O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

Risk Product Management - Creating Safe Digital Experiences, Product School 2019

323 visualizações

Publicada em

Sreekant Vijayakumar & I spoke at Product School in Dec 2019 on everything that goes into Risk Management at Digital Enterprises. First part focused on explaining why Risk Management is existential question for organizations today and not cost saving. Second part focuses on educating on the foundations of Risk Management and last part is how a real Risk Management Practice (Product Managers, Data Scientists, Engineers, Operations) is built & run in an organization.

Publicada em: Tecnologia
  • Seja o primeiro a comentar

  • Seja a primeira pessoa a gostar disto

Risk Product Management - Creating Safe Digital Experiences, Product School 2019

  1. 1. www.productschool.com Part-time Product Management Training Courses and Corporate Training
  2. 2. Join 40,000+ Product Managers on Free Resources Discover great job opportunities Job Portal prdct.school/PSJobPortalprdct.school/events-slack
  3. 3. Alumni graduated across 20 campuses Cities all over the world +100 10,000+
  4. 4. CERTIFICATES Your Product Management Certificate Path Product Leadership Certificate™ Full Stack Product Management Certificate™ Product Management Certificate™ 20 HOURS40 HOURS40 HOURS
  5. 5. Corporate Training Level up your team’s Product Management skills
  6. 6. Ram Ravichandran & Sreekant Vijayakumar T O N I G H T ’ S S P E A K E R S
  7. 7. Creating Safe Digital Experience Ramkumar Ravichandran – Data science TLM, Google Shopping Sreekant Vijayakumar – Sr. Product Mgr, Fraud Mitigation & Payments Disclaimer: Participation in this summit is purely on personal basis and is not meant to represent Adobe or Google’s position on this or any other subject and in any form or matter. The talk is based on learning from work across industries and firms. Care has been taken to ensure no proprietary or work related information of any firm is used in any material.
  8. 8. 8 https://images.app.goo.gl/9JWr3HY4gsq5o1uP9
  9. 9. OK! Double clicking on the topic first...Digital? 9 Creating Safe Digital Experience All Digital Assets that are significant portion of User Journey (Product, Platform, Business Model, etc.)
  10. 10. ...Safe? 10 Creating Safe Digital Experience Protect, Resolve, Recover
  11. 11. ...Creating? 11 Creating Safe Digital Experience Products, Tools & Systems, Processes, Ownership Matrix, Culture
  12. 12. ● Why? ● What? ● How? ● Why? Agenda 12
  13. 13. Role of Risk PM is now Strategic & Proactive from predominantly Financial & Reactive earlier... 13 https://www.flaticon.com/free-icon/bank_755195 $bns in Impact, #Ms Customers Impacted, Brand Impact ($bn), Regulatory Fines ($bn) Accelerating further because of digitization Evolving ecosystem complications (touchpoints, form factors, AI driven, Edge AI) Evolving actors & motivations Glocalization: Regulations, Privacy Expectations, Payments https://www.pci.upenn.edu/event-calendar/accelerate-icon/ https://www.sccpre.cat/show/ibboxoi_download-evolution-and-the-social-mind-digital-ecosystem/ https://www.istockphoto.com/illustrations/hacker-logo?sort=best&mediatype=illustration&phrase=hacker%20logo https://apkpure.com/blue-browser/appinventor.ai_sidney_net.BlueBrowser
  14. 14. ● Why? ● What? ● How? Agenda 14 ● What? Personas Threat Types Vectors
  15. 15. Personas: Classifications of Actors 15 Motivation03 ● Financial Motivation (Profit/Arbitrage) ● Malice (Crime, AML, Sabotage) ● Validation (Emotional, Commercial, PR) ● Competitive Intentions ● Strategic Social Engineering Origin of Threat02 ● Internal (Employees, Vendors, Suppliers, Partners) ● External Entities by Size, Sophistication & Scope 01 ● Level 1: Individuals ● Level 2: Organized Enterprises ● Level 3: State Sponsored
