O SlideShare utiliza cookies para otimizar a funcionalidade e o desempenho do site, assim como para apresentar publicidade mais relevante aos nossos usuários. Se você continuar a navegar o site, você aceita o uso de cookies. Leia nosso Contrato do Usuário e nossa Política de Privacidade.
O SlideShare utiliza cookies para otimizar a funcionalidade e o desempenho do site, assim como para apresentar publicidade mais relevante aos nossos usuários. Se você continuar a utilizar o site, você aceita o uso de cookies. Leia nossa Política de Privacidade e nosso Contrato do Usuário para obter mais detalhes.
Sreekant Vijayakumar & I spoke at Product School in Dec 2019 on everything that goes into Risk Management at Digital Enterprises. First part focused on explaining why Risk Management is existential question for organizations today and not cost saving. Second part focuses on educating on the foundations of Risk Management and last part is how a real Risk Management Practice (Product Managers, Data Scientists, Engineers, Operations) is built & run in an organization.
Level up your team’s Product
T O N I G H T ’ S S P E A K E R S
Ramkumar Ravichandran – Data science TLM, Google Shopping
Sreekant Vijayakumar – Sr. Product Mgr, Fraud Mitigation & Payments
Disclaimer: Participation in this summit is purely on personal basis and is not meant to represent Adobe or Google’s position on this
or any other subject and in any form or matter. The talk is based on learning from work across industries and firms. Care has been
taken to ensure no proprietary or work related information of any firm is used in any material.
Role of Risk PM is now Strategic & Proactive from
predominantly Financial & Reactive earlier...
$bns in Impact, #Ms Customers Impacted, Brand Impact ($bn), Regulatory Fines ($bn)
Accelerating further because of digitization
Evolving ecosystem complications (touchpoints, form factors, AI driven, Edge AI)
Evolving actors & motivations
Glocalization: Regulations, Privacy Expectations, Payments
Acute Growth Rapid Exploitation of single vulnerability, e.g., stolen credentials
Multipoint Exploitation of a connected vulnerability, e.g., Target Hack
Stay under-the-radar and wait for right timing, e.g., Sony Hack
Signature Spoofing Sophisticated set up that mimics genuine customer behavior
Network Co-ordinated exploitation on multiple fronts, e.g., fake accounts
Target Switching Migrate attack from stronger systems to weaker systems, e.g, Match.com
Common Delivery Mechanisms (not exhaustive)
Bots Injections Hijacking Spoofing Testing Mimicking
Ecommerce - Risk Overview (illustrative)
Driver Common Risk Types tracked
Significantly Not As Described (SNAD), Item Not Received (INR), Merchant-Buyer Collusion,
Merchant-Merchant Collusion, Money Laundering (Fake Sales), Counterfeits, Scams,
Competitor Sabotage, Price Undercutting, Redirecting Sales, Cannibalizing Offers, Fake Ads,
Non-Compliant Inventory, Settlement Frauds, Delayed/Non-Payment of Dues, PII & PAI
Misuse, Subsidy Misuse
Affiliates Traffic & Attribution Fraud, Ad Fraud
Buyer Collusion, Returns Abuse/Over Use, Promotions Abuse, Refund Abuse & Fraud,
Referral Frauds, Remorse Returns, Improper Chargebacks, Bulk Buyers, Subscription
Cancellation (Trial Policy Abuse), Account Sharing, False Rating & Comment Abuse,
Account Take Over (ATO)- Buyers/Sellers/Partners, Stolen Cards (SC), Negative Balance at
Settlement (NBL),Stolen Packages, Spamming, Credential Spoofing
Lost/Damaged in Transit, Missing Packages, Bad Delivery, Vulnerable Systems, Operational
Issues, Insider Risk
Key Steps in Protection
Define and evaluate
various customers risk
from the false
Tracking of customer
interactions for risky
segregate and nullify
the fraud vector
Means to identify
Product Management in Risk
• Define the long term vision
• Communicate to key stakeholders
• Buy-in from management
• Set up time bound goals
• KPIs to measure impact
• Bottomline to business
• Prioritized Initiatives list
• Milestones for each initiative
• Timeline for delivery
• Data Driven Optimization
• Support, Operations & Distribution
• Refine, Revamp or Retire?
• ”Learn-Listen-Test” launch
• Usage Protocols : Guide & Comply
Data Science in Risk Management
Monitoring, Alerts &
Actual Loss Rate (#, $, %), Attempted Rate (%), Prevented Loss Rate* (#, $,
%), Successful Contest Rate (%), False Positive Rate, PR AUC, Agent Review
Pass Through Rate (%), Abuse Rate (%), Customers Impacted (#), CS Calls (#)
& CS Time Spent
Key Monitoring Reports & Analyses Readouts, Threshold & Custom Alerts
Confusion Matrix Measurements & Feedback Loop, Threat Intelligence
Reports, Central Repository, Dark Web Monitoring, New Patterns
Identification & Quantification
Predictive Models, Forecasting, Entity Resolution, Anomaly Detection,
Unsupervised Clusters, Graphs Identifications (Network/Paths/Profiling),
Building a culture of “Security first”
● Drive awareness & importance of risk: Newsletters, Executive Sponsors, Summits, Office
Hours, Hackathons, All Hands, Bounty Programs, Blue/Red Targeting, MRC Memberships
● Education: Training Programs for External Facing Teams, Risk Audits for
Designs/Flows/Campaigns/Systems/Partners, Annual Certifications for Employees.
● Customer Educations: Educational Content for Customers/Partners/Regulators. Work with
Industry bodies (MRC), Auditors & Regulators to drive “Security Consciousness”.
● Business Continuity & Disaster Recovery Protocols: Strategic, Financial & Operational
Plans to identify events, investigate & respond “responsibly” to the world outside.
● Reserve a seat on the table for the Policy Team
• Holistic AI driven Risk Platform, paired with strong processes & protocols
(prevention, incident response & impact mitigation) are vital to succeed.
• Risk arena is getting ever more complicated and it takes a strong “culture”,
Executive Sponsorship and Cross Functional Ownership to deliver on goals.
• Impact of Risk is beyond Financial only - it affects Brand, Trust, Customer
Confidence & Regulatory support. But it’s a delicate balance.
• Actors, Motivations & Vectors and their mechanisms are always evolving, so
you ain’t gonna be bored ever.
• Key Players are Product Management, Engineering, Legal/Policy, Data
Science & Operations.
Thank you! We would love to hear from you...
Thursday, December 5
Thinking in PM
Wednesday, December 4
UPCOMING Product Management Training Courses
Tuesdays & Thursdays
January 7 - February 27
6:30am - 9:00pm
7 SPOTS LEFT
December 7 - February 8
9:30am - 3:30pm
3 SPOTS LEFT
Part-time Product Management Training Courses