Ready Player KYC - Vespia’s Thoughts on Fraud in the Metaverse

Julia Ront, Founder and CEO of Vespia

September 26, 2022

Remember the movie (or the book) Ready Player One? A dystopian world in the year 2045, where people try to find sanctuary from the difficulties of the real world in a virtual game. In the current critical times of war, energy crisis, and climate change - it is no wonder that the concept of the Metaverse is becoming increasingly appealing.

The Metaverse, in theory, is a place with no war, no inequality, no climate change, easy and fast access to services. Not to mention that you can have ownership of land, art, luxury goods, the things that may be completely unattainable to you in the real world.

The pivot to a cyber world where we will employ a digital identity to work, shop, and interact socially has started to tempt not only the tech moguls such as Apple and Microsoft, but also creative individuals, musicians such as Snoop Dogg, and even brands like Gucci and Toyota.

Most notably, Facebook has renamed Meta and invested 10 billion dollars into the project. According to Bloomberg Intelligence, Metaverse could be a market worth $800 billion by 2024.

However, the Metaverse, even though a picture-perfect world, in theory, is still tied to the flaws of the real world. As we inevitably shift to the Metaverse in the next few years, companies and people must remain attentive to security and regulation issues to ensure the protection of end users and security practices remain up-to-date.

Meta-what?

Just like in the movie Back to the Future II - there are endless possibilities of how the Metaverse, also dubbed as Web 3.0, will end up looking as the “final product”. The main idea is that it should incorporate most of the features of the real world, but can also go just slightly beyond what is possible in the real world: can we get the self-tying shoes and hoverboards of Marty McFly, please?

The Metaverse is a term that refers to online virtual worlds. These virtual worlds deliver an immersive experience employing virtual reality, augmented reality, and blockchain technologies. In Metaverse virtual worlds, users can socialize, explore, play, work, shop, and even invest through their digital avatars. Avatars can wear cool clothing, buy land, buy art, and even build your own little community or city.

As with every previous advance in technology or innovation, there will always be those seeking to profit illegally from others. With so many new business prospects, products, and services to be sold to the users of the Metaverse, no wonder it has become an oasis for money laundering and fraud.

Scammers are going Meta

While blockchain technology is far from fraud-proof, its proponents are right to point out that it contains many security and privacy attributes that would intercept many usual, low-effort fraud schemes. As is often the case, the most common fraud threats are payment transactions, which take place to buy digital currencies.

The Metaverse is tied to the worlds of crypto and NFTs. Outfits, accessories, digital art, basically anything you buy for your avatar in the Metaverse comes in the form of a token, NFT, or another type of a smart contract.

In January, hackers swiped NFTs worth $2.2 million from Todd Kramer, the NFT collector. In February, OpenSea — the world's largest NFT market — lost an estimated $1.7 million in an alleged phishing scam.

In addition, security knocks on designing platforms and the ability to create fake metaverse experiences can conduct hacks, fraud, or the swiping of users' funds. In a nutshell, scams inside metaverse virtual worlds can be equivalent to real-world scams, but they are likely to enclose virtual elements such as crypto assets or virtual real estate.

Protect yourself from Meta-fraud

I would say, the Metaverse at the moment is in a bit of a “testing phase”, where many features of the real world have yet to be deployed to production. As the Metaverses implement the possibility of taking loans and leasings, investing in startups, making donations, pension funds, and other elements of the real financial system, more advanced fraud prevention, KYC, and AML systems will need to be implemented.

