Should every small and medium business use Oriskami's risk management intelligence?
There is much to be said for it. It is a savvy investment. It runs mostly on auto-pilot. And it enhances the company's tolerance and exposure to risk.
A great many businesses don't manage risks as good as they could. “Risks materialize too rarely to make it into our top-problems” is a saying often observed by busy small business owners. And if larger businesses manage risks, however their
- software is often poorly designed;
- workers often lack a decision support system; and
- data analysis efforts often lack method and scale.
To help these businesses manage risk at their highest
potential, these businesses need software.
What is Oriskami?
It is a software as a service for risk management intelligence. It isn't another of a company's operational costs. Instead it's an investment that brings revenue to the company and benefits to the buyer.
Who is it for?
Oriskami is designed for small and medium, non-financial institutions like:
- e-commerce services exposed to payment fraud risk;
- international companies exposed to foreign currency risk;
- industries exposed to variations in raw material prices;
- logisticians exposed to the risk of lost or damaged packages; or
- companies facing compliance risk (contract, insurance, regulation).
How is risk usually managed?
It's done through five distinct tasks.
- Identify the major risks, their subtypes and consequences.
- Inventory the risk factors.
- Track individual risk factors and score the risk.
- Respond to threats automatically or manually.
- Review exposure and risk appetite.
Why should one manage risk?
Because timely and effective risk management helps your company make money and save time, by helping
- predict and detect risks early;
- value the risk's consequences;
- standardize your risk response;
- reduce risk managment's cost;
- take on more calculated risks.
Risk management intelligence enhances your tolerance and exposure to risk.
Now where do you start?
It starts with your company's data and with software to manage risk. Oriskami can do that—let's see how.
How does Oriskami work? Here is a basic outlook.
A) Connect your company's data
Oriskami can get your company's data from your management interface. Then there is simply no integration and no setup. And new data is retrieved every 60 seconds by Oriskami's scrapper.
But you can also directly use the API and its open source bindings.
B) Get data analyzed for risks
After connecting your data, Oriskami:
- cleans and parses the data;
- mixes in data from public and private databases;
- extracts, standardizes, and represents numerically the data;
- passes the transformed data through a series of lists, rules, and risk scores; and
- when a risk is detected a Slack, email, webhook, SMS, or direct backend notification is triggered.
C) Respond to threats
When a risk is detected, one or more review analysts can verify manually the data at risk.
Oriskami's software will help reviewers
- spot significant risk factors;
- email, call, text, or fax clients;
- attach reviews and files to cases;
- accept or reject cases; and
- simply track all exchanges.
How is your data processed?
Let's have a look at how Oriskami processes your company's data.
How does Oriskami process your company's data? Answers to questions you may ask yourself.
What data providers are used?
Oriskami is connected to about 25 external data providers.
Each one specializes in a data type like address, IP, phone, or bank information. Among those there are Google, Yandex, or Twilio.
When Oriskami gets data, it adds these services' data and expands what you can filter on. However, as these services cost money, there are two billing strategies
- an all-in-one strategy where Oriskami includes all costs; or
- a strategy where each service's bills you directly and Oriskami uses your credentials.
How long does an analysis take?
The time needed to analyze the risk of a transaction depends on two factors:
- Oriskami's processing time and
- the data providers' response time.
Oriskami's processing time should take under 100ms, but the total data gathering time from the providers usually takes between 300ms and 1000ms—longer with slow services.
Also note that network trips to our servers in France take 5-20ms from western Europe, 100-150ms from the USA, 220ms from Brazil, and 300ms from Asia.
What's Oriskami's capacity?
We have simulated with cached data Oriskami's capacity. It can process:
- 100+unit/s/node (8.6M/day or 3.1B/year) for rules and list filters;
- 20+unit/s/node (1.7M/day or 0.6B/year) for risk scores.
Oriskami's main capacity bottlenecks are the data gathering from external providers and the network round-trips.
How many risk factors are used?
Oriskami derives tens of thousands of indicators from its 557 features database. But with rules and lists, it's frequent that only 5 to 10 relevant features are used. And for risk scores, no more than 20 to 200 features are usually included.
How do blacklists work?
Oriskami has blacklists based on data attributes like the IPs, phone numbers, emails, and account ids. Each blacklist exist in two flavors: per service or pooled across companies. And the blacklists are either turned on or off individually or as a group.
What are Oriskami's features?
Let's see now a few facts about the main features of the software.
What are some of Oriskami's features? Consider these facts:
Data and resource pooling
By pooling the R&D and expertise among clients, you get features like access control or big data at lower cost.
And by pooling data you also avoid threats which impacted other companies to materialize in your business.
No reporting—it's up to date
How many times have you caught yourself battling with data to make audit reports? Did you delegate the task? How long did it take? How satisfying and consistent was it?
Oriskami's statistics are up to date (evergreen) and consistently calculated
- top-level KPIs as well as case-specific statistics; and
- counts as well as p-values.
None of your time is wasted making reports. All your time is well spent: reviewing and analyzing data to understand trends and risks, and to decide objectively, each time.
Search is a mundane task. It's true. And Oriskami's search is not Google's or Algolia's. But Oriskami's search is still a fantastic one!