  16. 16. Threat Types 16 Cybersecurity Targets Infrastructure, e.g., GitHub ASN attack, Wannacry ransomware Policy Violation e.g., Money Laundering, Scams, Counterfeits, Content Platform/Service Abuse Promotions/Returns Abuse, Platform misuse, e.g., AAirpass, Cambridge Analytica Information Security Critical Customer Data targeted, e.g., 2018 Marriott (500M #), 2017 Equifax (143M#) Monetary Fraud Intentional Defrauding-Stolen Cards, ATO, Non Repayments, e.g., UB Group, 37% Installed Software is pirated 02 01 05 04 03
  17. 17. Attack Vectors 17 Acute Growth Rapid Exploitation of single vulnerability, e.g., stolen credentials Multipoint Exploitation of a connected vulnerability, e.g., Target Hack Opportunistic/ Strategic Stay under-the-radar and wait for right timing, e.g., Sony Hack Signature Spoofing Sophisticated set up that mimics genuine customer behavior Network Co-ordinated exploitation on multiple fronts, e.g., fake accounts Target Switching Migrate attack from stronger systems to weaker systems, e.g, Match.com
  18. 18. Common Delivery Mechanisms (not exhaustive) 18 Common Types Bots Injections Hijacking Spoofing Testing Mimicking ●Pings ●DDos ●Form Fillers ●SQL ●Ads ●Browsers ●Notificatio n ●iFrames ●APIs ●Page Elements ●CTAs ●Credential s ●Ip spoofing ●Device ●2FA ●Credential s ●Card Testing ●APIs ●Network Creators ●Deep Fake Algorithms
  19. 19. ● Why? ● What? ● How?● How? Agenda 19
  20. 20. Ecommerce - Risk Overview (illustrative) Driver Common Risk Types tracked Merchants Significantly Not As Described (SNAD), Item Not Received (INR), Merchant-Buyer Collusion, Merchant-Merchant Collusion, Money Laundering (Fake Sales), Counterfeits, Scams, Competitor Sabotage, Price Undercutting, Redirecting Sales, Cannibalizing Offers, Fake Ads, Non-Compliant Inventory, Settlement Frauds, Delayed/Non-Payment of Dues, PII & PAI Misuse, Subsidy Misuse Affiliates Traffic & Attribution Fraud, Ad Fraud Buyers Buyer Collusion, Returns Abuse/Over Use, Promotions Abuse, Refund Abuse & Fraud, Referral Frauds, Remorse Returns, Improper Chargebacks, Bulk Buyers, Subscription Cancellation (Trial Policy Abuse), Account Sharing, False Rating & Comment Abuse, Resellers, Networks Fraudsters Account Take Over (ATO)- Buyers/Sellers/Partners, Stolen Cards (SC), Negative Balance at Settlement (NBL),Stolen Packages, Spamming, Credential Spoofing Partners Lost/Damaged in Transit, Missing Packages, Bad Delivery, Vulnerable Systems, Operational Issues, Insider Risk
  21. 21. Key Steps in Protection 21 Profile Define and evaluate various customers risk profiles Feedback Ongoing feedback from the false positive/negative analysis Monitor Tracking of customer interactions for risky behaviour Mitigate Measures to segregate and nullify the fraud vector Identify Means to identify various vectors without causing friction Detect and Mitigate Threat
  22. 22. Enterprise Security Layers
  23. 23. Platform Overview
  24. 24. Stakeholders ● Build product roadmap and vision ● Educate stakeholders ● Drive initiatives ● Customer Experience ● Platform Product Management ● Scalable solution design ● Build platform capabilities ● Architects ● Developers Engineering ● Identify and leverage data sources ● Build models to power capabilities ● Monitoring and alerts ● Data Scientist ● Analysts Data Sciences ● Review orders ● Perform ad-hoc analysis ● Drive intelligence ● Investigations ● Reviewers ● Fraud Analysts Operations ● Terms and conditions ● Privacy impact ● Traceability matrix ● Privacy ● Legal ● Compliance ● Audit Enforcement ● Campaign cohorts ● Cohort removal ● Overstatement prevention ● Sales ● Marketing ● Growth ● Finance Business
