First, the Internet brings business risk control problem
Many ads appear within the Internet community hydrology, electricity supplier marketing activities and gather faced wool, scalping and other issues, trip flights travel platform suffered a lot of malicious reptile, O2O business promotion expenses came to nothing ...... These are the internet scene will encounter various sectors of business challenges .
After the rise of mobile payment, more and more enterprises to increase investment in the Internet business, red envelope back now, coupons, free vouchers and other "wool" More and more, in order to test Lahaina purchase (original NetEase Koala) for example, there are 10 big promotion several times throughout the year, such as: the Spring Festival to promote, promote Lantern big, big promotion 618, 818 big promotion, to promote large double 11, double 12 big promotion, five pro-black, pro-Christmas, New Year's Day big promotion at the end of New Year Festival. Coupled with large and small marketing campaign, drawing new activities, marketing expenses throughout the year up to 10 billion yuan.
In marketing campaign frequency so frequently, preferential such a large background, corporate business will inevitably encounter various non-regular users of the threat: black and gray wool party and production.
Wool Party: ordinary sense of the wool mainly refers to the party concerned and keen to "pull out the wool," the group, are those specially selected Internet company's marketing activities to low-cost or no cost in exchange for high reward people.
Black ash production: wool party's primary role is to "reality", and black ash production is mainly focused on the use of the platform vulnerabilities, or using a variety of black ash production resources, to develop a variety of automated tools, such as mobile phones and cards, proxy IP, group control platform, change machine tools, so as to achieve small investment of resources, fast cash arbitrage purposes. Such party crowd than wool harm is much greater, level of at least one million people engaged in domestic production smudge activities.
Large black and gray wool party and production, coupled with the well-equipped black and gray arms production, general business are difficult to ward off live. So, for businesses, it is prone to the following questions:
-
All kinds of trumpets, the proliferation of spam accounts
-
Hit library attacks, hacking, destroyed numbers, dragging libraries
-
New 10w pull the retention rate of less than 5%
-
One million marketing costs, but can not increase user stickiness
-
Of votes the difference is very poor
-
List occupied various garbage account
-
Robot-kind awards are led away
-
It was second to grab a red envelope
-
Single stock accounted for non-payment
-
Virtual occupying a seat
-
Scalping fried channel
-
……
Second, the traditional means of protection
So ferocious opponents, and for general corporate purposes, what protection does it mean? More common are:
- IP ban
When party general wool, producing white or black to brush entering line activity, generally using the same IP. Its performance is:
-
The same IP, in short, very frequent participation in marketing activities;
-
The same IP, in short, very frequent switching account.
Thus, for such brushes, high frequency operation of the IP banned, is a very obvious means.
- User banned
If a user violates the rules of business, or very frequent participation in marketing activities (for example: 1s time, a total of 50 times operating), or just under monounsaturated turnover (not single transactions accounted for resources, the realization rate is very low), etc., can be banned the user.
- Increased verification code
at registration, login, or evaluation, voting, orders and other scenes, a lot of companies have increased checksum verification code. Verification code is mainly used to distinguish between humans and machines, for ordinary brush, the verification code is very good.
Third, the limitations of traditional means of protection
Universal means of several anti-brush, the more obvious effect on ordinary brush, and for professional black ash production, not only little effect, and may cause other problems:
-
Manslaughter real users, the same company almost use the same exit IP, IP ban if the company exports, the entire people's will not work;
-
Poor user experience: verification code increases user operating costs, and a lot of code in order to deal with crack, intelligibility is very poor, very bad user experience.
Therefore, a better risk control solutions, not only to consider the user experience, while also taking into account the effect, we need to consider many aspects, such as:
-
The best for the user is not aware of;
-
Cheating best recognition device and software through tampered change device;
-
The best machines can recognize some of the acts of cheating, identify and intercept from the behavior of the track;
-
Preferably cheating can identify the IP;
-
It is best to identify cheating phone number, account number.
Fourth, Netease how to do business easy to wind shield is controlled?
Based on the above starting point, easy to shield developed a full link risk control solutions, including three parts: prevention beforehand, something in the detection of the disposal, after analyzing feedback.
Beforehand Prevention: data collection by collecting user-side information to define the threshold of participation by business rules, to confirm the user's identity by means of identity verification, to prevent the occurrence of risk events.
