introduction
I often hear the word "risk control" being used by people around me. I only know that this is a mysterious department, but I don't know much about what they do. I only know that this risk control department is very important to the company. It is best to report any activities and information to the risk control department to assess risks, especially when it comes to money.
What exactly is wind control? Why do you need risk control? What the hell is wind control doing? This article will explain to you.
What is risk control
Risk control, that is, risk control (Risk Control), think tank Wikipedia is defined as follows
Risk control means that risk managers take various measures and methods to eliminate or reduce the various possibilities of risk events, or reduce the losses caused by risk events.
The four basic methods of risk control are: risk avoidance, loss control, risk transfer, risk retention
Is there a feeling that I seem to understand the above information but I don’t understand it all? I will split it up and explain it based on actual cases.
To give an example, suppose you work for a relatively large online trading e-commerce platform, and the boss of the company announces: We also have to organize a "Double Eleven" festival like Papa Ma's to increase sales and increase profits. Why should he earn the money alone?
The boss of the operation department, Get, knew that he was coming to work after receiving the boss's request, and immediately prepared to carry out various marketing activities in various forms. How to do it? Throw money! No money and no customers, use big discounts to create momentum! Attracting users to come over, I don't want children to be caught by wolves!
At this time, the boss of the risk control also got the boss's request, and knew that the boss of the operation was going to make trouble, so he hurriedly organized a departmental meeting to discuss the activity plan
risk aversion
The Ministry of Production and Transportation wants to hold an event: We have money, on the day of the event, we will give you cash when you come! 3 yuan per person, no threshold, and can be withdrawn directly, arrogant!
The risk control department immediately replied: No, you can’t participate in this activity ( risk avoidance ). Do you know how big the risk is? There is no threshold and you can send it as soon as you come.
damage control
Thinking about the product is also true. Although the boss allocated money, good steel cannot be used on the handle of the knife! In case the money is stolen and the platform has nothing to complete the order, I will not be able to complete the calf. Event upgrade: first build momentum, the 3 yuan cash gift on the day of the festival is only between 9:00 and 12:00, and it is only given to the top 10,000 customers without thinking (loss control), so even if it is squeezed out, the event amount will be 300,000 yuan when it goes online, and we will not lose much. After all, we have earned a wave of popularity .
risk transfer
The product department is clever: We can cooperate with major manufacturers to do activities. After I pay 10 yuan, I can exchange for a certain platform’s annual membership card (risk transfer). Nowadays, so many Internet platforms need to attract new users. We have a lot of traffic. They must cooperate, and they should also have risk control, so there will be no problems. Even if not, our loss is not big, win-win.
The above examples are rather extreme, mainly to let readers and friends have a general understanding of what risk control is.
Vernacular summary: Risk control is to save money for the company and avoid greater economic losses for the company. The daily work is mainly to find and discover loopholes in the company's business activities, and if these loopholes are not repaired in time, it may bring significant economic losses and image impact to the company.
Why do you need risk control
As above, you have a general understanding of what risk control is. There is no doubt that risk control is important to enterprises, but not all companies need risk control. At present, the companies we hear most employ risk control practitioners are either in the financial industry or the Internet industry. In the final analysis, it is also related to money.
To use an analogy: if the enterprise is a moving car, then the risk control is the seat belt and airbag. A car accident can happen at any time, but the moment it happens, the seat belt has a high probability of ensuring your safety and even saving your life. **Risk control is not to eliminate risks, but to fight against risks, avoid risks, or minimize losses. **There is friction between risk control and the business scenario of the enterprise. Sometimes for the sake of safety, certain business compromises have to be made, just like seat belts can save lives at critical moments, but you sacrifice comfort: you have to wear them as long as you get in the car.
We cite practical and real cases to illustrate why risk control is needed:
Case 1: Pulling wool
There is a major loophole in the marketing and promotion of some Duodu 100-yuan general coupons. Both new and old users can receive 100 yuan no-threshold coupons. Note that it is for collection, not for snap-up. Some netizens recharged 540,000 Q coins and 640,000 phone bills through the QA platform. Some black and gray production gangs obtained tens of millions of yuan in platform coupons through an expired coupon loophole to make illegal profits.
With the advent of the data traffic era, more and more Internet companies stand on the wind and follow the wind, and the competition is becoming more and more fierce. In order to "grab people", various companies have to develop various marketing activities to stimulate users' stickiness to the platform in order to increase GMV. At this time, the black industry waited for an opportunity to cut into the loopholes in the game's gameplay and reap huge profits, resulting in heavy losses for the company.
