While the Metaverse marketing hype is making everyone excited about the future, there is a pile of technical and design problems to solve – including cybersecurity. The huge volume of eCommerce transactions in the metaverse will be a magnet for criminals and criminal groups who will try and take advantage of users and steal their money and digital assets.
A recent report by Trend Micro Europe examined nine different categories of threats against the metaverse and inside the Metaverse. The conclusive data suggests technology companies need to develop Metaverse security models as soon as possible to protect Metaverse-like applications and the future Metaverse.
The study covers money laundering using Metaverse real estate, how Metaverse publishers will create their own in-world digital currencies, causing collapses similar to Luna, how users are defrauded via digital currency transactions and why pump-and-dump schemes will thrive in the metaverse.
David Sancho is the Senior Threat Researcher at Trend Micro. We caught up with him to find out more.
How safe an environment is the metaverse when it comes to financial transactions?
The safety of the metaverse regarding financial transactions has to be good enough to give anybody the encouragement to use it. Whatever problems they encounter – and they will – everybody involved will have to resolve them promptly. Otherwise, the lack of trust would make the environment unusable. All the parties involved will strive to make it safe and guarantee to cover any potential loss.”
What are the biggest threat actors visitors/vendors/customers face within the metaverse?
There are many potential threats, but the major ones would be threats to our privacy. For instance, stealing biometric data that can later be used to steal your identity. Another one is digital property loss – digital goods can be more exposed, like digital tokens, skins, art, etc.
Also gaining access to devices can pose a physical threat to the user. While this is very hypothetical, attacking the glasses or any other device that’s on the user to enhance their experience can be considered a physical threat.
There seems to be a boom in real estate investment - how can investors make sure their transactions are secure?
There’s nothing specific a user must do to make sure financial transactions are safe. This should be guaranteed by the system. Avoiding side-channel transactions is probably a good starting place.
Tell us about money laundering in the metaverse. Why and how is it an issue?
Similar to NFTs, in the metaverse, buying digital goods will be commonplace. From cool items (swords, etc) to skins (the face you wear on the metaverse), those will be bought and sold. Buying them and selling them can allow for shady transactions that financial regulators will have a hard time seeing and accounting for.
What regulatory measures are being brought in to provide better security for customers transacting in the metaverse?
Since there is no current implementation, there aren’t any regulatory measures being taken. As soon as we know what the final shape of the metaverse is, I’m sure there will be regulations and measures to be decided.
What is a pump and dump scheme - and how can it affect customers?
Pump & Dump refers to any scheme that seeks to affect the market value of something so that the owner can sell it at its higher price. Usually, the criminal chooses an inexpensive good (digital good in this case) and spends money to buy it. By whatever means, they then promote it to increase its market value and then proceed to sell it at its peak price to gain a lot of money. This has happened with stock market shares and can be potentially done with any digital good whose prices are volatile by their very nature.”
What do you think the future of digital currencies has within the metaverse? Will CDBC’s also have a major role?
We can’t know if any particular cryptocurrency (or kind of cryptocurrencies, like CDBCs) will be important in the metaverse, but it’s very likely that cryptocurrencies will play a major role in this environment.
It only makes sense that any payment will be done in these and not on normal more regulated currencies. The reason for this is that they are a secure decentralised way to make payments and those are major features in a digital world.
What advice would you give to investors considering assets within the metaverse?
With respect to payment methods, follow the standard ones, not an alternative side channel.
- Exclusive video: Scaling tech businesses with SageFinancial Services (FinServ)
- Exclusive video: Digital ecosystems; driving banking forwardFinancial Services (FinServ)
- Money20/20 USA: Amdocs on making consumer finance simpleFinancial Services (FinServ)
- Embedded finance: Innovating for goodFinancial Services (FinServ)