Even though most financial institutions are closing their physical branches in favor of digital channels, location still matters online.
Indeed, many financial institutions are moving into what’s called the metaverse, alongside retailers and other businesses that people can “visit” through virtual reality. The Metaverse – actually more of a collection of various virtual reality spaces that people initially used to play video games – is increasingly becoming the place to be, for shopping, for attending events and , more recently, even to engage in complex financial transactions, such as buying a house.
In recent weeks, JPMorgan Chase, HSBC and American Express have all planted their corporate flags in the virtual world – buying up slivers of virtual space, often near a celebrity or in a metaverse area that will show them . For example, JP Morgan Chase, with $2.6 trillion in assets, bought a virtual place in “Decentraland”, which would serve more than 300,000 users in total, with 18,000 daily visitors.
“When HSBC recently purchased virtual real estate in The Sandbox metaverse, a decentralized virtual gaming world, it joined JP Morgan in the latest sign that financial entities are betting on the potential of investments in the metaverse,” says Gary McAlum , principal analyst at TAG Cyber. JP Morgan Chase recently published a white paper, suggesting that this channel could provide a wealth of marketing and transactional opportunities, as well as help them gain credibility with Gen Z and Millennials.
But land creation opportunities come in particular with great risk. While most financial institutions generally use their presence in the virtual world to market and connect, more than to transact, this is not your dad’s Second Life.
It’s expected that the metaverse’s user base and capabilities will snowball fairly quickly. “The metaverse will likely permeate every industry in one way or another in the coming years, with an estimated market opportunity of over $1 trillion in annual revenue,” according to the white paper. JP Morgan Chase.
And, as this evolution occurs, McAlum says that “without a doubt, cybercrime will follow.”
“While the understanding of metaverse security challenges continues to evolve, there are many reasons for concern,” McAlum continues. While it is currently expected that the exact “method of attacks within the metaverse” may differ from those seen through email or other more established distribution channels, “the general concepts remain the same. “, adds McAlum.
The metaverse has already become a hotbed for ticket scalping or resale fraud, according to Kevin Gosschalk, founder and CEO of Arkose Labs. Right now, banks and credit unions are mostly moving into the metaverse “because they want to look cool.” As metaverse channels become more popular with users and financial firms, and begin to become the site of more exchanges, Gosschalk predicts that more automated botnet attacks will follow and there will be a “changing of the guard “.
“The Metaverse is going to be a whole new world,” Gosschalk says. “And banks will be creative in how they engage here.”
McAlum agrees: “Regardless of the medium, malicious actors will try to use deception and human error to gain access to information.”
For example, fraud and phishing attacks can originate from an avatar impersonating a bank employee’s colleague instead of a misleading domain name or email address. Perhaps even more worryingly, deepfake technology will “really come into its own with the metaverse,” McAlum predicts, as bad actors use virtual reality to gain trust and engage through impersonation.
“Clearly, identity security will be a fundamental part of a strong metaverse security model,” McAlum said, adding that banks and their service providers need to think carefully about security as payments and other financial transactions become “metaverse-enabled”.