Confident that Splunk is the only option for developing powerful systems in a short period of time

Merpay, Inc. (hereafter, Merpay) uses the vast amount of customer big data in the secondary distribution market held by Mercari, Inc., the market leader in the domestic flea market app market, as a base to launch promotions with a sense of urgency one after another to attract users and merchants. , and rapidly expanded its territory while being a latecomer. It is solidifying its position in the domestic smartphone payment economic zone, which continues to be in turmoil.

The company's top priority right now is to fight financial crime. While other leading companies are busy dealing with suspicious transactions, Merpay has been working on a mission to eradicate fraud in cooperation with the Financial Services Agency and authorities since before its establishment. “the Company aims not only to provide a simple payment method, but also to become a safe and secure platform that embodies the basic philosophy of creating trust and creating a smooth society. In order to expand our trust-based business, we believe it is important to take a resolute approach against fraud and suspicious behavior,” says Hiroshi Ito, Merpay Product Manager.

The company has a dedicated AML/CFT (anti-money laundering/counter-terrorist financing) team that monitors, detects and promptly responds to fraudulent transactions and activities. Splunk Enterprise (hereinafter referred to as Splunk) provided by Macnica has been adopted as the platform for detecting suspicious transactions, providing various dashboards, and analyzing data, which are the most important aspects of these activities, and have achieved great results. . Merpay software engineer Agro Rakumatura who was in charge of development, says: “I had experience using Splunk at my previous job, and I understood its high productivity, high-speed data analysis capabilities, and efficiency in creating dashboards in a short time.An AML-related department was established at Merpay, When we needed to quickly develop a powerful transaction monitoring system to protect the safety and security of our customers, Splunk came to mind. We recommended it to our company in September 2018."

Leveraging Splunk as a rule engine to monitor payment status

Partners are important when implementing Splunk. Merpay chose Macnica. The reason for this is that we are the primary sales agent with the highest number of installations in Japan, have a long history, and have a large number of dedicated engineers and sales personnel certified by Splunk headquarters, so we can handle everything from verification, installation, construction, and operation once and for all. Rakumatula says this was because he expected support from the top. “I was encouraged by a colleague from my previous job who introduced me to Mr. Fujio Suzuki from Macnica Splunk Sales Department.I immediately contacted him on SNS and found out that he has a wealth of knowledge not only about security but also about implementation on AWS, big data He made appropriate suggestions for solving problems such as utilization and CS improvement, so I was convinced of his high level of technical skills."

Merpay officially decided to introduce Splunk in 2018. Including PoC (proof of concept), the production environment was released at a very fast speed, several months after the start of development. At the same time, the Merpay service for smartphone payments was also launched.

In Merpay, many systems are distributed and managed as Microservices for each function. From there, we collect the necessary data and build a rule engine that regularly monitors transactions based on queries that express the situation of "suspicious transactions" as rules. It uses Splunk at its heart.

Splunk itself is hosted on EC2 (virtual server) of Amazon Web Services (AWS). A large amount of data from Microservices, especially data that needs to be ingested at high frequency, such as payment information, is first handled by asynchronous messaging "Cloud Pub/Sub", a Splunk add-on for Google Cloud Platform (GCP) (where publishers A loosely coupled program for sending messages without assuming a subscriber) and sending subscriptions for each topic created for each type of data to Splunk as events while balancing synchronization timing and load. there is At that time, instead of sending it directly, we capture real-time streaming data on AWS, create a delivery stream that collects data, and load it in JSON format. Initially, "Amazon Kinesis Data Firehose", which works with Splunk as standard, was used, but in order to suppress delays, Mr. Rakumatura replaced it with his own proprietary solution, which reduced the time lag from about 30 seconds to 2. It can now be suppressed within seconds. In addition, even if a network failure occurs temporarily, buffering and retries are repeated, freeing error handling and enabling stable and continuous operation.

When introducing Splunk, we built a development environment in addition to the production environment, and built a cluster on EC2 to constantly run CI/CD (continuous integration/continuous delivery).

Mr. Rakumatura recalls, ``Since it was my first experience building a cluster on AWS, the proposal materials regarding AWS implementation and the optimal advice for cluster configuration provided by Macnica were very helpful.''

Near-real-time fraud detection with industry-leading accuracy

The transaction monitoring system, which uses Splunk as the core of the rule engine, imports data from about 10 Microservices that have personal information, merchant information, payment information, etc. At the same time, it also syncs with Mercari, Inc. 's database and evaluates it. We also collect various information such as information. Mercari, Inc. created about 40 to 50 unique dashboards and is currently using them for a variety of tasks.

In addition to transaction monitoring, it can also be used for purposes other than security, such as a dashboard that shows on a map the areas where many Mercari, Inc. users are using, when sales representatives formulate sales strategies such as acquiring new merchants and promotions. It is

In addition, the database containing personal information for AML/CFT and the database for analysis are completely separated, and the dashboard viewed by sales personnel is strictly managed so that no personal information is included. It is said that

Mr. Ito evaluates that Splunk is sufficiently effective in cyber security and fraud detection. "I can't give you specifics, but I am aware that Merpay has become able to detect fraud almost in real time with the industry's highest level of accuracy. Regarding users who are judged as black, regardless of whether or not they have made a payment, the FSA We would like to contribute to the creation of credit and the healthy activation of the market by ensuring that we fulfill our obligation to report to

Ayaka Narita, Product Manager of Merpay, added, "With the typical waterfall method, rules once developed cannot be easily changed even if requirements change. Even if there is a requirement to analyze illegal activities, we can introduce a new rule-based detection mechanism within a week, and create a dashboard within a few days. I feel that it has become possible.”

In the future, Merpay will further expand the use of Splunk, which is still limited to some areas, and Mercari, Inc. is also expanding opportunities to use Splunk, and will explore opportunities to create effects through data linkage.
“the Company provide a 24-hour service, millions of transactions occur every day. Even in such an environment, Splunk allows us to flexibly add and change rules, as well as immediately execute detection operations. What we have achieved is that we have been able to return more value than we had hoped for, and we are extremely satisfied,” says Mr. Ito.

The critical moment is now for Merpay's efforts to create new trust and realize a smooth society. Macnica will continue to provide the latest technical information and support, and will continue to support the company in its future.

User Profile

045-476-2010
月～金 8：45～17：30

inquiry
Please feel free to contact us

Free seminar
Click here for various seminars

Document download
Click here for various materials