Should every small and medium business use Oriskami's risk management intelligence?

There is much to be said for it. It is a savvy investment. It runs mostly on auto-pilot. And it enhances the company's tolerance and exposure to risk.


A great many businesses don't manage risks as good as they could. “Risks materialize too rarely to make it into our top-problems” is a saying often observed by busy small business owners. And if larger businesses manage risks, however their

  1. software is often poorly designed;
  2. workers often lack a decision support system; and
  3. data analysis efforts often lack method and scale.

To help these businesses manage risk at their highest potential, these businesses need software.

What is Oriskami?

It is a software as a service for risk management intelligence. It isn't another of a company's operational costs. Instead it's an investment that brings revenue to the company and benefits to the buyer.

Who is it for?

Oriskami is designed for small and medium, non-financial institutions like:

  1. e-commerce services exposed to payment fraud risk;
  2. international companies exposed to foreign currency risk;
  3. industries exposed to variations in raw material prices;
  4. logisticians exposed to the risk of lost or damaged packages; or
  5. companies facing compliance risk (contract, insurance, regulation).

How is risk usually managed?

It's done through five distinct tasks.

  1. Identify the major risks, their subtypes and consequences.
  2. Inventory the risk factors.
  3. Track individual risk factors and score the risk.
  4. Respond to threats automatically or manually.
  5. Review exposure and risk appetite.

Why should one manage risk?

Because timely and effective risk management helps your company make money and save time, by helping

  1. predict and detect risks early;
  2. value the risk's consequences;
  3. standardize your risk response;
  4. reduce risk managment's cost;
  5. take on more calculated risks.

Risk management intelligence enhances your tolerance and exposure to risk.

Now where do you start?

It starts with your company's data and with software to manage risk. Oriskami can do that—let's see how.

American Express
Processed by:
Braintree by PayPal
With services and infrastructures from:
Amazon AWS
Business is based in the EU
Data processing servers are based in France
Support in:
Support in English / Support in French

How does Oriskami work and how does it processes your company's data? Here is a basic outlook.

First, it gets your company's data

Oriskami gets your company's data a) from your management interface—then there is simply no integration, no setup, and data is retrieved every few seconds by our scrapper; or directly via the API (docs) and its open source bindings.

Second, it analyzes for risks

After connecting your data, Oriskami:

  1. cleans and parses the data;
  2. mixes in data from public and private databases ;
  3. extracts, standardizes, and represents numerically the data;
  4. passes the data through lists, rules, and risk scores ; and
  5. notifies you via webhook, Slack, email, etc. when it detects a risk.

Third, it helps you make reviews

Oriskami helps you:

  1. spot significant risk factors;
  2. email, call, text, or fax clients;
  3. attach reviews and files to cases;
  4. accept or reject cases; and
  5. simply track all exchanges.

What data providers are used?

Oriskami sources data from 20+ external providers like Google, Yandex or Twilio—each specializes in a data type like address, IP, phone, or bank information— and it adds this information into your data, expanding what you can filter on.

How long does an analysis take?

The time needed depends on Oriskami's processing time and the data providers' response time—for live latencies simply check the product page .

What's Oriskami's capacity?

Simulations ran in 2017 suggest a capacity of 100+unit/s/node (8.6M/day or 3.1B/year) for rules and list filters and 20+unit/s/node (1.7M/day or 0.6B/year) for risk scores.

How many risk factors are used?

Oriskami derives tens of thousands of indicators from its 557 features database. But with rules and lists , it's frequent that only 5 to 10 relevant features are used. And for risk scores , no more than 20 to 200 features are usually included.

How do blacklists work?

Oriskami has blacklists based on attributes like IPs, phone numbers, emails, and account ids; they are either per service or pooled across companies.

What are Oriskami's features?

Let's see now a few facts about the main features of the software.

What are some of Oriskami's features? Consider these facts:

No reporting—it's up to date

How many times have you caught yourself battling with data to make audit reports? Did you delegate the task? How long did it take?

Oriskami's statistics are up to date (evergreen) and consistently calculated

  • top-level KPIs as well as case-specific statistics; and
  • counts as well as p-values.

None of your time is wasted making reports. All your time is well spent: reviewing and analyzing data to understand trends and risks, and to decide objectively, each time.

