decision camp 2014 - chris purdum - balancing risk and business enablement
DESCRIPTION
PayPal is the industry leader in payment solutions with more than $200B TPV and 150 million active users across 180 countries. Evaluating Risk in each user activity and taking countermeasures to mitigate it need to be balanced with ensuring good user experience and business enablement. This is especially challenging when the decision strategy involves thousands of rules and data points and decision to be made in real time in most of the use cases. Apart from scalability, availability and performance challenges, with hundreds of rule writers spread across the world and hundreds of rules changed every week to adapt to changing business conditions, data and rule governance will pose its own unique challenges as well. This talk will cover the solutions we designed to manage the rule authoring, deployment and run time characteristics and also analytics components which are used derive insights into the effectiveness of the risk evaluations.TRANSCRIPT
BALANCING RISK AND BUSINESS ENABLEMENT
Chris Purdum
October 2014
AGENDA
Introduction and Problem Statement
Pluto Design
Process
Features
Monitoring
PROBLEM STATEMENT
Need to be able to quickly balance
Risk evaluation
Good user experience
Business enablement
The Challenge:
The Decision strategy involves thousands of rules and data points
Decisions need to be made in real time in most of the use cases.
Scalability, availability and performance challenges
Hundreds of rule writers spread across the world
Hundreds of rules changed every week to adapt to changing business conditions
Data and rule governance will pose its own unique challenges as well.
So, How do we manage all of this? We call it Pluto
PLUTO
What is it? PayPal Risk Infrastructure component to implement Decision Strategy
IBM Operational Decision Management (Business Rule Engine) at its heart
Rich feature set to deploy Rules, to monitor and to have fine grained control run time characteristics
Customizations to Rule Authoring system
WHEN WE USE PLUTO
If Yes to following questions If Business or Non-Technical person needs to maintain logic
Logic needs to change very often (>once per month)
Logic is not very complex
Changed logic needs to be reflected in live in less than a day
At PayPal, we use it at various user interaction “checkpoints:” Profile changes (add/edit/remove funding instruments, address,
email, etc)
Payments
Post-Payment (Recoveries, Resolutions, etc)
PLUTO SYSTEM OVERVIEW
Web based tool to write business rules in natural language like language (ODM Decision Center)
Business Rules can be “IF – THEN” format or Decision Table or Decision Tree
Rule Flow support (Branching, merging logic branches etc.)
Rules are written on a Object Model called Rules Business Objects (RBO, or XOM in ODM parlance) Rules are written with interfaces – “XOM” used to generate BOM for
Rules Authoring
Runtime uses implementation
Rules are written off-line and transferred into Run time using a process called ‘Deployment’.
PLUTO – COMPONENTS - RBO
Events RADD Non-Event DataTSAContext
Risk Code BOM (Not ODM BOM)
RBO Impl
DOM
RBO Interface
Rule Business Objects are Data Abstraction Layer
Exposed to Rule Authors
RBO Interfaces are Bundled as Artifacts (libraries)
PLUTO – COMPONENTS – DC
Decision Center is a Web Based Rule Authoring Tool
DC is Bundled with BOM generated from RBO Interfaces
Rule Deployment is the process of pushing rules from Corp to Live
RULE
AUTHOR
ODM
Server
Rule
Repository
RBO
Interface
BOM
Risk Application
PLUTO – COMPONENTS – RUN TIME
Runtime is where Rules are executed
Runtime is bundled with server code
Pluto
Runtime
Published Rules
DB
RBO
Interface
RBO
Impl
.
Rule Designer
PUTTING IT ALTOGETHER
Published
Rules
Decision Center
(Rule Authoring)
Logging
Risk Application (+RBO
Implementation)
Pluto wrapper
ODM Rule
Runtime
RBO interface
RULE PUBLISH
RULE REPOSITORY
RULE
AUTHOR
CORP
IDI
PLUTO PROCESSES
Expose Business Objects (BOM) to Rule Authors… Developers and Business Users agree on interface.
Implement RBO interface and implementation
Do RBO Artifact Release (once every 2 weeks)
Release service with the above RBO artifact
Use Rule Designer to generate BOM from RBO
Publish BOM to Live DC
PLUTO PROCESSES
Write Rules
Initially, rules written in “evaluation” mode
After they’re monitored and shown to work as expected, they are changed to do real actions.
Any new rule will start as ‘Inactive’. Only a few people can activate the rule.
PLUTO PROCESSES
Deploy Rules Rules are extracted from repository in rulesets inside ruleapp jar
Ruleapp jar copied from DC network to LIVE network
A daily running batch job pushes the jar to DB in production.
Run time picks it up automatically.
The whole thing is automated
FEATURES AT A GLANCE
No PD touch rule deployment
Smart runtime RBO/ruleset version checking
“Slow Roll” Rule Release
Enable and Disable Rule using Admin tool
Rule Statistics - evaluation counter, fired counter, Rule fired rates
Auto disable feature based on rules statistics
FEATURES AT A GLANCE (CONTD.)
Auto – null check injection
White Listing Actions
Some Authoring tool customizations
CAL and DB logging for monitoring
Checkpoint to Checkpoint communication using TSA
Smart Caching of Bind Values
PLUTO MONITORING
Every Rule Fired will be logged in DB, CAL and our Biz Logging framework
Pluto Rule Performance is available in CAL
Refer to Appendix
QUESTIONS?
THANK YOU