"Turn" third-party payment wind control system

Third-party e-payment is a high-risk industry, which means that third-party e-payment companies must be accompanied by a variety of uncertainties. From the point of view of risk benefit, the value of third-party electronic payment company is not to eliminate the uncertainty, eliminate the risk, but it can control and manage the risk on the basis of more in-depth understanding of the risk, allocate the risk to the subject that willing and can take the risk, and make it gain. The objective of the risk control system is to realize the automation of fraud risk warning through the monitoring of various business units, channels and product lines and related personnel through real-time analysis of operational business transactions, in-process and post-mortem analysis, tracking and processing methods. by monitoring transactions, it is possible to identify high-risk transactions to detect the likelihood of fraud early, and to take various precautions in a timely manner, thereby reducing the losses caused by the transaction.

A new product needs to focus on business risk control. Technical solutions for the overall risk control system. Although this scheme can meet the business requirements, but for the analysis of massive transaction data, real-time processing of risk events, a large number of risk rule processing, in real-time, performance, architecture, scalability is not ideal, it is necessary to rethink the implementation of the architecture.

Generally, the software architecture of the risk control system standard is as follows:

1, wind control system implementation of several schemes

1), database program: The risk rules, transaction data, etc. are used in relational database storage. Just as the consideration of the construction of the payment system's wind control system, the transaction database and the risk bank are usually deployed on different servers, and the database triggers and Message queue events can be used in the event triggering. The technology of this scheme is relatively simple, but the query performance and expansibility of database system become a bottleneck in the process of large-scale transaction data query and a lot of risk rule processing. It is difficult to meet the requirements of real-time analysis of risk events.

2), Memory Database scheme: Because of the huge transaction data query, analysis consumes the database resource extremely, may use the memory database scheme to replace the relational database, guarantees the risk event real-time processing performance. But currently open source memory data in Voltdb, H2, MonetDB, Fastdb, Berkeley DB, SQLite in large-scale business applications of the maturity of the application is yet to be examined, and Oracle TimesTen, McObject eXtremeDB, Altibase Price is too high.

3), distributed cache scheme: using memcached and other NoSQL distributed cache to cache transaction data, risk rules, but because the NoSQL solution is not good at the relational logic processing of data, it needs to maintain the business processing logic in the program, which is far less convenient than relational database or memory database scheme.

The above scheme can be used to manage and maintain the risk rules through the rule engine (for example, drools), avoid the tedious and complex relationship between rules maintenance.

Complex Event processing (complex event processing) is a new technology based on events flow, which regards system data as different types of events, through analyzing the relationship between events, establishing different sequence database of event relation, using filtering, association, aggregation and other techniques, The result is a simple event that generates an advanced event or business process. CEP is suitable for scenarios including real-time risk management, real-time transaction analysis, network fraud, cyber attacks, market trend analysis, and so on.

Several major features of CEP:

Based on data flow

Time series

Realtime

Complex

Consideration on the construction of the system of payment systems ' wind control

I. Management framework

third-party e-payment risk management solutions consist of risk strategy, organizational structure and management process. among them, the risk strategy is the basis of the design of business system and operation mechanism of fraud risk management, the organization structure establishes the risk management operation mechanism and the corresponding organization management mode, clarifies the related department, the personnel, the key position division of labor and the responsibility; the management process is a complete process of risk management involved in all aspects.

Various risk management mechanisms and systems need to be achieved through a unified management platform. the unified fraud risk management platform includes monitoring module, analysis module and case Management module. the key technology of building the risk management platform is to establish the integrated risk data platform with the reasonable standard data model, and to implement effective business operation monitoring for internal procedures, personnel and external events.

the unified risk control system consists of three modules: the monitoring module, the Analysis module and the case management module. the Monitoring module monitors the operation of the payment platform, sends suspicious behavior information and related information to the Analysis module for analysis and confirmation, alerts when abnormal behavior is detected, and sends alarm and alarm related information to the Analysis module and the case management module. The analysis module can integrate various data sources, analyze various historical data, define typical behavior characteristics through data mining modeling, establish behavior pattern, scene, and develop fraud risk monitoring rules. The case management module eventually feeds the data from the case processing to the monitoring module, thereby enhancing the monitoring module's ability to monitor and identify risks.

