A data attack detection system that includes a record host and an orchestration host. The record host stores account information for card holders. The orchestration host includes a switch interface configured to receive transaction information for a card from a network. The orchestration host further includes a velocity trap engine that stores received transaction information for the card in a cardholder file. The velocity trap engine creates entries in a velocity transaction timestamp record for the card when the number of transactions for the card in the cardholder record within a first predetermined time interval exceeds a first activity level threshold. The velocity trap engine discontinues a transaction flow between the orchestration host and the record host for the card when the number of transactions for the card in the velocity transaction timestamp record within a second predetermined time interval exceeds a second activity level threshold.