Case 2: Financial Fraudulent Loan
A leading Internet micro-credit platform was defrauded of tens of millions of yuan. The industrial chain tools used by illegal production include but are not limited to: multi-device, broiler, code access platform, address book maintenance and other means. Successfully defrauded various activity restriction levels set by the platform, deleted the account immediately after the loan, and the company had no way to chase after it.
The rise of Internet finance is the small loan industry we are familiar with. Regardless of whether it is good or bad for the society, black production is aimed at the point that it is lighter than bank financial audits, and "people's information" is less. It uses technology to break through the threshold set by enterprises and successfully steals away the funds of enterprises.
Case 3: Navy
The number of likes and reposts of a short video platform anchor hit a new high, but they were all zombie fans
.
The Internet has spawned a number of "brush" industries. They are mercenary, seize the platform's exposure mechanism based on whether users like it (see more, buy more), and create "explosive models" crazily. This seriously breaks the competition agreement and is very unfair to those who are certified to operate and seriously create.
Risk control plays the role of a "policeman" in the enterprise. It will not eliminate risks, and there is no way to eliminate them. However, when risks come, they can identify risks and restrain users who violate enterprise norms from light to severe according to the punishment level, so that enterprises can go further and better.
Risk control and black production
Insight into black production
The black production group has a detailed division of labor and is good at disguising. Black industry practitioners have full-time or part-time jobs. Among the part-time people, there are people from all walks of life, which is difficult to identify. At the same time, the technology update of the black industry group is iteratively fast, and it can crack and update multiple versions of cheating tools in a short period of time to the manufacturer's protection methods. According to incomplete statistics, in this huge black industry chain, there are more than hundreds of thousands of black industry employees, and the annual economic losses to Internet companies exceed 10 billion yuan.
To put it bluntly, in order to make quick money, these people use all means to break through the traditional defense methods through new technologies, which is always beneficial. Commonly used weapons in the black industry include: virtual numbers, proxy IPs, device forgery, and so on. Each tool corresponds to an attack scenario.
Insight into risk control
In the process of fighting black industry, we have summed up a lot of experience and lessons, covering the whole process of business gameplay, prevention and control before, during and after the event, and a risk control system for the whole life cycle of the business.
The arsenal of risk control includes: device fingerprints, biological probes (UBT), smart verification codes, etc.
how did i get into the business
A colleague from another department asked me before: How did you get into the industry? Think about it carefully, this question applies equally to all industries, how did you get into finance? doctor? Blockchain? teacher?
I thought about it carefully, and I entered the risk control industry out of interest. But this premise is that I have come into contact with the field of risk control. The company I just worked in was engaged in finance. At that time, I was a back-end developer. You can understand that I was doing product research and development. Then this process must have to deal with the risk control department. Gradually understand how risk control works. For example, when an event is launched, risk control requires that pre-set card points be set for participating in activities, sharing activities, receiving rewards , and reward distribution . But I can only see its shape, but I can't understand it: Why do you judge that this order cannot be passed and needs to be rejected?
In the spirit of improving myself and not admitting defeat, I also want to be the best person, so I will take the initiative to say hello to the risk control research and development team that I am connected to, and ask about what I don’t understand.
Some advice for those who want to enter the industry as a preliminary risk controller
Compared with teachers, doctors, and java back-end industries, risk control is a niche industry. If you don’t understand or have never heard of it, you have no concept at all, so you can’t even talk about getting a job.
If you want to become a risk controller after you understand it, here are some of my suggestions:
get in early
This is valid for any industry, as early as possible, it refers to fresh graduates within 3 years of work. At this time, when companies recruit people, they think you are still "white" and plastic. At this time, if you are interested in risk control, you can directly send your resume to the interested company. Although you have no experience at this time, the company is reserving talents, and the department is cultivating "backups", and the success rate is very high.
Transfer across departments
Many colleagues learned about the profession of risk control within the company, and a small number of people really transferred. This is more advantageous than social recruitment. At least you have passed the assessment when you entered the company, which is in line with the company's talent label. The only requirement is that your current TL is willing to release and the risk-controlled TL is willing to accept.
The company where the risk control is located must have a certain market size. It is often said that medium and large-scale companies will consider access to risk control. Small companies generally cannot afford a risk control team. First, there is no user scale and not so much money, and black products are not looked down on.
Summarize
As Internet security practitioners, looking back on the road we have traveled in the past few years, the technological development and scale expansion of the black industry have brought us a lot of pressure, and at the same time, it has given us greater motivation to build a more effective security defense product system. Black people are also people, and they will also make progress, so the challenges facing risk control are very great. We also welcome everyone to join the field of risk control to create a peaceful Internet industry.
As a research and development of risk control, I will share the structure and technical details of risk control from 0 to 1 in the follow-up. If you like it, please pay attention to subscribe and receive the article update as soon as possible.