1. Monitoring module

Transaction monitoring system to deal with the transaction in a timely manner, in the shortest possible time to identify the risk of transactions, accurate reporting of high-risk transactions such as fraud, in the first time to provide detailed information to assist staff in identifying and processing suspicious transactions. In order to ensure this efficiency, the transaction monitoring system needs to use quasi-real-time, distributed mode for transaction processing. In the deployment of trading monitoring system and trading system should support distributed deployment, deployment on different host systems, the system through the reliable message middleware for information transmission, reduce the coupling between the system, to ensure the high performance of the trading system, but also through the front-mounted mode to reduce the transaction system to the information processing load.

The trading system receives the transaction information of the host and sends it to the transaction monitoring system in a timely manner, while the receiving end of the trading monitoring system should also deal with the analysis and examination information sent to the transaction monitoring system in time. When a transaction enters the trading system, the system will process according to the business rules, and the system will return a result code (approve or reject) to the transaction after completion. After the entire transaction process is complete, the host passes the transaction information to the pre-system.

After the transaction system receives the online transaction, the transaction information is transmitted to the transaction monitoring system through the message queue, and the transaction situation analysis and alarm processing are carried out within the transaction monitoring system. Trading system In addition to the transaction monitoring system to transmit transaction information, but also to provide customers basic information such as status and other information. The transaction monitoring system will receive the transaction information sent by the trading system host from the JMS message queue of the predecessor system. The above transaction information will be composed of the interface program on the platform of the predecessor system and the information of account, card, etc., and then form an XML message, which is transmitted through the JMS message queue to the Transaction Monitoring System interface program running on the platform of the trading system, and then fed into the transaction monitoring system via the JMS queue after the monitoring System interface processing. In order to ensure the synchronization of the information between the transaction monitoring system and the trading system, the replication mechanism of the database can be used to ensure the real-time synchronization of the data, and the program or stored procedure can be used to synchronize the core data in real time (such as the change of customer data) and synchronize the other data periodically.

2. Analysis Module

The analysis module uses the business intelligence technology to build risk analysis engine of risk control system, using business intelligence technology can fast storage and extraction of massive data, based on data analysis, manipulation, modeling, stable reporting ability, multi-user support ability, combined with effective information rights control, risk warning model, risk forecast, Information integration and so on, can effectively carry out the risk management of electronic payment system.

The role of business intelligence in risk control:

A. Data preparation: Data preparation is mainly from the source data, the extraction of effective indicator data, budget data, transaction summary data, and conversion to the overall data warehouse or risk Management data mart, the essence is to achieve from the operational data source to analytical data transformation.

B. Analytical template definition: The classification of various analytical content, while identifying the risk management aspects of the various data theme template definition, including risk rating, risk analysis, risk prediction of several template definitions, provided to the risk analysis content to call.

C. Risk analysis: There are a number of risk analysis measurement models, such as the basic Index method, standardization method, internal measurement method, loss distribution method, extreme value theory model, can be established according to banking business needs. This stage mainly uses these models to analyze the risk, determine the data dimension, fact table, measurement and other information, according to the dimensions to analyze the various indicators and forecast information.

D. Automated analysis: Leverage the functionality provided by business intelligence software and, based on the defined risk analysis content, automate the optimization analysis from the system to the Data warehouse system to load and drill these risk content.

E. Quantitative and qualitative Analysis report: Generate a variety of quantitative and qualitative analysis metrics reports based on automated analysis of the system

"Turn" third-party payment wind control system