Embodiments are disclosed for detecting and responding to potentially fraudulent transactions and other network access events via a system comprising a three-tiered network architecture. An example system comprises one or more user equipment devices configured with a thin client application (a first tier). The one or more user equipment devices are capable of communicating with a respective local authority controller and a local knowledge base (the second tier). The one or more local authority controllers and local knowledge bases are configured to interact with a master authority controller and master knowledge base (the third tier) to enable the efficient assessment of potentially localized fraudulent network activity and the passing of network access rule sets amongst the devices in each tier. Corresponding apparatuses and methods are also provided.