— See for yourself.
Along with the results, it returns on-the-fly computed statistics such as:
- the search's risk frequency (%);
- the baseline population risk (%);
- the risk ratio; as well as
- the total volumes and numbers.
Having these statistics helps you anchor with numbers your judgment each time. But Oriskami will also help you:
- find needles in your company's data with keywords, tokens, full text search, and combination of those;
- search for IPs, IP ranges, phone numbers, email logins and domains by parsing your search input.
- get things fast by having indexes on quite a few indexed columns.
Any other software feature?
Yes. Have a look at these other facts.
What are some of Oriskami's features? Consider these other facts:
Risk model validation
Oriskami obviates the extravagant practice of making changes without testing the impact at scale! Now, before you deploy significant changes, you can validate the models. Here's how.
First, to know what's working and what's not, you run simulations that calculate for each group of risk filters (whitelist, blacklist, rule, score):
- the number and rate of hit; and
- the false positive / negative rates.
Then you look at your model's total cost. Nothing complicated. It's simply the cost of your model errors.
Oriskami factors that in with things like the cost of verifying data manually and your company's gross margin.
And finally, you compare models one another, side-by-side. This way you know how the new model improves your total cost of risk.
Connect one or more services
Often your company has several services and it's desirable to analyze those in parallel. For this reason, Oriskami users can access one or more services, within or outside their main company.
When a user is a service admin, it can:
- manage a dataset;
- clone an existing one; or
- create a new one from a template.
Oriskami users can also monitor in parallel the different services' KPIs, which helps you making comparisons.
A source of empowerment
Oriskami allows all team members to make data-driven decisions each time.
Your team prevents risks more objectively, rapidly, and consistently.
What technology does it use?
Oriskami likes you to know the how and the why it does things
— Let's look at its nuts and bolts.
About Oriskami's technology. Here's a deep dive into the bits and pieces and the motivations behind the major design choices of Oriskami.
What is Oriskami's stack?
The technological stack is that of Joyent, whom Intel and Telefonica are past investors, which has the Fortune-1 as client, and which was acquired by Samsung in 2016. It looks like this.
- Cloud system is SmartOS.
- VMs run SmartOS or Ubuntu.
- Programs are in JS / Node.js.
- Web proxy is NGINX.
- Database is PostgreSQL.
- Messaging uses RabbitMQ.
And statistical learning uses R.
Why use this stack?
Quite simply, it is because of performance, trust, and ownership.
Both Linux and SmartOS VMs run at bare-metal performance on SmartOS systems. That's very desirable for data intensive solutions like Oriskami's.
Using an open source stack means trust and independence but also that Oriskami owns its stack. What you pay goes to Oriskami's R&D and variable costs, not to expensive softwares.
- statistical epidemiology;
- experimental design principles;
- linear algorithms to score risk;
- model validation techniques; and
- financial risk management (VaR).
Do you use deep-learning?
No. Because non-linear models are black-boxes that are not explainable. And because in our experience the individual choice of a statistical learning algorithm matters less than the control of the experimental design.
Today Oriskami thinks it's better to invest its limited resources to improve its design, processes, and engineering, than to tune deep-learning models.
How fast are bugs fixed?
Oriskami has designed its systems to push changes live in 2 to 10s in most of its web-services. This means that Oriskami can fix small programming or web-service errors in a few seconds. However this rapidity is a double edge-sword as things can break more often.
What else is used?
— Let's see a few other technologies.
About Oriskami's technology and security. The second part of the deep dive.
What's the development status?
Oriskami has long passed the minimum viable product, but it hasn't reached product market fit yet. In other words:
- product is designed;
- technology stack is mature;
- product can scale 10 to 100x;
- 95-99% of the functions are here.
But there are still bugs. The company is still bootstrapped. And it is not in a scaling phase.
How does the scrapping work?
At this moment Oriskami can scrap admin interfaces from PrestaShop 1.4, 1.5, 1.6 (with little change), and Magento 1.7.
Scrapper are configured by
- a scrapper version;
- login parameters and url;
- the frequency—5s to 24h;
- the requests in parallel—1 to 8;
- a specific id to get or an id range.
Data retrieved by the scrapper is visible from the management interface.
Can you add a new scrapper?
Yes. It takes half a day. If it's a standard platform, we do it for free. If it's not, simply get in touch.
What's your uptime?
Every 5min, a third-party robot tests the uptime of our web services via HTTP. Oriskami's uptime history is available here for the past 30 days.
Our uptime is usually above 99%
Here are some of the security measures taken by Oriskami.
- Let's Encrypt's SSL certificates;
- Daily SSL / proxy tests—see last reports;
- At OVH France and AWS S3 Germany;
- Data encrypted at rest at OVH and AWS;
- Access for accounts and API keys controlled by roles, time, IP;
- Salted account passwords.
- Personally identifiable data isn't resold.
For a concrete case study
Read the story of Stefan and Matthew's eyewear e-shop, which was hard hit by payment fraud.
your business is too small for Oriskami or that your problem is
unique ? Consider it twice.
— See Stefan and Matthew's story.
