Malicious activity detection system capable of efficiently processing data accessed from databases and generating alerts for display in interactive user interfaces

What is claimed is: 1. A computing system comprising: a database storing a first data set and a second data set associated with one or more accounts, wherein the first data set comprises a first data section, a second data section, and first data corresponding to the first data section or the second data section, and wherein the second data set comprises the first data section, a third data section, and second data corresponding to the first data section or the third data section; a computer processor; and a computer readable storage medium storing program instructions configured for execution by the computer processor in order to cause the computing system to: select a first rule from a plurality of rules, wherein the first rule is associated with a behavior associated with the one or more accounts; retrieve the first data set and the second data set from the database; identify that the first data section is included in the first data set and the second data set; run a deduplication operation on each entry in the first data set and the second data set to remove duplicate entries, wherein a first entry in the first data set is a duplicate of a second entry in the second data set if third data associated with the first data section in the first entry is equal to fourth data associated with the first data section in the second entry; execute a join operation to generate a third data set using the first data section as a join key, wherein the third data set comprises the first data section, the second data section, the third data section, the first data, and the second data; run the first rule on the third data set to determine whether the behavior is risky; generate an alert in response to a determination that the behavior is risky; and transmit the alert for display in an interactive user interface. 2. The computing system of claim 1 , wherein the first data comprises a first subset of data and a second subset of data, and wherein the program instructions are further configured to cause the computing system to: determine that the first rule does not use the second subset of data to determine whether the behavior is risky; and remove the second subset of data from the first data prior to executing the join operation. 3. The computing system of claim 1 , wherein the interactive user interface comprises a button that allows a user to take an action associated with the displayed alert. 4. The computing system of claim 1 , wherein the program instructions are further configured to cause the computing system to: use a clustering process to separate the first data and the second data into a plurality of clusters; identify a subset of the first data or the second data that fall outside of a first cluster in the plurality of clusters by at least a threshold value; and generate an alert for each of the items in the subset of the first data or the second data. 5. The computing system of claim 1 , wherein the first rule is a cash out rule. 6. The computing system of claim 1 , wherein the database further stores historical data, and wherein the program instructions are further configured to cause the computing system to: retrieve the historical data from the database, wherein running the first rule on the historical data causes the computing system to determine that the behavior is risky; merge the first data and the historical data; run the first rule on the merged first data and historical data; determine whether the behavior is risky; and determine that the first data is valid in response to a determination that the behavior is risky. 7. The computing system of claim 1 , wherein the database receives data from an issuer database in periodic intervals, and wherein the program instructions are further configured to cause the computing system to: select the first data set, wherein a first subset of the first data is expected to be received at a first time and a second subset of the first data is expected to be received at a second time; determine that the second subset of the first data was not received at the second time; and generate a notification for display in the interactive user interface, wherein the notification instructs a user to retrieve the second subset of the first data. 8. The computing system of claim 1 , wherein the first rule is one of a cash out rule, a cash in rule, a sustained cash rule, a behavior outlier rule, a cross-border cash rule, a foreign cash out rule, a high risk countries rule, an external funding rule, a tax refund rule, a card-to-card transfer rule, a watch list rule, or a manual trigger rule. 9. The computing system of claim 1 , wherein the alert comprises information identifying a user associated with a prepaid card that caused the computing system to determine that the behavior is risky. 10. The computing system of claim 1 , wherein the program instructions are further configured to cause the computing system to determine that the behavior is risky in response to a determination that a first regulation is violated. 11. The computing system of claim 1 , wherein the program instructions are further configured to cause the computing system to transmit the alert via one of an email, a push notification, or a text message. 12. The computing system of claim 1 , wherein the alert comprises a URL, and wherein receipt of the alert causes a browser to open on a user device and be redirected to a page associated with the URL. 13. The computing system of claim 3 , wherein the program instructions are further configured to cause the computing system to: receive, from the user, a selection of the button; update the interactive user interface to display a plurality of actions in response to receiving the selection; receive, from the user, a second selection of a first action in the plurality of actions; and generate a report in response to receiving the second selection. 14. The computing system of claim 4 , wherein the program instructions are further configured to cause the computing system to update the clustering process based on actions taken by a user with regard to the generated alerts for each of the items in the subset of the first data or the second data. 15. The computing system of claim 5 , wherein the program instructions are further configured to cause the computing system to: identify, based on an analysis of the first data and the second data, that a first user withdrew no money on a first day, no money on a second day, a first amount of money on a third day, no money on a fourth day, and no money on a fifth day, wherein a withdrawal of the first amount of money causes the computing system to determine that the behavior is risky; and generate the alert such that the alert corresponds with the first day, the second day, and the third day, does not correspond with the second day, the third day, and the fourth day, and does not correspond with the third day, the fourth day, and the fifth day. 16. A computer-implemented method comprising: as implemented by one or more computer systems comprising computer hardware and memory, the one or more computer systems configured with specific executable instructions, selecting a first rule from a plurality of rules, wherein the first rule is associated with a behavior associated with one or more accounts; retrieving a first data set and a second data set, wherein the first data set comprises a first data section, a second data section, and first data corresponding to the first data section or the second data section, and wherein the second data set comprises the first data section, a third data