Risk Control System Architecture and Practices at Meituan

This article summarizes a talk from the 8th China System Architect Conference, describing Meituan’s risk control system built to combat black‑industry threats across its diverse e‑commerce services.

Background : Meituan’s rapid expansion from group‑buying to a multi‑vertical platform (food delivery, hotel, travel, etc.) created a large attack surface: millions of users, millions of merchants, and high‑frequency transactions, attracting fraud, fake orders, and account theft.

Risk control challenges include:

Numerous business lines and risk points.

Fast‑changing attack techniques.

Uncertainty about when and how attackers will strike.

System‑building experience is organized around three challenges.

Challenge 1: Business Diversity and Many Risk Points

Risk perception requires collecting complete data (who, when, how, what, action). Controlling risk means focusing on attacker incentives (promotions, merchant ranking, user balance). Integration with over 100 business scenarios and multiple client types (iOS, Android, H5, PC) demands a low‑overhead interface.

To reduce integration burden, Meituan moved the risk‑control logic from a function call to an independent service accessed via a central user‑center, merchant‑center, or payment‑center, turning risk control into middleware.

Challenge 2: Rapid Change

Static rules quickly become ineffective. A robust strategy combines expert‑crafted rules with machine‑learning models, using a “rule platform” that separates scenario, rule, and factor layers, enabling many‑to‑many relationships and dynamic configuration without code changes.

The platform supports synchronous decision APIs and asynchronous data‑collection APIs, and allows runtime selection of strategies via a rule engine.

Challenge 3: Unknown Attackers

Since attackers only need to find a single weak point, Meituan adopts a three‑stage defense: pre‑risk (education, participation, data preparation, proactive protection), real‑time detection (rule platform, verification center), and post‑incident response (case handling, compensation, feedback loops).

Data is categorized into event snapshots, aggregated facts, derived information, and auxiliary base data to support both operational and analytical needs.

Conclusion : A mature risk‑control system requires tight integration, efficient rule execution, a verification service, and continuous feedback. Learning from adversaries and applying systematic, layered defenses are essential for long‑term success.