An eyewear's e-commerce service
Three years ago Stefan and Matthew founded an eyewear e-commerce service.
They partnered with a web-agency to setup a Magento v1.7 e-shop.
Payment fraud hitting hard
But like so many e-commerce services, Stefan and Matthew are exposed to payment fraud, particularly on goggles from luxury brands such as Ray-Ban and Ralph Lauren.
Each week Stefan and Matthew would get chargebacks. The money would be taken from their account by the bank. Frauds was eating up their hard work.
Unauthorized to setup 3D Secure
Stefan explains: “We need a few days to a few weeks to make the glasses. When the glasses are ready, we debit the card and make the shipment.”
But “because of that long delay the bank doesn't let us use 3D Secure” tells Stefan, “so we are quite powerless.”
It's when Stefan and Matthew heard about Oriskami.
“What's to install? — Nothing!”
Quite simply, Stefan created a user account on Magento. It took a few minutes to sort out by phone and email.
That same day Oriskami sets up its Mangento-v1.7 scrapper, tested it, and downloaded the agreed data history.
Nota: to prevent risks, history is needed. It's €0.01/u—Oriskami's variable costs.
Then the scrapper would run in 24/7, getting new checkouts within seconds.
Systematic payment verifications
Data analysis revealed that Stefan and Matthew's eyewears shop saw 6.1% of fraud suspicious checkouts.
So 3x per week, before batch-shipping the orders, Stefan and Matthew would review them on Oriskami to check:
- the country flags;
- the embedded google map; and
- the connected orders.
When in doubt, they would also ask for support via email or phone.
Oriskami allowed Stefan and Matthew to control their chargeback rate and to assess in real-time their risk exposure.
— Let's this other use case.
You think Oriskami can't possibly have a positive impact on your international company? Here's some plain talk.
1. It works with legacy systems
First, you don't need to put Oriskami in production to get benefits from it as it can co-exist with and extend other legacy systems. You could use it to:
- optimize your existing system;
- make internal or peer reviews;
- exchange with clients;
- carry out simulations; or
- calculate the company's risk KPIs.
Note also that to get started can require as little effort as:
- the creation of a user account in one of your legacy systems; or
- making a single API request to
2. It's an investment, not an operational cost
Second, Oriskami's software is not another operational cost. Instead it’s an investment that brings revenue to your company and benefits to your buyers.
Let's say you spend $10k/year. Then Oriskami should pay for itself through a series of positive impacts. Let's see how.
- Increasing the number of risks and risk factors you monitor.
- Automating some of your repetitive risk management tasks.
- Reacting faster to new threats.
- Avoiding that the risks repeat.
- Improving decision's accuracy.
- Controlling and reducing risks.
3. It has indirect benefits too
Third, as Oriskami helps you make less reviews, more objectively and efficiently, clients are more happy and their lifetime value benefits (CLV).
But Oriskami should also empower you to grow and take on more risks like:
- expanding to new countries;
- adding new, high-risk products; or
- creating new, high-risk processes.
— How will it assist you? By:
- helping you set your risk appetite;
- replicating your risk strategies;
- simulating the strategies' impact;
- keeping a close eye on your risks.
Why Oriskami isn't a fit for you
— Let's see ten reasons.
Ten reasons why Oriskami is probably not a fit for you.
1. You prefer to do business with a US-based company
Sometime Oriskami might do a flip with a Delaware C-corp but not now. Today Oriskami is happily located in Estonia, a digital trust pioneer that also has full access to the Euro-zone.
2. You think Oriskami is too small
You are probably right. Oriskami is a small company. We understand you might only work with big scale companies—so, here's a short-list: Visa CyberSource; American Express Accertify; Palantir technologies; SiftScience—for more simply check this Quora response.
3. You want us part of your RFP
RFPs are very time-consuming and require a lot of attention. Oriskami can't respond to RFPs. But, maybe, put us in the loop, then we know what's ahead.
4. You need a response < 100ms
Small response time is a use-case that Oriskami's software is not designed for at the moment. Oriskami is aware that this might be an issue. If this is your case, just give us a shout.
5. You need an SLA
6. You need to evaluate the risk of financial instruments
Oriskami doesn't calculate the value and risks associated with financial instruments such as stocks, bonds, loans, forwards, futures, swaps, options, or derivatives.
Asset management companies are experts in that domain. However we like to know if you need to hedge foreign currency or commodity price risk.
7. You process 20+million u/y
At this moment, this is Oriskami's (soft-)limit for the maximum number of data points that a company can send each year. As Oriskami's infrastructure develops, Oriskami will gradually raise the bar. Let us know if it's an issue.
8. You want credit ratings
Today Oriskami doesn't do it, neither for companies nor for private clients.
9. You send credit card numbers
Oriskami isn't PCI-DSS compliant. You shouldn't send data via the API with card numbers. If you do, we may delete your data and close your account—BINs and blacklisted card numbers are ok.
10. You need lambda functions
Oriskami doesn't offer this yet.
What are Oriskami's prices?
Pricing are pay as you go—let's see.
|Number of transactions||HT € per transaction|
|Historical Transactions: 0.01 HT € per transaction|