What banks can learn about security in the metaverse

Should banks be looking to expand into the metaverse?

Certainly. In fact, this is the time for banks to blaze the trails in metaverse banking. These pioneers will have unique opportunities to define and shape what it means to bank in the metaverse. They can tap into the immense opportunities available to create virtual experiences and leverage the presence of other metaverse pioneers to engage with a wider consumer base.

Some banks like JP Morgan Chase, HSBC, and Fidelity Investments have already registered their presence in the metaverse where they are extending customer services to their metaverse consumers as well as undertaking marketing activities.

How can banks protect their customers from fraud in the metaverse?

Most banks craft their cybersecurity strategies with senior consumers in mind. However, banks venturing into the metaverse must understand that unlike the current digital realm, consumers in the metaverse will be much younger and digital-native. In view of the changed demographics in the metaverse, banks will need to revisit their strategies and delve deeper to understand how younger, emerging consumers tend to behave. Although digitally savvy, these young consumers are not necessarily security-savvy. For instance, they are prone to sharing their account credentials – usernames and passwords – among themselves. Currently, banks are not accustomed to dealing with such risks.

Further, authentication methods that banks use today such as username-passwords, OTP, tokens etc, may not work in the metaverse. There may be a need for completely different security protocols to protect young consumers in the metaverse. Banks will also need to ensure enhanced security at various touchpoints including account login, registration, and in-platform actions to be able to protect the digital avatar identities in their virtual worlds.

What are the risks that banks need to be aware of when considering offering banking in the metaverse compared to traditional banking?

Finance companies are a hot target for financially-motivated attackers, for obvious reasons, like the potential for greater monetization. A successful takeover of a consumer’s account can allow an attacker to steal funds in the account, sell it to third parties, seek loans, or worse use the compromised account for money laundering, money muling and similar other financial crimes.

In the metaverse, scams, microtransaction abuse, and unfair play will likely be the top threats that banks face. Another major threat banks must prepare for is the proliferation of synthetic identities, which currently stands at 30% in the metaverse compared to 9% in the real world. Synthetic identities are fraudulent identities that attackers stitch together using stolen consumer details with fictitious data. They are extremely difficult to detect and deter, because they appear like genuine consumers in the virtual world. To make matters worse, the volume of existing synthetic accounts is massive for metaverse companies – so banks will have to adapt fraud prevention strategies quickly to deter volumetric attacks. Social engineering is another area banks in the metaverse should be wary of. Consider a scenario where a bank is looking to leverage a video game to facilitate in-game customer service. Attackers may target these customer conversations with social engineering attacks. They may create a similar looking bank in the same game and engage in social engineering to convince consumers to share confidential information.

Banks in the metaverse will be up against more persistent and more resourceful Master Fraudster category who script together multiple tools, use fraud farms, and are willing to invest more time and money to bypass defenses. With these persistent attackers and high stakes, security needs in the metaverse will be even higher compared to what they currently are.

Therefore, banks foraying into the metaverse must rethink their cybersecurity posture to be able to better protect their consumers’ digital avatars. They must keep fraud prevention and consumers’ digital account security central to their planning as consumers’ digital accounts are their gateway to the metaverse. Banks must also put a premium value on trust and safety of their consumers’ digital avatars. They can learn and implement the best security practices that gaming pioneers in the metaverse have adopted to navigate the new digital territories.

What are the long-term gains of banking in the metaverse?

Banks venturing into the metaverse now are well positioned to become the pioneers of new banking experiences for their consumers. For instance, banking pioneers in the metaverse have the opportunity to define financial instruments for virtual real estate, like mortgages, re-think a new credit system, or re-define how people save virtual assets in the metaverse. They can create new and unique experiences for their customers – the opportunities are endless.

With the rise of embedded banking, should banks be offering incentives in the metaverse rather than in traditional banks?

Metaverse offers immense opportunities for banks to create newer experiences for their consumers. JP Morgan Chase has built a customer lounge, HSBC is going to be creating unique experiences for its customers around sports and other types of events, and Fidelity Investments has announced plans to erect an eight-story building in the metaverse where customers can seek financial education and have fun. So, there is a lot of activity around offering incentives already happening in the metaverse and going forward, this is only going to increase.