Core of Device Rental Risk Control: Blacklist & Whitelist Strategy Cuts First-Time Overdue Rate to 3%!

The Art of War in the Cloud: Know Your Enemy and Know Yourself, and You Shall Win Every Battle. To Combat Fraud, You Must First Understand It. When Masters Clash, the Contest is Decided in an Instant. Within a Risk Control System, the Black and White Lists Represent an Impenetrable Line of Defense—Fundamentally Distinct from Credit Risk Control. The logic of the Blacklist, in particular, is ruthlessly simple: once identified as fraudulent, access is terminated—immediately and without exception.

Every device leasing company maintains its own list database, commonly referred to as a blacklist and whitelist. These lists serve as the first step in the risk control strategy by conducting an initial screening and assessment of the overall customer base. Specifically:

• Hits in the whitelist result in immediate credit approval.

• Hits in the blacklist lead to instant credit rejection.

This approach reminds me of the "Bei Tu" risk control model, which relied on an extensive blacklist database. Any user not flagged in the blacklist was considered creditworthy, achieving a履约率 (fulfillment rate) of over 95% in the industry at the time. However, such a stringent strategy requires extreme caution, as any error can lead to widespread losses.

The advantages of using list databases include:

• High approval accuracy and efficiency

• Reduction in customer acquisition costs

• Decrease in overdue rates

This remains one of the most effective risk control methods in the device leasing industry today.

Rent Out with Confidence, Recover with Certainty – Focusing on the Credit Leasing Industry | A Transformation Diary for Interconnected Finance Professionals | Staying in the Industry Until We Earn 100 Million!
28 Original Posts | Official Account

01 Building a Device Leasing List Database: Core Requirements and Strategic Focus

The core requirements for building a high-quality device leasing list database are high credibility and strong authenticity. Defining which customer segments should be included in these lists requires strict, well-designed rules.

Whitelist vs. Blacklist: A Strategic Balance

• Whitelist construction demands even stricter standards than the blacklist.

• Incorrect whitelist approvals result in losses of credit principal and operational costs.

• Incorrect blacklist rejections only lead to losses in operational costs.

Common Sources for Whitelist Data

Whitelist candidates typically originate from the following scenarios:

1. Whitelist Construction

1.1 Users with superior risk assessment ratings from our company.
Example: Individuals who qualify for bank mortgage products would be classified as whitelisted users in credit applications.

1.2 Repeat lease customers with good payment history.
Example: Users who have successfully completed over three automatic payment cycles are added to the whitelist. Subsequent applications from these users may receive pre-approval without further review.

1.3 Users verified through joint modeling with external data or special documentation (e.g., social security or housing fund records).
While not always fully whitelisted, these applicants enter a simplified review process.

Whitelist development is an ongoing process that matures with accumulated experience and data.

2. Blacklist Construction

Building a blacklist is a dynamic process that evolves with business expansion. It not only mitigates risks but can also generate revenue through external data services. Key sources of blacklist data include:

Key Sources of Blacklist Data Include:

I. Internal Blacklists
Build your own blacklist database using historical customer behavior data from your platform.
Example:

2.1 Severe Overdue Accounts

• Customers with 30+ days overdue are typically blacklisted.

• Recommended: Implement delinquency tagging to distinguish between:

• First-time offenders with 30+ days overdue

• Repeat borrowers with renewed 30+ day delinquencies

2.2 Customer Service & Audit Feedback

• Blacklist based on post-lease customer service reports

• Accounts flagged during audit reviews

2.3 Risk Control Rule Triggers

• Device-based risks: Blacklist IMEI numbers associated with 10+ different loan applicants

• Identity fraud: Customers attempting to apply using others' information

2.4 Close Associates of Blacklisted Individuals

• Extend to emergency contact phone numbers

• Include spouse's contact information

• Apply with discretion and data validation

II. External Blacklists
2.5 Public Legal Records

• Court-listed debt evaders and dishonesty convicts

• High-risk individuals identified through external database queries

2.6 Industry Fraud Data

• Verified fraudulent clients from financial industry sources

• Test before full integration

2.7 Paid Third-Party Services

• Commercial blacklist query services

• Industry data exchange partnerships

02 Blacklist as Primary Risk Defense

As the first line of defense in risk control, blacklists primarily prevent repeated fraudulent activities through a straightforward, cost-effective anti-fraud mechanism. Key strategic dimensions for blacklist application are illustrated below:

2.1 Match Items & Requirements
A match on any single item counts as a hit:

• Name

• Phone number

• ID card number

• Email address

• IMEI

• Bank card number

• Company name

• Company phone number

2.2 Placement in Decision Process

• Non-paid internal blacklists can be flexibly configured at different stages based on strategy needs

• Paid external blacklists must be deployed at the final stage of all strategy rules to avoid unnecessary cost waste

2.3 Post-Hit Processing for Blacklists
All customers triggering blacklist hits are added to a "Suspicious Risk List" for:

• Strategic hit statistics analysis

• Development of new strategies based on multi-dimensional statistical results

2.4 External Blacklist Hit Follow-up

• Add the matched customer information to the internal blacklist

• Continuously enrich the proprietary blacklist database

• Prevent repeated consumption of external paid services

Definition of Blacklisted Customers:
These represent severely problematic clients demonstrating behaviors such as:

Blacklist Performance Evaluation

Before fully implementing a blacklist, mobile device leasing platforms often release 5% of randomly selected customers who trigger blacklist hits to test the data quality and assess whether the blacklisted customer segment aligns with their business context.

When evaluating the quality of third-party blacklist data sources, the following five key metric formulas are typically used to measure accuracy and effectiveness:

1. Search Rate

Formula: Search Rate = Number of Identified Hits / Sample Size
Indicates the proportion of the sample detected by the blacklist.

2. Coverage Rate

Formula: Coverage Rate = Number of True Blacklist Hits / Total Blacklist Hits in the Sample
Measures the blacklist’s ability to correctly identify known risky users.

3. Error Rejection Rate

Formula: Error Rejection Rate = Number of False Blacklist Hits / Number of Good Users Approved
Reflects the rate at which good users are incorrectly blocked.

4. Effective Difference Rate

Formula: Effective Difference Rate = Number of True Blacklist Hits / Number of Approved but Bad Users
Highlights the blacklist’s effectiveness in catching bad users who would otherwise be approved.

5. Invalid Difference Rate

Formula: Invalid Difference Rate = Number of Irrelevant Blacklist Hits / Other Rejections in the Sample
Indicates hits that do not contribute meaningfully to risk prevention.

Interpretation & Strategic Insight

• Blacklists are primarily used in anti-fraud scenarios, making the Search Rate and Coverage Rate critical. A high hit rate suggests strong predictive value for user delinquency.

• If both the Effective Difference Rate and Invalid Difference Rate are high, the blacklist may be overly broad and low in quality—resembling a "cast-a-wide-net" approach rather than targeted risk control.

To maximize effectiveness, blacklists should be managed through a structured approach covering data sourcing, evaluation methods, cost optimization, and dynamic updates—ensuring informed and strategic deployment.