  • Verify data by making direct real-world connections. Fraudsters may employ the name of a real-world business to legitimize a fake asset or financial service delivered in the Metaverse. Many firms are still assessing whether to operate in the Metaverse. It is better, therefore, to ascertain Metaverse upgrades by making direct contact with a representative of the real-world business or brand, and researching the business using commercial registers and other public sources.
  • Transactions are irreversible. Many users may perceive the Metaverse as a colorful game, without realizing that the transactions are real. Compared to traditional payment systems, where you can contact your bank and get the unauthorized charges reversed back to you, blockchain transactions are impossible to reverse.
  • Lack of regulation. Innovation and technology are usually early to the party, while the regulation arrives later as a party pooper. First, we create something new and cool, the government observes how the technology works and then regulates it. It may take many years before the Metaverse will become at least somewhat regulated (I mean the NFT and DeFi are still in the gray area of law in the EU). The lack of regulation means a lack of protection for all participants of the Metaverse, because when a user loses money or reputation, then the legal cases still end up on the desks of the courts of the real world. NFT lawsuits are popping up here and there, however, all of them have been initiated by big established brands. NFT and Metaverse regulation has yet to become mainstream and inclusive of regular users and small businesses.
Metaverse
Credits: Antonio Solano, iStock by Getty Images 2022.
  • Who is liable? The ownership of failure. Rug pull is a term used when describing scam (or just failed) web3 projects where the developers or creators close the project and run away with the collected funds. Therefore, it is important to not fall for the hype. Look beyond the striking online marketing and read the Terms & Conditions. Fraudsters use widespread social networks to stretch out hundreds, even thousands, of posts to facilitate illegal offers. Even if a video, post, or article acquires many views, likes, or comments, it does not mean the offer is real or worth it. Usually, a project should have some Terms & Conditions describing what will happen in the case of failure of the venture and what is the venture’s liability in the real world.
  • Don't convey personal or account information to avoid account takeover (ATO) and phishing scams. The Metaverse is designed to motivate immersive, one-on-one exchange with others through avatars and virtual spaces. Such interchanges may build trust, and users may disclose their personal financial information or passwords, assuming that the individual they are interacting with is trustworthy. Scammers are good at building trust online and in the real world.

KYC and AML in the Metaverse

Organizations must understand that they should prioritize a robust AML screening and KYC process to stand strong against money laundering hazards.

I am convinced that KYC and AML should be implemented into the Metaverse businesses already today, instead of waiting for years until it becomes an obligation (and it will). The risk of waiting for the space to become regulated and only then implementing more KYC and AML compliance, is that it will become a shock to the users and the user base will drop. For example, Binance initially lost 90% of its users after implementing KYC.

Imagine, a user of the Metaverse buying land, socializing, buying outfits for their avatar, creating their small business - living the dream. Then one day they start getting notifications, emails, and restrictions that say “Provide your Proof of Address. Prove that you are real. Take a picture of your passport. Show us your company incorporation documents.” Otherwise, you can’t continue.

Implementing AML compliance and KYC bit by bit will allow the individuals and businesses taking part in the Metaverse to get used to the AML questions and ID verification, so KYC will become a normal part of their onboarding process. And this way we will win the regulators over.

Vespia Passport in the Metaverse

Vespia is building a digital identity for companies called the Vespia Passport. It will come in an NFT added to your crypto wallet, so any time you need to prove your identity, your business, get onboarded or verified - you just show your Vespia Passport and you're done.

In the context of the Metaverse, we really want all users to trust each other, as well as the businesses that they are transacting with. We want you to easily verify that the NFT gallery or the Gucci in the Metaverse is real, without logging out of the Metaverse and spending weeks and months trying to research and analyze the project.

Vespia Passport in the Metaverse
Example of how the Vespia Passport will look like in the Metaverse

But this is the future…

Web 3.0 projects offering products and services for the Metaverse are on their way of becoming more AML and KYC regulated. Many web3 businesses include crypto payments, trading, exchange into their offering and therefore are already AML obligated.

Vespia’s AI-driven verification solutions can be easily implemented today to help you be compliant without sacrificing user experience. We combine everything you need for smooth onboarding of your business customers, suppliers, partners and investors.

Let us know if you need any business KYC and AML solutions. Talk to our team!

More blog posts

You might also be interested in these