  25. 25. Product Management in Risk 25 IterateDeliveryRoadmapGoalsVision • Define the long term vision • Communicate to key stakeholders • Buy-in from management • Set up time bound goals • KPIs to measure impact • Bottomline to business • Prioritized Initiatives list • Milestones for each initiative • Timeline for delivery • Trade-offs • Data Driven Optimization • Support, Operations & Distribution • Refine, Revamp or Retire? • ”Learn-Listen-Test” launch • Usage Protocols : Guide & Comply 25
  26. 26. Data Science in Risk Management Typical KPIs Monitoring, Alerts & Analyses Predictive Modeling Investigations Actual Loss Rate (#, $, %), Attempted Rate (%), Prevented Loss Rate* (#, $, %), Successful Contest Rate (%), False Positive Rate, PR AUC, Agent Review Pass Through Rate (%), Abuse Rate (%), Customers Impacted (#), CS Calls (#) & CS Time Spent Key Monitoring Reports & Analyses Readouts, Threshold & Custom Alerts (Segments/Geos/Accounts) Confusion Matrix Measurements & Feedback Loop, Threat Intelligence Reports, Central Repository, Dark Web Monitoring, New Patterns Identification & Quantification Predictive Models, Forecasting, Entity Resolution, Anomaly Detection, Unsupervised Clusters, Graphs Identifications (Network/Paths/Profiling), Survival Modeling
  27. 27. Building a culture of “Security first” ● Drive awareness & importance of risk: Newsletters, Executive Sponsors, Summits, Office Hours, Hackathons, All Hands, Bounty Programs, Blue/Red Targeting, MRC Memberships ● Education: Training Programs for External Facing Teams, Risk Audits for Designs/Flows/Campaigns/Systems/Partners, Annual Certifications for Employees. ● Customer Educations: Educational Content for Customers/Partners/Regulators. Work with Industry bodies (MRC), Auditors & Regulators to drive “Security Consciousness”. ● Business Continuity & Disaster Recovery Protocols: Strategic, Financial & Operational Plans to identify events, investigate & respond “responsibly” to the world outside. ● Reserve a seat on the table for the Policy Team
  28. 28. The parting words... 28
  29. 29. • Holistic AI driven Risk Platform, paired with strong processes & protocols (prevention, incident response & impact mitigation) are vital to succeed. Key takeaways • Risk arena is getting ever more complicated and it takes a strong “culture”, Executive Sponsorship and Cross Functional Ownership to deliver on goals. • Impact of Risk is beyond Financial only - it affects Brand, Trust, Customer Confidence & Regulatory support. But it’s a delicate balance. • Actors, Motivations & Vectors and their mechanisms are always evolving, so you ain’t gonna be bored ever. • Key Players are Product Management, Engineering, Legal/Policy, Data Science & Operations. 29
  30. 30. Thank you! We would love to hear from you... https://twitter.com/decisions_2_0 http://www.slideshare.net/RamkumarRavichandran https://www.youtube.com/channel/UCODSVC0WQws607clv0k8mQA/videos https://www.linkedin.com/pub/ramkumar-ravichandran/10/545/67a RAMKUMAR RAVICHANDRAN SREEKANT VIJAYAKUMAR https://www.linkedin.com/in/sreekantvijayakumar/ 30
  31. 31. UPCOMING EVENTS Thursday, December 5 Everything is Connected: Systems Thinking in PM Wednesday, December 4 Defining Product Success
  32. 32. UPCOMING Product Management Training Courses Tuesdays & Thursdays January 7 - February 27 6:30am - 9:00pm 7 SPOTS LEFT Saturdays December 7 - February 8 9:30am - 3:30pm 3 SPOTS LEFT
  33. 33. www.productschool.com Part-time Product Management Training Courses and Corporate Training