VR, NFTs, and DeFi may get all the press, but for brands diving headfirst into the metaverse, the operative acronym is more visceral: FOMO. They may also want to reacquaint themselves with a different f-word—fraud.

Admittedly, the marketing hype is hard to resist. Epic Games, Match.com, Burberry, Warner Bros., and other major brands are unveiling hip, new metaversal products, services, and experiences that gain instant buzz. Gucci’s $4,100 virtual handbag? Solid gold. Nike’s $130,000 CryptoKicks? High-key awesome. Million-dollar virtual homes in Decentraland? Hot damn.

At once heralded as “the future of the Internet,” some kind of VR-infused social platform, or maybe a video game, the metaverse is anything but new. The concept was first popularized by Neal Stephenson’s sci-fi novel “Snow Crash” three decades ago. And there have been countless high-profile incarnations with names like Second Life and (more recently) Fortnite. But the floodgate of industry enthusiasm has only been growing since Facebook-turned-Meta CEO Mark Zuckerberg first unleashed his vision last July.

It’s not entirely without warrant, either, because the “killer app” of the metaverse is blockchain and the realization of a distributed web—or Web3. Where once you might have hit a rave, built a home, or done business in a somewhat-limited virtual world, you can now create and monetize virtual worlds of your own. You can even sell digital goods—fashion, home furnishings, luxury cars, you name it—that transcend different metaverses and, in some instances, the physical world. As consumers shop, collaborate, bank, and play in the metaverse, fraudsters are sure to follow—harming consumers and causing reputational damage along the way.

“As consumers shop, collaborate, bank, and play in the metaverse, fraudsters are sure to follow—harming consumers and causing reputational damage along the way.”

Heavens to Zuck Bucks: There’s Big Money in the Metaverse. 

Never mind that only 31% of US adults have any clue what the metaverse even is—they’re already buying into what JPMorgan Chase says could soon be a $1 trillion annual gold mine. According to Statista, three-quarters of American adults either already have some kind of avatar in a metaverse or are considering experiencing a facet of their lives in virtual environments soon. That makes it a must for any retail or entertainment brand’s omnichannel strategies.

Just as IRL, transactions can be conducted in several different ways. Today, the most common form of payment is through digital currencies. That can mean borderless options like Bitcoin, Mana, non-fungible tokens (those NFTs), or exchangeable metaverse-specific currencies. Think Fortnite’s V-Bucks or Meta’s proposed currency, sometimes humorously referred to as “Zuck Bucks.” Distributed finance (DeFi) means cryptocurrency payments are nearly instantaneous, so there’s no need to wait for funds to be transferred between banks.

As Digital Journal points out, this also offers a level of privacy not typically found in traditional payment methods. Merchants may also allow credit card transactions, which could boost sales by giving customers not yet comfortable with all things crypto a quick, familiar way to meta-transact.

If these digital purchases are both fast and convenient, you could be talking some serious bank, but it also opens up everybody to some new (and some OG) forms of fraud.

Payments Paradise–or Road to Perdition?

Like the primordial Web 1.0 of the 1990s, the emerging metaverse is a new kind of Wild West. All those digital payment options can grease the wheels of commerce, but they’re also dinner bell for cybercriminals.

Digital identities can be tough to verify when users may have multiple avatars originating on different platforms. The use of synthetic identity fraud for account enrollment is already a $6 billion a year problem. But what happens when there are fictitious identities behind numerous avatars spanning countless metaverses?

For merchants allowing card-not-present transactions, CNP fraud is likely to figure prominently, samesies for chargeback fraud. But that’s not the real danger. The fact is, cryptocurrencies offer a nearly untraceable avenue for monetizing stolen credit card numbers and laundering pilfered funds—making payment fraud all the more convenient and risk-free (for meta-thieves, that is). Popular buy now, pay later (BNPL) options are likely to see trouble, too.

Meanwhile, the blockchain itself may be secure, but account takeover (ATO, also referred to as “authority to operate” in Web3-speak) attacks on digital wallets or virtual world user accounts can also have devastating consequences. Losses from ATOs, metaversal and otherwise, exceeded $12 billion in 2021—up from $4 billion in 2018. And from 2020 and 2021, cryptocurrency theft topped $3.2 billion, a 516% increase in just 12 months.

Cybercriminal efforts to harvest account logins and payment information in the metaverse signal that we should all brace for a rise in phishing attacks, either through typical channels like email or through metaversal impersonation. “Is that virtual Wal-Mart legit?”, “That Bank of America branch?”, “Is that really your CEO requesting sensitive employee information during a virtual meeting?” for that matter, is this even the company’s virtual meeting space or a malicious knock-off designed to launch malware or steal sensitive information?

In the metaverse, brands and their customers could get bludgeoned by ever-more sophisticated and costly attacks. But it doesn’t have to be this way.

Preventing the Metaverse of Madness

A layered approach to fraud prevention will be required to protect brands and their customers from cybercriminals within the metaverse. Some of this will need to be implemented by each metaverse’s operator; the rest may fall on the brands themselves.

A risk-based approach that transparently authenticates users behind the scenes is needed to detect and prevent fraudulent behavior and transactions while maintaining the ease and convenience critical to the success of the metaverse. A sturdy offense against brand impersonation scams is no longer optional when the range of scams expand from phishing texts and emails. Say hello to bogus social media pages, phony mobile apps, and countless new modes of communication emerging from the metaverse.

But not just any technology will do. Any effective solution must leverage modern machine learning, advanced data science, and globally-shared transaction and identity data spanning the digital and physical worlds. Cyberattack takedown services will be required to identify fraudulent impersonations behind phishing attacks and other forms of brand abuse.

Only using Outseer as an example:

  • Our payment fraud and account monitoring solutions prevent 95% of all fraud loss, with a customer intervention rate of just 5%—the best performance in the industry.
  • With the rapidly growing constellation of commerce models and digital channels, our emerging payments platform continuously expands to safeguard the digital economy wherever businesses and their customers transact.
  • Our comprehensive, 24/7 cyberattack detection and takedown services close down scams and attacks before they can cause severe financial and reputational harm.

Fraudsters always follow the money. If the metaverse continues gaining traction, the neverending fight against fraud will enter a whole new frontier. To learn how Outseer can help you protect your organization and its customers, request a free demo today.

Armen Najarian

CMO + Chief Identity Officer

Armen is a 15-year Silicon Valley veteran with deep experience leading the marketing function for fast-growing fraud prevention, predictive analytics, and cybersecurity companies. His most recent leadership roles include CMO positions at Agari and ThreatMetrix, the latter of which he established as the definitive category leader for digital identity solutions.