Xiaomi's Internet Finance Risk Control Practices: Architecture, Rules Engine, and Machine Learning

In June 2019, Xiaomi's payment team presented their risk control practice at the first Internet Finance System Salon, describing the evolution from simple rule‑based controls to a sophisticated, high‑availability architecture.

Attempt (2014) : Faced with high bad‑debt rates in the Mi‑coin SMS recharge channel, they introduced basic limit, frequency and attribute rules, built a rule engine in four weeks, and achieved a one‑third reduction in bad‑debt after two weeks of trial.

Development (2015‑) : To support growing third‑party payment services, they adopted the open‑source Drools engine, separating ordinary rules, CEP rules and a management console, enabling rule deployment within five minutes and introducing a gray‑release system for safe testing.

Expansion : With rapid business growth, they integrated data sharing across Xiaomi, built user and device profiling, and applied machine‑learning models—testing four classifiers and selecting a random‑forest model trained on 17 transaction features—to enrich black‑lists and cut fraud losses by about 40%.

The Q&A highlighted practical concerns such as rule granularity, model selection, over‑fitting tolerance, and privacy safeguards, emphasizing open‑source tools, rapid iteration, and a balance between security and user experience.