A single hijacked prefix can route a chunk of payment traffic into a stranger's network for half an hour before anyone notices. For a payment provider, that is not a routing incident. It is a regulatory event, an exposed-traffic incident, and an auditor knocking on Monday morning. This post walks through the BGP edge hygiene we ran in production at a national fintech: what we filtered, how we automated it, what broke, and a copy-paste checklist at the end. The threat model in 200 words If you run a public-facing AS, the internet routing system trusts you and your peers to announce only what you should announce. That trust is not enforced by default. Five classes of problem will hurt you: Route hijacks where a remote AS originates your prefix and pulls traffic away. Route leaks where a transit customer accidentally re-announces full tables to a peer. Sub-prefix hijacks , more-specific announcements that win longest-prefix-match.…