Of course, the times keep pace with the times, and some new ideas may have gone beyond my cognition. Criticism and correction are also welcome.
1, data warning
When there are obvious fluctuations in business data, whether it is in a good direction or a bad direction, an early warning should be given immediately. What is the fluctuation range? For a huge Internet platform, a year-on-year change of more than 5% is probably an early warning threshold, but for many small entrepreneurial teams, it may change frequently and the threshold can be set higher.
Let me make a hypothesis. If you are a WeChat product manager, you find that the browsing and forwarding of friends circle has increased by 5% today without product upgrades and hot news. Do you think this is natural growth? Most of you will secretly scold, mom, what fission routine is out of control.
Come on, think about the question, why does WeChat spare no effort to kill all kinds of fission operations? Isn't fission good data? This is a typical cognitive problem of risk control. Renren used to think it was good data, so it died.
Data early warning does not mean that there must be a problem, but it needs to be quickly identified and judged. Correctly understanding the causes of data changes and quickly confirming them are problems that need to be dealt with by risk control.
Data early warning is not only the early warning of total information, such as the sudden surge of data of a certain feature, but also needs attention and confirmation. For example, the traffic in a certain area suddenly surges, or the traffic in a certain device suddenly surges, which is likely to come from a certain machine pool.
As for how to analyze data anomalies, as mentioned earlier, comparison, subdivision and traceability can solve most data anomaly location problems.
2. Risk control processing engine
The processing engine is used to clean, filter and block data.
The processing strategies of the processing engine include real-time processing and backtracking processing.
Real-time processing is to judge the current operation and behavior, and mark, filter or shield it in real time.
Retrospective processing is to analyze historical data and make reasonable judgment and processing, such as cleaning up data or common cutting instructions.
Marking means that if the system suspects that there is something wrong with this data, it will mark it first and then check it manually.
Filtering means that this data system is considered invalid and will not be recorded, but users can still operate and interact effectively.
Blocking means that this behavior is considered invalid and user interaction is blocked.
3. Rule configuration
The disposal engine is usually based on rules, so the configuration of rules is a typical system.
A typical example is the blacklist, such as what conditions are blocked, what conditions are cleared, and what conditions are marked.
There are two common rules here, one is to block a single message based on clear rules, such as the ip in the blacklist is not allowed to access. The other is cleaning based on some statistical rules, such as repeated clicks from the same ip block will not be recorded after exceeding the threshold.
4. Machine learning
In the ancient Internet, the rules came from the summary of historical experience and lessons. Advanced risk control based on log analysis and past attack records sets rules one by one to prevent fraudulent clicks or other unjust enrichment.
But it's different now. Machine learning has gradually replaced manual work, automatically sorting out rules according to some bad records, even beyond human common sense.
And these rules can be done and can't be said in many cases. For example, a cash loan platform, based on historical bad debt records, machine learning summarizes a rule, what are the top digits of the ID number, and the bad debt rate is obviously high, then this rule is written into the risk control rule base.
So do you think there was manslaughter? The overall efficiency that the machine cares about, for example, the overall bad debt rate is 2%, and the bad debt rate that meets this rule is 10%, 10%, which has caused serious losses to the platform. Therefore, the platform is willing to join this rule, although it will kill 90% of qualified good people by mistake.
Why can't you say it? Tell me what it is, geographical discrimination. What makes you say that people in this area are bad people? After all, you killed 90% of the good people by mistake, didn't you? But it is made by machine learning, so you can do it, but you can't say it.
5. Intelligence system
The responsible personnel and core personnel of risk control should join some internal communities in the security industry, participate in some exchange activities in the security industry, and even need to go deep into various wool party groups and various black and gray communities to understand some circulating attack means and attack resources. As I said before, a company's information security depends on technology for three points and contacts for seven points. I still want to repeat this point today, really.
Some people think that I am capable, high-level, and don't mix circles. The industry of information security and risk control is deep. Maybe your platform has been played by some opponents for a long time, and everyone in the circle knows it, but you don't know it. This kind of thing is actually quite common. In the early years, empty fox entrepreneurs claimed to be bullied by investors. The data was discovered by the wool party because of a stupid subsidy strategy to cash in credit cards. Various communities are communicating, and entrepreneurs themselves don't know it, and they still feel that their business data is quite good.
6. Business impact assessment
Risk control is not as strict as possible, because too strict risk control will kill the business. Today, we said that the wool party in the business travel industry still has many ways to play and play. Don't those business giants know? Why don't airlines and hotel groups kill all kinds of wool games for mileage points? If the water is clean, there will be no fish, so that members always feel that they can make money cheaply, which is also a way to keep users growing.
Therefore, after the introduction of various risk control strategies, it is still necessary to continuously evaluate and reflect on the data. Are some strategies not so serious, and the manslaughter rate is a bit too high, which interferes with the behavior of normal users? There may be stricter strategies in a special stage, so after this stage, can the relevant strategies be weakened or even cancelled?
In fact, there are two indicators of risk control. The first is whether the cleaning and blocking rate of bad behavior is really effective, so that those interference and noise will no longer affect the judgment of business and decision makers. The second is the interference rate to normal business. Risk control cannot be completely accurate, and any strategy may interfere with normal user behavior and normal business data. So can this influence be controlled in a small enough range? This requires constant reflection and analysis. Don't be chased and scolded by the person in charge of the business, only to think that there may be problems here.
Generally speaking, there are still many actual details, so I dare not go into them. As soon as they unfolded, my ignorance was exposed.