Often hear people around the word “risk control”, only know that this is a mysterious department, but they do not know anything, only know that this risk control department is very important to the company, any activities and information are best reported to the risk control department to assess the risk, especially when it comes to money.

What exactly is risk control? Why do you need risk control? What exactly is risk control doing? This article will explain to you.

Risk control, or Risk Control, is defined as follows

Risk control refers to the risk manager taking various measures and methods to eliminate or reduce the possibility of risk events, or to reduce the losses caused by risk events. The four basic methods of risk control are: risk avoidance, loss control, risk transfer, and risk retention

Does the above information have a feeling that I seem to understand but do not fully understand, I will combine the actual cases to break down and explain. To give a chestnut, suppose you are working on a fairly large online trading e-commerce platform, the company boss announced: We also have to engage in a “double eleven” festival like Daddy Ma to increase sales and increase profits, why let him earn money alone, we also want to create momentum! After the boss of the operation department got the requirements of the boss, he knew that he was alive and immediately prepared to engage in various forms of marketing activities. Throw money! No money, no customers, use big discounts and big discounts to create momentum! Attract users to come over, reluctant children can not set wolves! At this time, the boss of risk control also got the requirements of the boss, and knew that the boss of the operation wanted to do things, and quickly organized a department meeting to discuss the activity plan

The Ministry of Industry and Transportation wants to come to an event: we have money, the day of the event festival, come to send cash! One person 3 yuan, no threshold, and can be directly withdrawn, arrogant! The risk control department immediately replied: No, you can not be on this activity (risk avoidance), know how big the risk is, no threshold and come to send, in case the black production hand raises a batch of numbers, come up to give you baldness, and they are very fast, you can directly use the machine to replace the labor, and so the real user comes in, nothing, a chicken feather, can not be on!

The product is also a thought, although the boss has allocated money, but good steel can not be used on the knife handle! In case the money is gone, the platform is not finished, I will not finish the calf. Activity upgrade: first create momentum, the holiday day 3 yuan cash only in the 9:00 ~ 12:00 period, and only to the top 1w customers brainless send (loss control), so that even if it is shorn, the amount of activity on the line is 300,000 pieces, we also have little loss, after all, earned a wave of popularity.

Product department a jittery clever: we can join hands with major manufacturers to do activities, in my payment of 10 yuan, you can exchange for a certain platform annual card membership card (risk transfer), now so many Internet platforms need to pull new, we have a large traffic, they must cooperate, and they should also have risk control, there will be no problem. Even if not, we don’t have much to lose, a win-win situation.

The above examples are more extreme, mainly to let readers and friends have a general understanding of what risk control is. Vernacular summary: risk control is to save money for the company, to avoid the company’s economic losses. The daily work is mainly to find and find the loopholes in the company’s business activities, and if these vulnerabilities are not repaired in time, it may bring significant economic losses and image impact to the company.

As above, you have a general understanding of what is risk control, risk control is undoubtedly important for enterprises, but not all enterprises need risk control, at present we have heard that the most hired risk control companies are either the financial industry, or the Internet industry, in the final analysis, it is also related to money.

For example: if the business is a moving car, then risk control is seat belts and airbags. Car accidents can happen at any time, but at the moment of occurrence, the seat belt can most likely ensure your safety and even save your life. Risk control is not to eliminate risks, but to fight against risks, avoid risks, or minimize losses. Risk control and enterprise business scenarios are frictional, and sometimes for safety, you have to make certain business compromises, just like seat belts can save lives at critical moments, but you sacrifice comfort: as long as you get on the car, you have to wear it.

Let’s take practical, real cases to illustrate why risk control is needed:

There are major loopholes in the marketing promotion of a multi-hundred-yuan general coupon, whether new or old users, you can get 100 yuan without threshold coupons, pay attention to the collection, not rush to buy. Some netizens recharged 540,000 Q coins and 640,000 phone bills through the code platform. There are black and gray production gangs that take tens of millions of yuan of platform coupons through an expired coupon loophole to make improper profits.

With the advent of the traffic era, more and more Internet companies stand on the wind and rise with the wind, competition is becoming more and more fierce, and various companies have to develop various marketing activities to stimulate users’ stickiness to the platform in order to improve GMV. At this time, the black industry waits for the opportunity to cut into the loopholes in the gameplay of the activity and make huge profits, resulting in heavy losses for enterprises.

A head Internet small loan platform was defrauded by black industry with an amount of up to tens of millions of yuan. Black industry through the industrial chain tools including but not limited to: equipment multi-open, broiler, access code platform, address book maintenance number and other means. Successfully cheated through the various activity restriction checkpoints set by the platform, deleted the number immediately after the loan, and the company could not chase it.

The rise of Internet finance, that is, the small loan industry as we know it. Regardless of whether it is good or bad for society, the black industry is aimed at him to be lighter than the bank financial audit, “people’s information” to take fewer points, with technology to break through the threshold set by the enterprise, and successfully take away the company’s funds.

