Your business is exposed to uncontrolled events like price variations, fraud, and operational errors. When these risks materialize, they have a negative impact.
You’ve implemented risk mitigation measures to protect yourself against the most important risks, but you remain vulnerable due to a lack of resources, time, and expertise.
Here we propose a risk management intelligence in software as a service (SaaS) to help your business audit, configure, and optimize its risk exposure.
- Your business is exposed to events it can’t control
- You know it's possible to improve how you manage risk
- But why should you care and why now?
- Array of benefits
- The solution's business model and the alternative options
- Business model
- The solution's features and development status
- Features and development status
- Trust and security engineering
- How to get started?
These uncontrolled events are external or internal to your business. Your if-this-then-that (IFTTT) risk management protocols help address the most important risks, but many events remain improperly managed, if at all.
Internal events, external events, and IFTTT systems
|Your business is vulnerable to external events it can’t control like:
It's also vulnerable to internal issues resulting from:
- Price variations on markets;
- Changes in operating conditions, like the weather or road traffic; and
- Improper uses of your service.
To limit your vulnerability to these risks, you have built IFTTT systems. You have hardcoded them in your business’s IT systems, programmed them into spreadsheets, or taught them to your business’s employees.
- An improper design of your operational workflow;
- Human errors; and
- Machine failures.
Innefficient, a posteriori risk management
|However, assuming that you may or may not manage risks and that if you do, you manage them efficiently or inefficiently, proactively or a posteriori, we both know that only your biggest risks are managed proactively and efficiently, whereas the others are managed inefficiently and a posteriori, if at all.
Furthermore, by leaving your risk mitigation techniques in people’s heads and using only spreadsheets or deeply buried, hard-to-configure, hard-to-optimize IFTTT systems to manage your risks, you are vulnerable to:
- A loss of knowledge and protection once the risk managers leave; and
- A lack of resilience and flexibility if risks evolve—which they will.
When your business manages unexpected events, analyses of the events’ root causes often reveal that preventing these risks is possible. However, you lack the resources and/or expertise to properly do so.
There’s a gap with what we ought to do
|How many times have you caught yourself thinking:
These questions suggest a gap between what should be done and how things work currently. In other words, you need a more intelligent way of managing risk. This is what a risk management intelligence is for (book).
- What if knowledge was shared and employees without external expertise could detect early signs of uncontrolled events?
- What if these metrics were available more widely or were up to date?
- What if we could measure these factors to picture the risk more fully?
- What if we could value the cost benefits of those decisions?
- What if we could mutualize some of our data with partner businesses?
A risk management intelligence to help your business and employees
|A risk management intelligence should help:
In practice, the solution includes the following data analysis sequence of steps:
- Your business prevent risks more objectively, rapidly, and efficiently;
- Your employees detect early signs of risks and prevent risks;
- Your business improve its resilience to risks.
- It connects to your data streams by either pulling or receiving data.
- It data processes the stream's transactions.
- It mixes in data from static or dynamic public and private databases.
- It tests the data against one or more lists, rules, and statitistical filters.
- If there's a risk, it routes transactions and/or triggers custom actions.
Properly managing your business’s risks with risk management intelligence will help you boost your net margin within months while reducing your risk exposure and enabling you to better understand your business’s risk factors.
|Array of benefits
Reduce risk exposure and understand risk factors
|The automated routing and triggers help your business treat the uncontrolled events preventively and/or in a timely manner, thereby reducing the event’s consequences. More generally, it helps you:
As a result, risk management intelligence has a direct impact on your bottom line, thereby improving your business’s net margin.
- Reduce your business's exposure to transactional risks;
- Address those risks more rapidly and cost-effectively; and
- Gain a better understanding of the factors that influence the risk.
Boost your net margin within months
|Adding risk management intelligence to your business is vital because:
- Improving your business’s net margin by 0.1 to 2 percentage points within months is a top-priority capital investment with high ROI;
- Limiting your exposure to uncontrolled events will help you streamline and stabilize your business production;
- You have plugged IoT into your business’s operation and you know you can derive more value from the generated data;
- The array of risks you are exposed to varies continuously and/or is too complex to be handled only by traditional IFTTT solutions; and
- A software as a service solution would help you:
- pool data with other industry partners, thereby improving your risk models' performance; and
- pool resources to reduce R&D and/or staff expenses while enabling access to better
We consider three business models for the risk management intelligence: per transaction, per usage time, and with support plans, while the competitive landscape ranges from do-it-yourself, insurance, and legacy solutions, to startup solutions.
||The pricing model of the risk management solution has three dimensions:
- Per transaction for inbound data-stream traffic;
- Per compute time to train machine-learning models or perform simulations; and
- Includes prepaid plans for email, phone, and onsite support.
||Instances of IFTTT software systems include Zapier, IFTTT, Automate.io, Integromat, Workato, PieSync, and Microsoft Flow.
There are also fraud prevention systems for e-commerce services, which we can classify into six subgroups:
- Insurance solutions. Visa 3D Secure, MasterCard SecureCode, American Express SafeKey;
- In-house/do-it-yourself solutions. Algorithms developed in-house to filter payments based on a set of rules and/or lists;
- Fraud prevention modules. Braintree by PayPal, Worldpay, Adyen, Worldline by Atos, Stripe, and Ingenico;
- Legacy. CyberSource by Visa, Accertify by American Express, ClearSale (from Brazil), and ThreatMetrix
- Analytics/cybersecurity. SAS Institute, Palantir Technologies, Falcon Fraud Manager by FICO, and NetReveal by BAE Systems; and
- Start-ups. Sift Science, Kount, Riskified, Signifyd, Forter, Trustev, Feedzai, iovation, Simility, Ravelin, preCharge, unfraud.
Using start-up terminology, the risk management intelligence is beyond the prototype or proof-of-concept phase but not yet at the product-market fit phase; it needs more early adopters. Features are reported below with their development statuses (legend).
|Features and development status
||The risk management intelligence software includes (legend):
- Open-source plugins to send data streams via Node.js, PHP, and Python;
- A REST API to receive transaction data from the plugins (or directly);
- A mixer to blend the transactions data from 15+ external providers;
- An extractor to construct each transaction’s feature vector;
- An analyzer to filter transactions via one or more sets of lists, rules, and statistical models;
- A notifier to route data or trigger events via webhooks, Slack, and email;
- A multi-streams, multi-user, role-based web interface to:
- track inbound and outbound phone and email exchanges;
- search histories and consult evergreen risk statistics;
- invite users temporarily or permanently; pause or delete their access; or change their roles; and
- create, clone, or delete data-stream buckets
- Retrieve and compare summary statistics for the data streams.
|Trust and security engineering
||In the following, we summarize the trust and security features currently engineered in the risk management intelligence software (legend):
- Personally identifiable information, such as email addresses and phone numbers, is not resold.
- No credit card information is stored in the system.
- API keys are renewable, per user, with IP-based access control.
- The data is encrypted at rest for the transactions and file storage.
- Data is stored at Ovh France and replicated in two data centers.
- User credentials to the web-interface are salted.
- HTTP communications to the API, web interface, file storage, and external services are conducted over SSL.
||Software features are developed with different levels of maturity. Each feature is classified into one of three groups:
- The feature is fully working.
- The feature is down due to a minor software or infrastructure regression.
- The feature requires significant development and testing before release.
— Let's go to the contact page for information and availability.