Search function

Search is a mundane task—true, and Oriskami's search is not Google's or Algolia's, but it's still a fantastic one.

Along with the results, it returns on-the-fly computed statistics such as:

  1. the search's risk frequency (%);
  2. the baseline population risk (%);
  3. the risk ratio; as well as
  4. the total volumes and numbers.

Having these statistics helps you anchor with numbers your judgment each time. But Oriskami will also help you:

  1. find needles in your company's data with keywords, tokens, full text search, and combination of those;
  2. search for IPs, IP ranges, phone numbers, email logins and domains by parsing your search input.
  3. get things fast by having indexes on quite a few indexed columns.

Risk model validation

Oriskami obviates the extravagant practice of making changes without testing the impact at scale! Now, before you deploy significant changes, you can validate the models. Here's how.

First, to know what's working and what's not, you run simulations that calculate for each group of risk filters (whitelist, blacklist, rule, score):

  1. the number and rate of hit; and
  2. the false positive / negative rates.

Then you look at your model's total cost. Nothing complicated. It's simply the cost of your model errors.

Oriskami factors that in with things like the cost of verifying data manually and your company's gross margin.

Finally you compare models one another—this way you know how the new model improves your total cost of risk.

What's Oriskami's technology?

— See its nuts and bolts.

About Oriskami's technology. Here's a deep dive into the bits and pieces and the motivations behind the major design choices of Oriskami.

What is Oriskami's stack?

The technological stack is that of Joyent, whom Intel and Telefonica are past investors, which has the Fortune-1 as client, and which was acquired by Samsung in 2016. It looks like this.

  1. Cloud system is SmartOS.
  2. VMs run SmartOS or Ubuntu.
  3. Programs are in JS / Node.js.
  4. Web proxy is NGINX.
  5. Database is PostgreSQL.
  6. Messaging uses RabbitMQ.

And statistical learning uses R.

Why use this stack?

Quite simply, it is because of performance, trust, and ownership.

Both Linux and SmartOS VMs run at bare-metal performance on SmartOS systems. That's very desirable for data intensive solutions like Oriskami's.

JavaScript is a natively asynchronous, ubiquitous, and popular language. There's just one language for the back- and front-end. It's non-blocking. And it's rapid to learn for newcomers.

Using an open source stack means trust and independence but also that Oriskami owns its stack. What you pay goes to Oriskami's R&D and variable costs, not to expensive softwares.

What statistical methods are used?

Oriskami uses statistical epidemiology; experimental design principles; linear algorithms to score risk; model validation techniques; and financial risk management (VaR).

Does Oriskami use deep-learning?

No. Because non-linear models are black-boxes that are not explainable. And because in our experience the individual choice of a statistical learning algorithm matters less than the control of the experimental design.

Today Oriskami thinks it's better to invest its limited resources to improve its design, processes, and engineering, than to tune deep-learning models.

How fast are bugs fixed?

Oriskami has designed its systems to push changes live in 2 to 10s in most of its web-services. This means things break more often but also that Oriskami can fix small programming or web-service errors in just a few seconds.

For a concrete case study

Read the story of Stefan and Matthew's eyewear e-shop, which was hard hit by payment fraud.

You think your business is too small for Oriskami or that your problem is unique ? Consider it twice.
— See Stefan and Matthew's story.

An eyewear's e-commerce service

Three years ago Stefan and Matthew founded an eyewear e-commerce service.

They partnered with a web-agency to setup a Magento v1.7 e-shop.

Payment fraud hitting hard

But like so many e-commerce services, Stefan and Matthew are exposed to payment fraud, particularly on goggles from luxury brands such as Ray-Ban and Ralph Lauren.

Each week Stefan and Matthew would get chargebacks. The money would be taken from their account by the bank. Frauds was eating up their hard work.

Unauthorized to setup 3D Secure

Stefan explains: “We need a few days to a few weeks to make the glasses. When the glasses are ready, we debit the card and make the shipment.”

But “because of that long delay the bank doesn't let us use 3D Secure” tells Stefan, “so we are quite powerless.”

It's when Stefan and Matthew heard about Oriskami.

“What's to install? — Nothing!”

Quite simply, Stefan created a user account on Magento. It took a few minutes to sort out by phone and email.

That same day Oriskami sets up its Mangento-v1.7 scrapper, tested it, and downloaded the agreed data history.