A short video platform anchor likes and forwards a new high, but they are all zombie fans A treasure store single volume of transactions and turnover reached a new high in one month.

The Internet has spawned a number of “brush” industries, they are mercenary, seize the platform’s exposure mechanism based on whether users like (see more, buy more), and crazy to create a “hit”. This seriously undermines competition agreements and is very unfair to those who certify their business and create seriously.

Risk control plays the role of “police” in the enterprise, it will not eliminate the risk, there is no way to eliminate it, but when the risk comes, it can identify the risk, and according to the level of punishment, from light to heavy constraints to destroy the enterprise norms, so that the enterprise can go better and go further.

The black industry group organizes the division of labor and is good at disguise. There are full-time or part-time black industry practitioners, and in the part-time population, there are people from all walks of life, which is difficult to identify. At the same time, the technical update of the black industry group is iterated rapidly, and multiple versions of cheating tools can be cracked and updated in a short period of time to the manufacturer’s protective means. According to incomplete statistics, in this huge black industry chain, the number of black industry employees has reached more than 10,000 people, and the economic losses caused to Internet companies every year exceed 10 billion yuan.

To put it bluntly, in order to make quick money, these people will stop at nothing to break through traditional means of defense through new technologies. Common weapons used in black industry are: virtual numbers, proxy IPs, equipment counterfeiting, and so on. Each tool corresponds to an attack scenario.

In the process of fighting against the black industry, we have summarized a lot of experience and lessons, covering the whole process of business play, engaging in before, during and after prevention and control, and the risk control system of the whole life cycle of the business. The arsenal of risk control includes: device fingerprints, biological probes (UBTs), intelligent verification codes and so on.

Before, a colleague from another department asked me: How did you get into the industry? Think about it carefully, this is the question that applies to all industries as well, how did you get into finance? Doctor? Blockchain? Teacher? I thought about it carefully, and I was completely interested in entering the business of risk control. But this premise is that I am exposed to the field of risk control. The company I just worked in is engaged in finance, at that time I was a back-end developer, you can understand that it is to do product research and development, then this process must be dealt with the risk control department, for the company’s non-risk control department people, the label for their gang is: “the most cattle * team!” It’s full of cattle people! “The company’s loan overdue rate, bad debt rate can be kept so low is dependent on the risk control team”, “I don’t know what they are doing, very mysterious”… In the process of work docking, we also gradually know how to play risk control, such as online an activity, risk control requirements in participating in activities, sharing activities, receiving rewards, reward issuance to set up a pre-card point, all information is adjusted once the risk control platform interface, there is risk control to determine whether the current user can participate in the activity. However, we can only see its type, and I can’t explain it: on what basis does it determine that this list cannot be passed and needs to be rejected?

In the spirit of improving ourselves and not accepting defeat, we also want to become the most awesome people, I will take the initiative to greet the docking of risk control research and development, ask about the incomprehensible place, over time, but also roughly understand the concept, in the next job hopping, I marked in the resume that there is risk control experience, and invested in the recruitment of risk control positions of the company, fortunately met the willing to give training and learning opportunities to the company, since then really into the field of risk control.

Risk control relative to teachers, doctors, java back-end this is a niche industry, in the case of you do not understand or have not heard of it at all, you have no concept at all, and you can not talk about entry at all. If you want to become a risk controller after understanding, here are some suggestions for me:

This is effective for any industry, as early as possible refers to the fresh graduates ~ work within 3, at this time the enterprise in the recruitment of people think that you are still “white”, is plastic, at this time if you are interested in risk control, you can directly to the company of interest in the resume, at this time although there is no experience, but the enterprise is in the reserve of talent, the department is cultivating “backup”, the success rate is very high.

Many colleagues are in the company to understand the profession of risk control, and there is really a small poke people really turned over, which is more advantageous than social recruitment, at least you enter the company when the assessment is passed, in line with the company’s talent labeling. The only requirement is that your current TL is willing to put and the risk control TL is willing to receive.

The company where the risk control is located must have a certain market scale, often said that the large number of companies will consider access to risk control, small companies generally can not afford to raise a risk control team, one is no user scale, not so much money, black production can not see, the second is that the cost of risk control research and development is indeed not a small company can resist, the cost will exceed a lot.

As an Internet security practitioner, looking back on the road traveled in recent years, the technological development and scale expansion of the black industry have brought us a lot of pressure, and at the same time, we have greater motivation to build a more effective security defense product system. The black industry is also a person, they will also progress, so the challenge of risk control is very large, and you are welcome to join the field of risk control and create a peaceful Internet industry.

As a risk control research and development, I will share the architecture and technical details of risk control in the follow-up from 0 to 1, and like to welcome the subscription, the first time to receive article updates.

[1] Think Tank, Encyclopedia: https://wiki.mbalib.com/wiki/%E9%A3%8E%E9%99%A9%E6%8E%A7%E5%88%B6