Metaverse: A double-edged sword

Imagine this: Within the next 10 years, you are in the metaverse and celebrating a successful business deal, but the joyful moment dissipates as it is quickly becoming apparent that the avatar (person) was not who you thought it was. Reality sets in. You have just become the victim of a cybercrime. Your financial assets and confidential data have been stolen. What now? What measures can be taken to prevent this dire situation? These questions are part of the equation that must be solved in the coming years.

As technology advances, our world is increasingly becoming more dependent on data to function in the simplest aspects of our daily lives, let alone complex business transactions. In our journey into the next frontier, we will transition from viewing data on a screen to being immersed in it.

With an estimated CAGR of 43.3%, the metaverse’s market value of $48 billion in 2020 is expected to grow north of $800 billion by 2028. Top players, such as Facebook (Meta), Google, Microsoft, Nvidia, and other big players, are already invested in developing this next generation of IoT. Meanwhile, financial firms are exploring how to offer their products and services in this vast potential market.


Metaverse is a digital world driven by mixed reality (MR), augmented reality (AR), virtual reality (VR), and blockchain. A world offering unending possibilities to the users, drastically changing how people will not only socialize and play but also how we work and conduct business. A new global economy is in the works.

That said, there is a bigger elephant in the room – security.

With the vast and sophisticated data that will be collected within the metaverse, cybercriminals will be looking for ways to hack and game the system. Prevention of money laundering, microtransactions, intellectual property, and identify theft should be prioritized by financial firms building a metaverse, or offering products and services in one, so users feel safe using this technology. Because, as the saying goes, “with great power comes great responsibility.”

These security concerns can be broken into 8 categories:

CYBERSECURITY- Today, firms use modern technology infrastructure to secure their IT systems, however, there is still an ongoing threat of cyberattacks. These issues will amplify in the metaverse unless we have innovative ways of enforcing cybersecurity governance, strengthening framework, improving cyber risk analytics, and continually monitoring threats to mitigate cybercrimes.

IDENTITY MANAGEMENT- While a virtual avatar can be of a personal choice, it is critical to associate it with a distinct real-world identity, using verification methods, such as enhanced biometric data, to ensure its legitimacy.

CRYPTOCURRENCY AND PAYMENTS- Digital currency payments need to be verified prior to processing to prevent fraud. Verifying the authenticity of the individual or business entity is imperative to ensuring the marketplace is operating at a fair and efficient standard.

REGULATION- A lack of regulatory standards lays a perfect setup for illegitimate activities. Until an industry standard is established, laws are enacted, and regulations are introduced, the onus is on firms using or offering metaverse products/services to enforce strict measures for combating fraud which can lead to disparate treatment or disproportionate enforcement.

INTELLECTUAL PROPERTY- Intellectual property that is created bought, and/or sold needs to be verified and validated by tying it back to a real-world identity. Failure to do so can lead to IP infringement, conflicts of proving ownership, disputes, fraud, or money laundering.

CONSUMER PRIVACY- An increased sense of responsibility to secure and protect the Personally Identifiable Information (PII) of users is needed to maintain user privacy. Sensitive information collected by VR/MR devices, such as biometric information to identify the user, can be stored within a robust blockchain vault behind multiple layers of security.

DATA GOVERNANCE- It is critical for the data to be secure and free from possible breaches. Implementing effective data governance operating model, standards, and practices would minimize potential risks.

DATA CONTROL- The aim of the metaverse is not VR or AR, but MR, an indistinguishable blend between the real world and digital world. MR prototypes are capable of not only tracking body movements and brain wave patterns, but also monitoring what users say, look at, or think about. Data this valuable will allow whoever controls it the ability to take control over your entire reality.

BUT WHO’S GOING TO DIVE IN FIRST? – It is clear these concerns add up to a tall order, however, the first company to tackle such issues will reap the competitive benefits as a first-mover advantage, including huge financial, reputational, and strategic rewards. Moreover, this can be a door-opener for insurance companies to establish policies as they have done similarly for physical assets.

On that note, as the world readies itself for an immersive digital journey, it is important to take note of the opportunities it brings forth.


By- Alan Smith Principal Consultant at Capco, Bhavik Domadia Senior Consultant at Capco, and Derrick Wang Senior Consultant at Capco

Check Also

4 AI-Powered Bank Statement Analyzers for MSME Lending

India has over 6.3 milion MSMEs, with an unmet credit gap of 120 billion USD. …