"All for the Safety & Security of Users" - The Frontier of Safety Control to Protect Users 24/7!
PayPay has grown very rapidly in the 2 years since launching its service. In addition to the capabilities of developing the product and sales activities, there is one more critical requirement to keep growing. That is, to strengthen the safety of the service so that users can feel safe using PayPay. This interview is with Kouichiro Mizushima in the Safety Management Office, who strives everyday to protect PayPay users and provide a safe & secure service through a tireless trial & error process. Read below about the “most cutting-edge measures in Japan”, according to Kouichiro.
A talented professional who has, since joining PayPay in September 2018, been working tirelessly on countering fraud
The attention & recognition we receive by the public is a responsibility to be taken gravely
What is the role of the Safety Management Office?
The team works on measures to counter the various financial crime risks existing in PayPay’s service. The “Risk Operations” and “Merchant Risk Operations” teams are responsible for detecting & addressing fraud, and the “Data Engineering” team is responsible for developing related systems, such as the fraud detection system. We also work closely with the operations center in Fukuoka that monitors all the day-to-day payments 24/7 to identify fraud in its early stages and prevent it from actually happening. There are other offices across the country working on safety measures, with who we also work together.
Can you tell me about the members of the Risk Operations team that you are in and what you do?
There are a variety of team members, including people who have worked on safety measures in credit card or fintech companies, and others who have experience in scoring users. As for me, I have years of experience in anti-fraud operations related to e-commerce, after which I joined PayPay in September 2018.
We cover a wide range of tasks as a team including “risk reviews of services/campaigns”, “anti-social force checks”, “establishing of monitoring processes to quickly identify fraud”, etc. Each task has an owner assigned so that we can divide the different tasks required. An increase in fraud causes damage to PayPay’s reputation, so what we do is critical for the business.
I see, the stakes are very high. What are some things that you focus on in particular in your work?
“Thinking about what can be done to protect our users’ assets” is what comes before anything else. We encounter new criminal techniques all the time so it’s a never ending cat-and-mouse game, but I always keep in mind that at the end of the day, I’m here to protect our users and continue at that. The fact that PayPay’s fraud rate is only 0.00004% (*1) I think is indicative of our continuous efforts.
I’m also always conscious of the fact that we need to be responsible as the industry leader (*2). All thanks to the ever-increasing number of users and businesses that use PayPay, I think there are now many people who immediately think of PayPay when they think of mobile payments, only 2 years-in from the launch of the service. Since our service attracts a lot of attention and is widely recognized, people will think “I can’t trust cashless payments” in general if PayPay allows too much fraud to happen, hence the sense of responsibility to avoid opening up any window of opportunity for that to happen.
*1: A 3-month average of the frequency of fraud between March~May 2020, across the 30 million users registered with PayPay
*2: PayPay maintains 1st position – higher than credit cards, as the “first service I think of for cashless payments” (Based on a study conducted by PayPay; Opened ended question without pre-defined answers)
Anti-Fraud Measures Unique to PayPay
What do you find rewarding in your daily work?
First and foremost, as PayPay has a large number of users and processes a vast number of payments, being able to be a part of anti-fraud activities in such a company is a great challenge that cannot be experienced anywhere else.
Also, with an aim to reduce the risk of fraud, we get to be involved in creating services and campaigns contributing from a safety perspective, which is a rewarding experience that is only offered in PayPay. I believe other companies have similar organizations, but having a safety management team involved in creating services in order to prevent fraud from happening in the first place, is something I think is unique to PayPay. I think we have “the most aggressive back office in Japan.”
Wow, an “aggressive back office”.
If finding fraud quickly is considered as “defense”, then developing services that prevents fraud beforehand would be an “offense.” As a job, I feel that it is beyond mere back office work. As the number of new services increases, the scope of each individual becomes broader, and we gain knowledge and experience beyond our assigned duties.
Having been involved in the planning of payment systems in my previous job, I myself have a strong desire to create better services for our users. The safety management team is usually one of the teams at the very back of the back office, but I’m very happy that I can be involved in creating services. When I see a service launched, it makes me feel, “Oh, that’s a service I helped create!”
How specifically are you involved in creating products and campaigns?
We receive inquiries asking if there are any fraud risks from various teams such as Product, Planning, Sales, Marketing, etc., which we review and consider improvements together.
It isn’t just internal teams – we also work on security measures for third party services available from the PayPay app, together with the owners assigned from these companies. The security standards of other companies are not always the same as those of PayPay, so it can be quite hard to coordinate, but I feel that this is a good experience for me to advance my skills. Regardless of who we work with, we try to find a way for both the usability and safety of the service to coexist.
Is there any conflict between the team that pursues usability and your team that addresses safety measures?
Yes, there is. (Laugh) We “always” come into conflict with each other. For example, quite often the usability drops when fraud measures are introduced, so the owner of the service development sometimes comes back to me and says “I can’t include this in the service – no one will use it!” 。
When that happens, I go through and explain each of the risks involved to come up with an improvement plan together. Since no one will use something with low usability – even if the risk is reduced – I make an effort to work out what the best balance is through close communication. There are also cases, after having a discussion, where the Safety Management Office scraps the security measure originally planned and replaces it with something completely new.
That sounds like some very delicate decision making involved.
What’s important is to not immediately respond with a “NO” when someone proposes something. There’s never just one answer, so I believe it’s important to first consider the proposal, however difficult it may sound. People who are set in their ways are quick to say “that’s not possible”, and I think PayPay isn’t a good match for people like that. It’s important to look at historical fraud data, as well as the service specifications proposed by the Product team – and after absorbing all the masses of information, find the logically optimal solution in a flexible way.
Having said that, there was a case where a service scheduled to be released was postponed, after consulting with management, on the basis that “the risk of fraud is too high”, even though it was a major project.
Delaying the release! Postponing a major project would have been a big decision.
To be clear, it’s not as though we want to get in the way, rather, we also “want to make an even better service”. The thing is, if there’s a lot of fraud after the release, the users are affected more than anyone else, and the service or even the business itself may be exposed to the risk of getting suspended. That’s the weight we carry when we work on anti-fraud measures.
Anti-fraud measures required constantly changes, “the only way ahead is to pave a new path”
What do you plan to work on going forward?
It’s only been 2 years and a bit since PayPay was released, and anti-fraud still has much more evolving to do. The Safety Management Office needs to be more involved in various projects to nip service and campaign related fraud in their buds, and establishing a proper internal structure to do that is one thing I want to work on.
PayPay is also looking into increasing offshore users, outside of Japan. Any increase in the number of users means more effort required to address and respond to a wider range of fraud, but still, that would be an experience that can only be gained being in PayPay. I’m very much looking forward to be involved in making PayPay a global service.
Lastly, I know that you’re looking for team members to work with you in the Safety Management Office. Do you have any messages for the people who are thinking of applying?
Given that the service itself keeps evolving everyday here at PayPay, the anti-fraud measures that are required keep changing as well. There is no fixed path – we have to pave the way ourselves, but doing that is extremely rewarding. Because we are the industry leader, there are many different fraud cases that have to be addressed, providing ample opportunity to acquire new skills. It would be great if we can work together to make PayPay a better service from a safety management point of view!
See current job openings here
Special thanks: Kouichiro Mizushima / Editor: Anton & Az (PayPay Inside-Out Editorial Team) / Translation Editor: Language Communication Team
*Employees’ affiliations are as of the time of the interview.