The metaverse is evolving to become a three-dimensional digital world, unbound by geography and currently without clear rules and regulations. It is still very much a work in progress. But, as the culmination of a longstanding trend for multiple emerging technologies to converge, it’s advancing quickly — and many metaverse concepts are business relevant right now.
Already, new trends for the metaverse’s economy, governance, user experience and more are emerging and they require rethinking how your company builds and fosters trust. The old rules may no longer apply.
Most metaverse platforms encourage the use of cryptocurrencies, non-fungible tokens (NFTs) and other digital assets, which may soon become the metaverse’s main form of value exchange.
As well as a crypto fluency issue, it could also pose a trust challenge. Traditional intermediaries (such as banks and clearinghouses) may not be involved in metaverse transactions. Regulators could lack insight and jurisdiction into such transactions or the exchanges that conduct them. As value is stored in crypto wallets, and as pools of digital assets are exchanged and managed within smart contracts, hackers could potentially syphon off assets by exploiting flaws in software infrastructure or code.
Businesses should think about updating their risk posture, enhancing all three lines of defence (the business, risk management and internal audit) with the skills needed to verify transactions and regulatory compliance for digital assets. For financial assets, this defence should likely include hardware-based security for crypto wallets as well as teams that can audit smart contracts to spot flaws, vulnerabilities or hidden exploits. You may need board involvement to align your metaverse financial transactions with your overall risk appetite.
Consider partnerships with fintech or traditional financial institutions offering crypto and digital currency services or engaging trusted third parties to help provide additional control and verification.
The ultimate goal of the metaverse is to become fully interoperable: Your customers and employees will likely be able to take their identities, assets, experiences and data from one platform to another one day. While nothing is certain yet, the expectation is that it will be seamless for them to shop anywhere, navigate any social connections and attend any meeting. The idea is for the current system of ‘walled gardens,’ where each platform provider controls data and sets the rules, to fade away.
This vision of total interoperability may prove utopian. But even a partial move toward easing transitions among platforms can create new trust challenges. Without walled gardens, you and your partners may lose control over data. In response, a new approach to data gathering, governance, analytics and security could be needed — one that can follow your stakeholders wherever they go, while protecting their privacy and inspiring the trust that encourages data sharing. This approach should include clear rules, especially for consent, so your users understand who is using their data and for what purpose.
The metaverse will need rules to govern security, interactions among users, tax collection, data governance, regulatory compliance and more. These rules are not yet settled, but already, metaverse platforms are posing new governance and security challenges. A new, less centralised digital world will likely offer new attack surfaces for malicious actors, including on connected devices such as wearables. Three-dimensional experiences could make some cyberattacks deeply traumatic. New kinds of metaverse-specific crimes are also emerging, such as ’pump and dump’ NFTs and other fraudulent metaverse investments involving project-specific crypto tokens.
Organisations should have a vested interest not just in their own security, but also in their users’ security within the virtual space offered. Consider security and safety at the services level, so that security can be maintained no matter where your asset goes. If your customers are entrusting you with financial assets, you may need both special protocols to protect them and procedures to make them whole if they suffer financial crime within your virtual spaces.
Reassess vendors and partners. Your platform providers and cybersecurity firms may not have updated their security playbook for the metaverse. Consider also engaging with regulators to help shape the metaverse rules that are coming. Get up to speed on decentralised autonomous organisations (DAOs) — built on voluntarily agreed-upon rules enforced by a computer program that runs on a blockchain — which will likely play a growing role in metaverse governance. Throughout these efforts, communicate continuously and transparently with your stakeholders on progress, limitations and new risks.
In the metaverse, the aim is for users to own their digital identities, complete with data, history and assets, which they can use anywhere. This is different from today’s internet, where customers and employees may have an identity just for your company, a particular platform or a specific application. Metaverse assets and organisations will have identities that belong to them and travel across platforms. Even if this vision does not fully come to pass, work is accelerating on digital identities that belong to users.
One possible path is to help empower consumers to decide what aspects of their identity to share — permitting them to be anonymous or pseudonymous. Another path is for companies or third parties to play that role on their behalf. If you lack control over key stakeholders’ digital identities, you may find it harder to trust them and protect them from phishing and other fraudulent activities.
To increase trust in metaverse identities, consider blockchain-based credentialisation services and metaverse versions of multi-factor authentication. For highly sensitive transactions, you may wish to require multi-signature verifications, in which several identities must be confirmed before the transaction closes. Software to detect anomalies and bots can also help protect identities and identify impersonations. Monitor changes in the space so you can adapt data governance and authentication strategies.
The customer and employee experience will change when it’s provided through a virtual reality (VR) or extended reality (XR) headset. Users can expect new sights, sounds, movements and potentially new emotions. A privacy violation or aggression could be intensified, if suffered when immersed in a three-dimensional world.
When your stakeholders enter your virtual spaces, they’ll be expecting you to protect them. If they suffer from abuse or misinformation within your metaverse environment, your brand may pay a steep price.
If you plan to offer or participate in metaverse environments (such as virtual storefronts, meetings or entertainment), consider new protocols and controls (including third-party oversight), as well as impartial content moderation teams to help keep the experience in your metaverse space free from misinformation, harassment and abuse. You may also need to rethink privacy for a digital world that can allow its users to do much more, and reveal much more, than they can on the internet today. Finally, in a digital world that often makes illusion easy, focus on authenticity: A critical way to inspire metaverse trust is for your metaverse presence to match your values and purpose.
Even when you go away, it’s still there: That’s true of the physical world, and it’s supposed to be true of the metaverse too. Even after your customers or employees remove their VR or XR headsets, all the activities they were involved in will persist. Smart contracts will keep enforcing agreements and trading assets. Digital products will remain on digital shelves, ready for other digital users to buy them. Virtual machines will keep producing virtual widgets.
To trust that your company’s virtual activities, investments and presence can work as expected in this persistent digital world, you may need to rethink digital services, monitoring and controls.
New technologies can help. Blockchain combined with artificial intelligence (AI), for example, can in some cases automate the authentication of identity, assets, transactions and contracts — helping establish trust in ongoing metaverse activities. Consider independent teams as well, both internal and external, to audit both smart contracts’ code and the underlying hardware and software infrastructure.
A version of this article originally appeared in PwC’s Tech Effect.
© 2017 - 2024 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details. Liability limited by a scheme approved under Professional Standards Legislation.