Nota: to prevent risks, history is needed. It's €0.01/u—Oriskami's variable costs.

Then the scrapper would run in 24/7, getting new checkouts within seconds.

Systematic payment verifications

Data analysis revealed that Stefan and Matthew's eyewears shop saw 6.1% of fraud suspicious checkouts.

So 3x per week, before batch-shipping the orders, Stefan and Matthew would review them on Oriskami to check:

  1. the country flags;
  2. the embedded google map; and
  3. the connected orders.

When in doubt, they would also ask for support via email or phone.

Oriskami allowed Stefan and Matthew to control their chargeback rate and to assess in real-time their risk exposure.

Use case

— Let's see this other use case.

You think Oriskami can't possibly impact positively your international company? Think it twice, here's why.

It works with legacy systems

First, you don't need to put Oriskami in production to get benefits from it as it can co-exist with and extend other legacy systems. You could use it to:

  1. optimize your existing system;
  2. make internal or peer reviews;
  3. exchange with clients;
  4. carry out simulations; or
  5. calculate the company's risk KPIs.

Note also that to get started can require as little effort as a) creating an account in one of your legacy systems or b) just making one single request to our API.

It's an investment that pays off

Second, Oriskami's software is not another operational cost. Instead it’s an investment that brings revenue to your company and benefits to your buyers. Oriskami should pay for itself by:

  1. increasing the number of risks and risk factors you monitor;
  2. automating some of your repetitive risk management tasks;
  3. reacting faster to new threats;
  4. avoiding that the risks repeat;
  5. improving decision's accuracy;
  6. controlling and reducing risks.

It has indirect benefits too

Third, as Oriskami helps you make less reviews, more objectively and efficiently, clients are more happy and their lifetime value benefits (CLV).

But Oriskami should also empower you to grow and take on more risks: expanding to new countries; adding new products; or creating new processes.

It will assist you by:

  1. helping you set your risk appetite;
  2. replicating your risk strategies;
  3. simulating the strategies' impact;
  4. keeping a close eye on your risks.

Works with multiple services

Often your company has several services and it's desirable to analyze those in parallel. For this reason, Oriskami users can access one or more services, within or outside their main company.

Service admins can manage a dataset; clone an existing one; or create a new one from a template. And Oriskami users can monitor in parallel the different services' KPIs, which helps you making comparisons.

Why Oriskami may not be fit

— Let's see 10 possible deal breakers.

Ten reasons why Oriskami is probably not a fit for you.

1. You prefer to do business with a US-based company

Sometime Oriskami might do a flip with a Delaware C-corp but not now. Today Oriskami is happily located in Estonia, a digital trust pioneer that also has full access to the Euro-zone.

2. You think Oriskami is too small

You are probably right. Oriskami is a small company. We understand you might only work with big scale companies—so, here's a short-list: Visa CyberSource; American Express Accertify; Palantir technologies; SiftScience—for more simply check this Quora response.

3. You want us part of your RFP

RFPs are very time-consuming and require a lot of attention. Oriskami can't respond to RFPs. But, maybe, put us in the loop, then we know what's ahead.

4. You need a response < 100ms

Small response time is a use-case that Oriskami's software is not designed for at the moment. Oriskami is aware that this might be an issue. If this is your case, just give us a shout.

5. You need an SLA

Today Oriskami can't enter into a service level agreement. Tell us if it's a major issue—here's our uptime.

6. You need to evaluate the risk of financial instruments

Oriskami doesn't calculate the value and risks associated with financial instruments such as stocks, bonds, loans, forwards, futures, swaps, options, or derivatives.

Asset management companies are experts in that domain. However we like to know if you need to hedge foreign currency or commodity price risk.

7. You process 20+million u/y

At this moment, this is Oriskami's (soft-)limit for the maximum number of data points that a company can send each year. As Oriskami's infrastructure develops, Oriskami will gradually raise the bar. Let us know if it's an issue.

8. You want credit ratings

Today Oriskami doesn't do it, neither for companies nor for private clients.

9. You send credit card numbers

Oriskami isn't PCI-DSS compliant. You shouldn't send data via the API with card numbers. If you do, we may delete your data and close your account—BINs and blacklisted card numbers are ok.

10. You need lambda functions

Oriskami doesn't offer this yet.

Getting in touch

If you have questions: