By Kevin Gosschalk, Founder and CEO, Arkose Labs

A few banks have started to plough ground in the metaverse. But are banks aware of how consumer security would play out in the metaverse? Is there something they can learn from their gaming peers in digital account security? Read on to learn more

Given the monetization potential of consumers’ fintech accounts, attackers are training their focus on metaverse pioneers in the finance sector. New research shows attacks targeting metaverse pioneers increased 40% in Q1 2022 over Q4 2021. And the top threats in the metaverse are scams, microtransaction abuse, and unfair play – attack types that banks typically don’t encounter in today’s physical and digital worlds.

When compared with the attacks that banks are currently fighting – such as account takeover attacks, application fraud, and so forth – they will need to exercise new cybersecurity muscles to operate and protect their consumers’ avatar identities in the metaverse. Fortunately, banks need not reinvent the wheel – they can learn from the experience of gaming companies, the original pioneers of metaverse worlds.

Attacks on gaming companies in the metaverse

Gaming companies in the metaverse are up against Master Fraudsters. These attackers are the most sophisticated and use multiple tools to attack consumers and bypass defenses. Along with weaponizing bots, Master Fraudsters are using human fraud farms to appear legitimate and abuse the communication channels of the target companies.

Gaming platforms in the metaverse deal with synthetic accounts and use of bots and animation to scale up the currency earnings. For instance, using automation, an attacker may launch 100,000 attacks. Even if the company blocks 90,000 of them, 10,000 still get through. Of these, even if 500 were successful, the attacker can reap enormous profits.

Usually, players on a gaming platform can use the rewards earned while playing games to trade or buy money for real-money trading. When attackers exploit the gaming environment, they create synthetic accounts and use bots to accumulate the currency in no time. They then sell this currency to other players to help them gain unfair advantage over the others.

Another type of attack is on NFTs. In case of NFTs – limited single-purchase-only digital goods – the value increases over a period of time as it becomes rare. Attackers try to amass the best NFTs using bots and scripts much like sneaker fraud or ticket resale fraud, to resell later at a premium.

Benefit from the experience of gaming companies

Banks can benefit from the experience of their peers in gaming to strengthen their own security posture and protect consumers. They can take the following steps to level up their security in the metaverse:

• Understand the consumer: Unlike the digital realm, the consumer in the metaverse will be much younger and digital-native. That doesn’t necessarily mean these young consumers will be equally security savvy, as they are prone to sharing accounts and passwords that can impact account security. Therefore, banks will need effective methods to ascertain whether the avatar in the metaverse is really who they claim to be. Banks will need to focus on trust and safety at account login, registration, and in-platform actions.
• Brace for volumetric, synthetic account attacks: In the metaverse, synthetic account attacks are likely to shoot up to 30% from the current 9%. Synthetic identities are difficult to detect and deter, because they feign legitimacy. Therefore, banks must adopt fraud prevention strategies that can quickly deter volumetric attacks and ensure security of consumers’ online accounts in the metaverse.
• Prepare for social engineering attacks: Banks in the metaverse will be more susceptible to social engineering attacks. For instance, a bank looking to leverage a video game to facilitate in-game customer service conversations may be under a social engineering attack. An attacker may create a similar looking bank in the same game and engage in social engineering to convince consumers to share confidential information.

Catch the attackers in their tracks

To catch the attackers early in their tracks, banks will require deeper insights and intel into attacker tactics and financial motivations. They can use smart fraud prevention solutions that leverage advanced technologies such as machine learning, behavioral biometrics, digital device intelligence, IP intelligence, and so forth.

For long-term protection against Master Fraudsters in the metaverse, banks require familiarity with the financial motivations of the attackers. They must adopt a defense-in-depth approach that erodes profitability of attacks to such an extent that the attack no longer remains economically attractive and forces the attacker to move on to an unprotected target.

About Arkose Labs:

Arkose Labs bankrupts the business model of fraud. Recognized by Gartner as a “Cool Vendor in Fraud and Authentication,” the company offers an industry-first warranty on account protection. Its AI-powered platform combines powerful risk assessments with dynamic attack response that undermines the ROI behind attacks, while improving good user throughput. Based in San Francisco, CA with offices in Brisbane, Australia and London, UK, the company was honored as the 195th fastest growing companies in the United States on the 2021 Inc. 5000 list. Arkose Labs – Fraud and Abuse Prevention Platform