Security in the Metaverse and What Banks Need to Know

Recognised by Gartner as a “Cool Vendor in Fraud and Authentication,” Arkose Labs offers an industry-first warranty on account protection. Its AI-powered platform combines powerful risk assessments with dynamic attack response that undermines the ROI behind attacks, while improving good user throughput. We caught up with the company's dynamic founder and CEO, Kevin Gosschalk to talk banking security and all things metaverse.

Tell us about your role and your journey to the position - how did you get there?

In high school, I led a guild of 40 players taking down monsters in a game developed by Blizzard Entertainment called “World of Warcraft”. 

Nearly 16 years later, as the founder and CEO of Arkose Labs, we protect Blizzard and many other world-class customers from fraudsters’ attacks and abuse. We do that with an innovative approach– likely inspired by that very same game–and technology that has benefited from my unusual background. 

My first job was building an interactive eye-tracking software that became a groundbreaking technique in early detection for diabetes research. This software enabled detection up to two years earlier than traditional invasive methods. I then developed a new form of entertainment for people with intellectual disabilities. Sponsored by an Australian not-for-profit, the technology leveraged game-like experience to facilitate more social interaction. 

After that, I embarked on the journey to build something that used my favorite form of software design–interactive entertainment–to revolutionise how we fight fraud and abuse. My background in game design, programming, and computer vision all came together in building what ultimately became the founding technology for Arkose Labs. Additionally, my experience designing for a diverse set of user levels (from children to adults with intellectual disabilities) paired with the best techniques in game design set the company up for incredible success in building the best possible user experience. 

What is Arkose Labs? And what differentiates it from its competitors?

Arkose Labs is the global leader in fraud deterrence and account security. It is different from competitors because it works with the biggest companies in the world that also happen to be the most attacked companies in the world by fraudsters. It provides internal threat intelligence teams with raw risk insights and attack signatures as a standard part of its products. It provides this data so that internal teams can use it to tune their internal risk models. 

Why has Arkose Labs taken the step into the metaverse? 

Actually, we have kind of always been active in securing the metaverse. A majority of the biggest gaming companies in the world are our clients, and the gaming sector is really the pioneer of the metaverse. From this vantage point, we’re seeing the types of attacks that fraudsters are tending to deploy as the metaverse evolves. Having said that, the metaverse is very new and still evolving. Even fraudsters are trying to figure out how they are going to take full advantage. You can see from fraudster chatter on the dark web that they are talking about the fraud potential of the metaverse. 

Security is a huge issue today - what threats are most likely to cause problems for metaverse users and businesses and why?

 Cybersecurity issues are shaping up to be different in the metaverse than what fintechs experience today in a digital/online world. Attackers are going to great lengths to abuse metaverse communication channels, leveraging fraud farms to feign legitimacy. Insights from our global network show that scams, microtransaction abuse, and unfair play are threats to monitor as the metaverse develops. Attacks targeting metaverse pioneers increased 40% over Q4 2021.

Are fintechs and incumbents adequately prepared for these challenges? 

Fintechs and incumbents are accustomed to fighting fraudsters, so to a certain extent yes they are prepared for the new challenges that creating a metaverse presence will cause. In all industries, most companies are either developing their metaverse strategy or are in the early deployment stage. Their fraud prevention and consumer account security in the metaverse needs to be an early discussion and woven into their version-one deployments. If not, fraudsters will jump on fintechs at scale, their consumers will have a bad experience, and the fintechs will be playing catch-up. 

What impact is the metaverse currently having on the banking industry worldwide?

The banking industry is dipping its toe into the metaverse waters. Right now banks have built presences that are primarily for customer service and marketing. JP Morgan Chase was the first bank to plow ground in the metaverse by building a customer lounge.  HSBC soon followed suit and announced it is going to build a presence in the metaverse where it can create new and unique experiences for its customers around sports and other types of events. Fidelity Investments has also announced plans to erect an eight-story building in the metaverse where customers can seek financial education and have fun. 

On all counts, right now the demographic of consumers engaging in the metaverse skews young. This is an important point. Most banks and fintechs are accustomed to thinking about cybersecurity strategies with a more senior consumer in mind. And now they need to understand how younger, emerging customers tend to behave. For example, many younger consumers tend to share account credentials with one another–user names and passwords–and that presents new risks that banks and fintechs aren’t used to dealing with. 

Plus, it is the most sophisticated category of fraudster, the Master Fraudster, that is attacking consumers who are already active in the metaverse. Master Fraudsters are the more persistent attackers who script together multiple tools, use fraud farms, and are willing to invest more time and money to bypass defenses. With highly persistent attackers and high stakes, banks and fintechs investing in the metaverse must put a premium value on trust and safety. They must ensure the security of their account login, registration, and in-platform actions to protect avatar identities in their virtual worlds.

Does the metaverse really offer significant benefits to banks - or is the current migration more of a trend?

The metaverse is happening, and banks, fintechs, and merchants need to be planning. It’s my guess, though, that nearly every company in just about every industry has a team of people working on their metaverse strategies. Fraud prevention and account security need to be an early and central part of their planning because the consumer’s account is the entry point for individuals to get into the metaverse. That account needs to be protected. 

Is the rise in investment within the metaverse (property etc) likely to have a significant impact on the success of banking in the metaverse? ​​​​​​

These are pioneering days in the metaverse. The banks that enter the metaverse now have the chance to shape what it means to bank in the metaverse. For example, banks and fintechs that enter the metaverse now have the opportunity to define financial instruments for virtual real estate, like mortgages. (And by the way, some people are saying the term real estate doesn’t apply in the metaverse because land/property/plots aren’t “real” so it’s possible that a new term will become common nomenclature, for example “virtual estate.”)  Banks entering the metaverse now get to help re-think a credit system, they get to shape how people save virtual assets in the metaverse – the opportunities are endless.

In your opinion, will the metaverse be bigger than the internet?

We view the metaverse as an evolution of the internet. The metaverse has the potential to usher in completely new ways for us to engage with others, new sports for us to play, and maybe even new types of jobs.