What Banks Can Learn from Gaming Companies about Security in the Metaverse

As banks plough ground in the metaverse, Kevin Gosschalk, Founder and CEO of Arkose Labs, argues that they will also have to rethink their cybersecurity posture.

Banks are at a precipice as they start to explore what it means to be a metaverse company, and one of their biggest considerations has to be cybersecurity.

Financial institutions are some of the most attacked companies, understandably, because if a fraudster can gain access to a consumer’s account, they can quickly drain it of funds. Of course, most organisations will have some sort of controls in place to protect customer accounts. However, as more and more banks deploy the metaverse strategies they’ve been conceptualizing and building for the last several years, what does their security look like and will it continue to be up to scratch?

To answer that question, banks can look and learn from an industry that’s been playing in the metaverse for some time now: the gaming sector.

This industry is a good proxy for banks as they build their consumer account strategies in the metaverse. Gaming companies like EA, Blizzard, and Roblox are some of the pioneers of this new digital territory.

Here are three insights banks can learn from gaming companies about protecting consumers’ online accounts in the metaverse.

1. The Metaverse Adversary is Seasoned and Smart

We’ve observed through our threat-intelligence gathering that it is the most sophisticated category of fraudster, the Master Fraudster, that is attacking consumers who are already active in the metaverse. Master Fraudsters are the more persistent attackers who script together multiple tools, use fraud farms, and are willing to invest more time and money to bypass defences. With highly persistent attackers and high stakes, banks investing in the metaverse must put a premium value on trust and safety at account login, registration, and in-platform actions to protect avatar identities in their virtual worlds.

Insights from the Arkose Labs Global Network show scams, microtransaction abuse, and unfair play to be top threats in the metaverse world. Compare those attacks to the attacks banks are used to defending against, like account takeovers, and banks are going to have to exercise new cybersecurity muscles to operate in the metaverse. With that understanding, as banks build and deploy their metaverse strategies they can build controls specific to the types of attacks they will most likely encounter in the metaverse.

2. Your Consumer Isn’t Your Usual Target…

Strategy always starts with understanding the target audience. Banks need to be mindful that the audience for a metaverse company probably is going to be much younger than the traditional audience banks are used to. While the metaverse is better understood and adopted by the younger generation, most of these young people are not security savvy. They sometimes share passwords and accounts, for example, and that impacts cybersecurity. We expect there to be a changing of the guard over the next several years where the expected authentication will be very different compared to where we are today with passwords, OTP, and the like. A really interesting shift is afoot in the metaverse, as companies and banks look for new secure methods to figure out if an avatar in the metaverse really is who they say they are.

3. …And Neither is the Attack Type

Most banks primarily deal with account takeover attacks, application fraud, and a small percentage (9%) of synthetic account attacks.

In the metaverse, though, an increased percentage of attacks are synthetic account attacks, 30% in fact. In addition, the volume of synthetic accounts that exist is massive for metaverse companies – so banks will have to adapt fraud prevention strategies quickly to deter volumetric attacks. Synthetic identities are extremely difficult to detect and deter, because they appear like genuine consumers. Banks must develop the ability to defend against this type of attack now, so that they’ll be ready to protect their consumers’ online accounts later in the metaverse.

A Record Year for the Wrong Reasons?

Much like 2021, this year is likely to continue to be a record year for data breaches according to the Identity Theft Resource Center, and it’s clear that online criminals will continue to evolve their tactics to take advantage of new and sometimes untested metaverse approaches by the financial industry. Banks should be wary that fraudsters are ready and waiting to strike at any time – not only creating significant and damaging financial implications but reputation is also firmly at stake.

The industry now has a plethora of innovative technology solutions at its fingertips and it needs to use this to fight back. In fact, it’s almost three decades on since John McAfee created what’s widely regarded to be the world’s first commercially available anti-virus product. The industry has come a long way since then. Many of today’s machine learning-powered, intelligence-driven solutions do a great job of stopping security and fraud in its tracks. Just make sure that yours is in place and ready to stand up to the test.

By Kevin Gosschalk, Founder and CEO of Arkose Labs.

Headquartered in San Francisco with offices in Brisbane, Sydney, Tokyo and London, Arkose Labs debuted as the 83rd fastest-growing company in North America on the 2021 Deloitte Fast 500 ranking.

Guest Contributor
Guest Contributor
Follow on Twitter @eWeekUK

Popular Articles