-
事中检测处置:通过实时在线的手段来检测风险,并做相应的风险处置,防止风险事件的发生。
-
事后分析回馈:基于长周期的离线数据分析,计算用户侧、设备侧、IP侧、业务侧的各种风险特征,并作用于事前风控和事中风控。
1.1 事前预防
事前预防主要有三个层面的事项:数据采集、业务规则、身份核验。
a) 数据采集
在业务活动的各个阶段,都需要埋点采集数据,主要有设备指纹、操作行为、网络数据、业务数据、第三方数据等。采集的数据主要用于事中的风险监测和事后的离线分析。
b) 业务规则
在制定营销活动时,必须制定完备的业务规则,必须要有相应的活动门槛和限制,例如:
-
用户群体限制:定义哪些类型的用户能参与活动,指定清晰的分界线。比如:电商大促经常出现的神券,可以限制账户等级>3、年度内购物次数>2才能领取等等。
-
APP版本限制:定义哪些APP版本能参与,比如:拉新活动要求必须使用最新版APP注册才给奖励。
-
参与次数限制:明确定义账户级、设备级、实名信息级能参与活动的上限和参与活动的频率等。
c) 身份核验
身份核验主要是为了确保是用户自己来参与活动,主要手段包括:
-
手机短信校验;
-
验证码校验;
-
密码校验;
-
密保问题校验;
-
本机校验:校验手机号对应的SIM卡是否在当前设备中使用;
-
实名认证,有三种:1)身份证OCR校验;2)身份证OCR、人脸校验;3)身份证OCR、活体检测;
-
个人信息。
1.2 事中检测处置
事中检测主要依赖人机识别、风控引擎、风险处置三个手段。
a) 人机识别
人机识别主要区分是人,还是机器自动化的行为。客户端与后端的数据交互过程中,增加如下的数据保护手段,一旦发现数据有问题,则都是机器行为。
-
数据合法性校验
-
数据加解密
-
数据篡改检测
b) 风控引擎
事中检测的核心工具就是风控引擎,风控引擎主要的工作是识别风险,一般的风控引擎都需要如下几个功能:
-
名单服务:建立黑、白、灰名单;
-
画像服务:建立基于IP、手机号、账户等层级的画像服务;
-
指标计算:一般包括高频类统计、求和、计数、求平均值、求最大值、求最小值等等;
-
风控模型:基于采集到的数据,建立风控模型,比如:设备模型、行为模型、业务模型等;
-
规则引擎:最终的风控数据进入规则引擎,由规则引擎判断是否存在风险。风控运营需基于业务建立各种风控规则,以识别风险。
c) 风险处置
识别到风险之后,需要对风控进行处置,处置手段一般有:
-
二次校验:比如,正常用户无需二次校验,有风险的用户需再次校验手机短信等;
-
拦截:拒绝当前业务操作;
-
降低奖励:比如,正常用户的奖励金是1元,风险用户奖励金是0.01元;
-
拉黑:直接进黑名单;
-
名单监控:进灰名单监控;
-
风险审核:进入人工审核,比如:电商场景的订单业务,一般嫌疑类风险订单,都会安排人工审核。
1.3 事后分析回馈
事后主要是做离线分析,分析结果可作用于事中实时检测和事前预防。对于T+N的业务(比如:拉新奖励金提现),离线分析之后,若识别出风险,也可以做拦截(拒绝此次提现)。
离线分析主要有几个方面:
-
离线指标:基于长周期、大数据的离线指标计算;
-
关联分析:基于前后关联业务、关联数据做关联分析,识别风险用户、风险操作;
-
复杂网络:基于用户数据、设备数据、网络数据、业务数据,建立复杂关系网络,基于数据与数据之间的关系,来识别风险;
-
模型训练:基于机器学习、深度学习技术来构建业务模型、设备模型、行为模型,或文本类模型(异常地址检测、异常昵称检测)等;
-
名单库:通过离线分析,积累、沉淀各种名单库;
-
数据画像:基于离线分析,对账户、IP、设备、手机号等构建数据画像。
1.4 全链路布控
全链路风控解决方案另一个非常重要的过程是:全链路布控。若只是构建了全链路风控模型(工具),未做全链路部署,那也是大材小用。
全链路布控主要要做到:
-
多业务布防:在业务的各个环节都需布控防刷手段,一般的营销活动都需先注册、登录,再参与营销活动。所以,可以在注册、登录、营销活动各个环境都布控风控检测。
-
联防联控:前置业务为后置业务产出事前特征,避免后置业务风控检测冷启动;后置业务为前置业务提供事后特征,比如:准实时、中长周期的风险特征。
五、结束语
Black and gray wool production and the party is a group of very active groups, they like as long as the influx of locusts profitable (profit, drainage, etc.), to bring great economic losses.
But such a powerful black ash production, is not perfect, their motives are pure, namely: profit. As long as the input-output ratio is not high, they will not "fighting", will be moved to other input-output ratio higher platform.
Therefore, the main purpose of risk control is to improve the anti-brush brush cost, of course, many of them against the various strategies. By building full link risk control programs and mechanisms to solve the multi-service joint prevention and control, will be able to gradually increase the cost of the brush, brush eventually "discouraged."