Metaverse: The Next Fraudtier

Fraudsters are a virtual nightmare for metaverse users (and companies)

Skepticism aside, the metaverse is primed to be the next phase of the internet.

You may not enlist a metaverse real estate agent to buy virtual property next to Snoop Dogg, but there’s a fair chance you’ll have your own 3D avatar within the next few years. After all, the metaverse market could be worth $800 billion by 2024.

As with any new technology, the danger of fraud increases as more users and brands hop aboard the metaverse wagon. It behooves companies to hatch a plan of defense against bad actors in the metaverse while it’s still early.

More data, more problems

If you thought the flat-screen world collected an extreme amount of data from its users, the metaverse would like a word. Thanks to wearable NFTs, virtual avatars and headsets, an online AR/VR playground gathers behavioral data that goes beyond location and search engine queries. Even eye movement can be tracked and analyzed.

More data going in means more data going out — to marketers, and to fraudsters. Brands can tailor customer experiences like never before and perfect their go-to-market strategies; meanwhile, bad actors can attack the metaverse from an inordinate number of touchpoints.

The metaversal landscape and types of data extracted from users may be new (and subject to privacy and compliance concerns), but the fraudster schemes are all too familiar.

What does metaverse fraud look like?

Because the metaverse incorporates online gaming elements into its user experience — digital avatars, achievements, in-game currency — both share similar cybersecurity concerns.

Like other verticals, account takeover (ATO) remains the biggest threat. Hijacking an account allows fraudsters to drain crypto funds, but they can also assume that person’s identity — to the chagrin of the victim who may have spent countless hours building up their metaverse cachet — or sell the account on a third-party marketplace.

The trafficking of crypto in the metaverse opens it up to scams like rug pulls and innovative phishing attacks. There is also the danger of account creation fraud, which leads to money laundering and promotional abuse, as well as friendly fraud and chargebacks that can arise from metaverse transactions.

Bundle up!

Preventing fraud in the metaverse isn’t all that different from surviving a blizzard: both require layering up. This is especially true at the account creation and login stages, where credential stuffing is a breeze thanks to fleets of automated bots.

The essential part of any layered anti-fraud approach, reality or virtual reality, is dynamic data — real-time insights that plug the holes in account verification tactics such as 2FA, MFA, and device fingerprinting. The Deduce Identity Network does just that, tapping more than 500 million anonymized user profiles and 1.4 billion daily user activities to verify accounts faster and more securely. Device fingerprinting, for example, will produce false positives as the metaverse is accessible on multiple devices. Add the intelligence of a Deduce platform, and more legitimate users will get in, stress- and friction-free.

The metaverse may be a relatively new phenomenon, but fraudsters are already a step ahead. Last year, metaverse companies saw an 80% increase in bot attacks and 40% increase in human-driven attacks. The best way to catch up and preempt these attacks is to fortify defenses at registration and login, which significantly improves user experience, curbs churn and reputational damage. Neglect to install a real-time intelligence layer, though, and it could cause a virtual nightmare.