Alexey Khitrov, CEO at ID R&D, discusses what metaverse stakeholders will need to consider when it comes to preventing fraud
Metaverses are on the horizon. However, behind all the excitement about digital worlds, virtual workspaces, and hybrid social experiences lurk security risks.
How can we be sure the avatar with whom we’re sharing intellectual property is really a genuine colleague? How can we trust that a virtual interaction with our bank manager, friend, or romantic partner isn’t an interaction with a fraudster? And how can we protect our own digital identities from being stolen and used by people with nefarious intentions?
In January, Meta boldly claimed to be building the world’s most powerful AI supercomputer: Research SuperCluster (RSC). Set to launch in mid-2022, RSC will “help us build for the metaverse”, said the company. What’s clear is that this computer will need to prioritise security.
Here’s what organisations building metaverses will need from their supercomputers to ensure frictionless experiences for good people, and extremely hard work for those out to commit fraud.
Prevent fraudsters from registering under false identities
While the metaverse promises to change the game for digital interactions, those building these new environments need not reinvent the wheel when it comes to security. Brilliant strategies for verifying people during account registration already exist.
Metaverse creators should provide users an option to link off-line identities with their metaverse ones by tapping into modern identity verification technologies, including those used by banks. This will ensure that people have an opportunity to confirm to the metaworld that they are who they claim to be. Facial biometrics is a strong solution to this problem, because the technology can both verify a person at sign-up and improve ongoing authentication. Simultaneously, liveness detection is key too. Once a person’s selfie is matched to a photo on their ID or enrolled biometric, liveness verifies whether the person is actually there, and not just someone with a photo, screenshot, or mask pretending to be someone else.
The power of AI to spot fraudsters has been proven; new research from ID R&D demonstrates that computers are much more adept than humans at identifying whether a face is real or a spoof. The same was true even when groups of seventeen people deliberated over the same image. With RSC allegedly up to 20 times as fast as existing supercomputers, Meta has sufficient power to support biometric technology on a very large scale during the registration process. They should also channel this power into technologies that will enable them to moderate content at scale and authenticate users throughout their time in the metaverse. If they can’t, we’ll likely see the spread of misinformation infiltrate the metaverse thanks to fraudsters, which could put even greater strain on content moderation, not to mention pose huge risks to online safety and security of honest customers. A secure onboarding stage – one that uses biometrics to verify our identities – is of utmost importance.
Protect a new breed of valuable assets based in the metaverse
While some fraud in the metaverse can be expected to resemble the scams and tricks of our ‘real-world’ society, other types of fraud must be quickly understood if they are to be mitigated by metaverse makers.
When Facebook’s Metaverse first launched, investors rushed to pour billions of dollars into buying acres of land. The so-called ‘virtual real estate’ sparked a land boom which saw $501 million in sales in 2021. This year, that figure is expected to grow to $1 billion.
Selling land in the metaverse works like this: pieces of code are partitioned to create individual ‘plots’ within certain metaverse platforms. These are then made available to purchase as NFTs on the blockchain. While we might have laughed when one buyer paid hundreds of thousands of dollars to be Snoop Dogg’s neighbour in the metaverse, this is no laughing matter when it comes to security. Money spent in the metaverse is real, and fraudsters are out to steal it.
One of the dangers of the metaverse is that, while the virtual land and property aren’t real, their monetary value is. On purchase, they become real assets linked to your account. Therefore, fraud doesn’t look like it used to. Previously, if your Facebook account was compromised, the hacker might ‘phish’ your friends to click on a link leading them to a spoofed digital shop or an offer that’s really too good to be true. However, in the metaverse, fraudsters could use your stolen digital identity to gain access to your valuable items.
That’s why users should be able to choose their security methods, with access to varying levels of security based on where it applies. For example, it’s one thing playing a game in the metaverse, and another to sell £10 million worth of property. It’s also important to consider the user experience (UX) design. The industry has a responsibility to create frictionless technologies, without compromising safety.
Stamping out this kind of fraud before it even begins starts with protecting the only link between your assets and their monetary value: your digital identity.
Continually check that genuine accounts haven’t been co-opted by criminals
Thankfully for all those who plan on using the metaverse either to buy NFT land, to work alongside colleagues or even just to interact with our nearest and dearest, all the ingredients exist to enable a secure and easy experience even after the signup process.
To protect consumers from account takeovers, PINs, passwords and multi-step security checks will not be enough in the metaverse. These are easily stolen by fraudsters, or picked up from data breaches, not to mention accidentally forgotten by those to whom they genuinely belong. Honest customers using the metaverse for work or play don’t want ID checks interrupting their use of the platform.
Instead, providers should rely on authentication methods that cannot be shared or stolen for continuous authentication that will ensure the account is being used by its registered owner. A strong solution is face or voice biometrics, protected by liveness detection. A quick snap of the face and 1-2 seconds of speech is all that’s needed to check an avatar is still who they claim to be. It’s also a quick way to catch fraudsters; face and voice are almost completely impenetrable for fraudsters, with the combination one hundred times stronger than face alone.
Not only is this approach strengthening security, but it’s enabling the genuine customer to reap the full benefits of the metaverse without intrusions from over-suspicious systems. This allows for the fast and convenient experience consumers expect in today’s world.
Organisations building metaverses must take security seriously
There is a huge opportunity for organisations to limit metaverse fraud before it even begins. In today’s world, storing biometrics in a secure, decentralised way is the way forward – and possible on the blockchain – to provide further assurances of safety.
It’s not simply a nice-to-have. With the recent draft of the UK’s Online Safety Bill highlighting the need for greater online security regulation, all companies will want to work harder than ever to fight identity fraud in their new, online environments.
Therefore, metaverse creators should focus the power of their supercomputers and AI technologies firmly upon what it takes to prevent fraudsters from registering under fake, off-line identities, what fraud might look like in the metaverse, and what is required to ensure verified accounts aren’t stolen by criminals.
The tech is out there – it’s up to organisations to seize it, realise the benefits, and enhance security on the level required to inspire trust in genuine customers, and to make fraudsters think twice about attempting crime. Deploying biometrics is a key place to start.
Related:
How the C-Suite can set the organisation up for metaverse success — Christian Kroll, managing director at Capgemini Invent UK, discusses how the CEO and C-Suite can ensure metaverse success for the organisation.
Q&A: Hubb COO on shifting towards a metaverse infrastructure in insurance — Following the announcement that challenger insurer hubb is preparing for a shift to the metaverse, the company’s COO Edward Halsey spoke to Information Age about how the metaverse can drive value in the insurance sector.