an authentication request is transferred; processing, using a machine learning model, the authentication request to determine a probability that the authentication request satisfies a time threshold corresponding to one or more purchases associated with the security pass; in response to the probability being above a threshold, determining whether a user device associated with the authentication token is within a threshold distance of the authentication token, wherein a location of the user device is associated with geographical information received from the user device; and in response to determining that the authentication token is not within the threshold distance of the user device, declining the authentication request, disabling the authentication token, and transmitting an alert request to the authentication token to emit an audio signal from a speaker included in the security pass. 4 . The method of claim 3 , further comprising: in response to determining that the authentication token is within the threshold distance of the user device, transmitting, to the user device, a verification request for the authentication request; and in response to receiving a user response to the verification request, transmitting the user response to the reader. 5 . The method of claim 3 , wherein determining whether a user device associated with the authentication token is within a threshold distance of the authentication token comprises determining whether the authentication token is within a location range selected by a user. 6 . The method of claim 3 , further comprising: receiving one or more user preferences related to future authentication requests; and determining the threshold for the probability based on the one or more user preferences. 7 . The method of claim 6 , wherein the one or more user preferences comprises a geographical range, a time of day range, or an operation range associated with the authentication token. 8 . The method of claim 3 , wherein transmitting the alert request to the authentication token to emit the audio signal from the speaker included in the security pass further comprises transmitting a sound for the audio signal selected based on input from the user device. 9 . The method of claim 3 , further comprising: receiving, from the user device, a request to associate a new user device with the authentication token. 10 . The method of claim 4 , further comprising: in response to receiving a user response indicating denial of the authentication request, transmitting a shutdown request to the authentication token to disconnect a circuit connecting the speaker included in the security pass, thereby rendering the authentication token unusable for further authentication requests. 11 . The method of claim 4 , further comprising: in response to receiving a user response indicating approval of the authentication request, approving the authentication request and transmitting a cancel request to the authentication token to cease emitting the audio signal. 12 . The method of claim 3 , further comprising: prior to initiating a second communication session between the authentication token and the reader, receiving, from the user device, an indication that the authentication token is missing and an advance request to disable the authentication token; and at a time subsequent to receiving the advance request, in response to detecting the authentication token at the reader, transmitting a shutdown request to the authentication token. 13 . The method of claim 3 , wherein processing the authentication request to determine the probability that the authentication request satisfies the time threshold corresponding to the one or more purchases associated with the security pass comprises: receiving, from the reader, a timestamp associated with the authentication request; processing, using a machine learning model, a plurality of timestamps from a plurality of previous authentication requests to determine the time threshold; and determining the probability based on whether the timestamp associated with the authentication request satisfies the time threshold. 14 . A non-transitory, computer-readable storage medium storing instructions that, when executed by one or more processors, cause operations comprising: detecting a token at a token reader, wherein the token is built into a security pass; in response to detecting the token at the token reader, initiating a communication session between the token and the token reader during which an authentication request is transferred; processing, using a machine learning model, the authentication request from the token to determine a probability that the authentication request satisfies a time threshold corresponding to one or more purchases associated with the security pass; in response to the probability being above a threshold, determining whether a user device associated with the token is within a threshold distance of the token, wherein a location of the user device is associated with geographical information received from the user device; and in response to determining that the token is not within the threshold distance of the user device, declining the authentication request, disabling the token and, transmitting an alert request to the token to emit an a