Are Fintechs Prepared to Face Unique Cybersecurity Challenges in the Metaverse?

Fintechs pioneering into the metaverse must weave in fraud prevention and account security from the start to protect the digital avatars of their consumers from Master Fraudsters

Photo of a man wearing a VR headset as he touches an overlay of metaverse buttons with his finger

The metaverse promises immense potential for businesses to innovate and create unique experiences for their consumers. This potential is good news for fintechs that have disrupted the way consumers handle their finances on the internet.

Reshaping the financial services landscape

Fintechs have expanded the banking landscape and given rise to many new services including several digital payment methods, ability to open new lines of credit online, Buy Now Pay Later (BNPL), cryptocurrency platforms, NFTs, and so forth. Given their innovation streak, fintechs are well placed to foray into and redefine the rules of financial services in the metaverse.

Fintechs that venture into the metaverse now have a unique opportunity to define various financial instruments such as innovative credit systems or mortgages for virtual estates and even how consumers save virtual assets in the metaverse. They can create unique experiences and new ways to engage with existing and new consumers.

Fraudsters have recognised the opportunity, too. Attacks targeting metaverse pioneers increased by 40% over Q4 2021. Amongst the top threats that fintechs can expect to experience in the metaverse are scams, microtransaction abuse, and unfair play – threats fintechs aren’t necessarily accustomed to identifying and stopping today.

Prepared to some extent

One of the biggest drivers of growth for fintechs is digitally-savvy, young consumers. To remain at the forefront of consumer demand, these companies have leveraged technology to offer innovative and easy-to-use solutions that have made financial inclusion easier for young customers. This experience of engaging with young consumers has offered new insights into their expectations that can help fintechs engage better with their young and digital-native consumers in the metaverse.

Fintechs are also accustomed to fighting attackers attempting account takeover, registering new fake accounts, and stitching together synthetic identities for financial gain. This experience will, to a certain extent, prepare them for the challenges awaiting them in the metaverse.

Cybersecurity challenges in the metaverse

Although fintechs have experienced thwarting attacks, the cyber security challenges in the metaverse will be different and require much more preparation than in today’s digital world.

One of the main attackers that fintechs will encounter in the metaverse will be Master Fraudsters who are much more persistent and in for a long haul. These Master Fraudsters can greatly abuse metaverse communication channels, leveraging fraud farms to feign legitimacy. They script together multiple tools, use fraud farms, and are willing to invest more time and money to bypass defences.

In the metaverse, fintechs can expect a surge in synthetic account attacks – likely to increase to 30% from the current 9% in the digital world.

Yet another challenge fintechs moving to the metaverse must prepare for is social engineering, where attackers set up a fake replica of the fintech company to manipulate consumers into sharing their personal details.

The authentication methods used today to ascertain whether the consumer is actually who they say they are, may not be adequate for the metaverse, and may require newer security protocols. Therefore, these pioneering fintechs must weave fraud prevention, consumers’ account security, and protection of digital avatars right into the very first version of their fraud prevention deployments.

Specifically, they must ensure enhanced security at various touchpoints including account login, registration, and in-platform actions. Account security must be an early and central part of the planning because a consumer’s account is the entry point for an individual to get into the metaverse.

Adopt security best practices that gaming pioneers use

Fortunately, metaverse fintechs need not completely reinvent the wheel when it comes to ensuring consumers’ account security. In fact, they can adopt some of the best practices from their gaming peers to enhance their security posture in the metaverse. These include: understanding the consumer, preparing for volumetric synthetic account attacks, and bracing for social engineering attempts.

To ensure superior protection of consumers even in their digital avatars, metaverse fintechs will need smarter solutions that leverage the latest technologies to supplement their fraud prevention efforts. They will require actionable insights and information about evolving attack tactics and financial motivations of the attackers. Using a combination of these solutions and actionable intelligence, fintechs will need to craft a defence-in-depth approach that sabotages the RoI from an attack and renders it financially non-viable, forcing attackers to give up and move on.


About the Author: Brett Johnson is the Chief Criminal Officer at Arkose Labs.