If your organization has decided to enter the metaverse, you could face a major new challenge: The old rules for achieving trust in your transactions, assets, data, brand experience and more may not apply. This challenge has arisen because the metaverse is evolving to become a new, three-dimensional digital world, unbound by geography and currently without clear rules and regulations. In this world, you and your stakeholders can interact in new ways: buying and selling, recruiting and training, gathering and monetizing data, signing contracts and enforcing them, sponsoring events, monetizing virtual products and more.
The metaverse is still very much a work in progress. But, as the culmination of a longstanding trend for multiple emerging technologies to converge, it’s advancing quickly — and many metaverse concepts are business relevant right now. Already, new trends for the metaverse’s economy, governance, user experience and more are emerging. Others will come soon. All may require rethinking how your company builds and fosters trust.
Here are some guidelines to help address six key metaverse trust challenges. They can help you proceed with confidence in an immersive digital world, where you may soon be able to conduct many of the same business activities as in real life — and a few new ones too.
Most metaverse platforms encourage the use of cryptocurrencies, non-fungible tokens (NFTs) and other digital assets, which may soon become the metaverse’s main form of value exchange. That can pose a technology and skills challenge for those who aren’t crypto fluent. It also can pose a trust challenge. Traditional intermediaries (such as banks and clearinghouses) may not be involved. Regulators may lack insight into these transactions and clear jurisdiction over them and the exchanges that conduct them. As value is stored in crypto wallets, and as pools of digital assets are exchanged and managed within smart contracts, hackers could potentially siphon off assets by exploiting flaws in software infrastructure or code. Some companies may also promote a metaverse “creator economy,” where users monetize their own creations or receive financial rewards for engagement. They may face further trust challenges if they lack controls for rewards to be distributed as promised and to protect users from abuse or manipulation.
You may need to update your risk posture, enhancing all three lines of defense (the business, risk management and internal audit) with the skills needed to verify transactions and regulatory compliance for digital assets.
For financial assets, this defense should likely include hardware-based security for crypto wallets as well as teams that can audit smart contracts to spot flaws, vulnerabilities or hidden exploits. You may need board involvement to align your metaverse financial transactions with your overall risk appetite. As part of this new posture, consider new partnerships. Both fintech companies and traditional financial institutions are offering crypto and digital currency services. As with traditional financial transactions, you may wish to engage trusted third parties to help provide additional control and verification.
The ultimate goal of the metaverse is to become fully interoperable: Your customers and employees will likely be able to take their identities, assets, experiences and data from one platform to another one day. While nothing is certain yet, the expectation is that it will be seamless for them to shop anywhere, navigate any social connections and attend any meeting. The idea is for the current system of “walled gardens,” where each platform provider controls data and sets the rules, to fade away.
This vision of total interoperability may prove utopian. But even a partial move toward easing transitions among platforms can create new trust challenges. Without walled gardens, you and your partners may lose control over data. In response, you may need a new approach to data gathering, governance, analytics and security — one that can follow your stakeholders wherever they go, while protecting their privacy and inspiring the trust that encourages data sharing. This approach should include clear rules, especially for consent, so your users understand who is using their data and for what purpose.
The metaverse will need rules to govern security, interactions among users, tax collection, data governance, regulatory compliance and more. These rules are not yet settled, but already, metaverse platforms can pose new governance and security challenges. A new, less centralized digital world will likely offer new attack surfaces for malicious actors, including on connecting devices such as wearables. Three-dimensional experiences could make some cyberattacks deeply traumatic. New kinds of metaverse-specific crimes are also emerging, such as “pump and dump” NFTs and other fraudulent metaverse investments involving project-specific crypto tokens.
Even if the metaverse itself has no clear “rules of the road” today, you should have a vested interest not just in your own security, but also in your users’ security within the virtual space you offer them.
In response, consider security and safety at the services level, so that security can be maintained no matter where your asset goes. If your customers are entrusting you with financial assets, you may need both special protocols to protect them and procedures to make them whole if they suffer financial crime within your virtual spaces. Reassess vendors and partners. Both platform providers and cybersecurity firms may not have updated their security playbook for the metaverse. Consider also engaging with regulators to help shape the metaverse rules that are coming. Get up to speed on decentralized autonomous organizations (DAOs) — built on voluntarily agreed-upon rules enforced by a computer program that runs on a blockchain — which will likely play a growing role in metaverse governance. Throughout these efforts, communicate continuously and transparently with your stakeholders on progress, limitations and new risks.
In the metaverse, users are supposed to own their digital identities, complete with data, history and assets, which they can use anywhere. That would be different from today’s internet, where your customers and employees may have an identity just for your company, a particular platform or a specific application. Metaverse assets and organizations too will have identities that belong to them and travel across platforms. Even if this vision does not fully come to pass, work is accelerating on digital identities that belong to users. One possible path is to help empower consumers to decide what aspects of their identity to share — permitting them to be anonymous or pseudonymous. Another path is for companies or third parties to play that role on their behalf. If you lack control over key stakeholders’ digital identities, you may find it harder to trust them and protect them from phishing and other fraudulent activities.
To increase trust in metaverse identities, consider blockchain-based credentialization services and metaverse versions of multi-factor authentication. For highly sensitive transactions, you may wish to require multi-signature verifications, in which several identities must be confirmed before the transaction closes. Software to detect anomalies and bots can also help protect identities and identify impersonations. Consider joining one of the coalitions developing and offering digital, to help shape these identities to meet your needs. You may also wish to monitor the activities of other coalitions, so you can adapt data governance and authentication strategies.
The customer and employee experience will change, when it’s provided through a virtual reality (VR) or extended reality (XR) headset. Users can expect new sights, new sounds, new movements and potentially new emotions. A privacy violation or aggression could be intensified, if suffered when immersed in a three-dimensional world.
When your stakeholders enter your virtual spaces, they’ll be expecting you to protect them. If they suffer from abuse or misinformation within your metaverse environment, your brand may pay a steep price.
If you plan to offer or participate in metaverse environments (such as virtual storefronts, meetings or entertainment), consider new protocols and controls (including third-party oversight), as well as impartial content moderation teams to help keep the experience in your metaverse space free from misinformation, harassment and abuse. You may also need to rethink privacy for a digital world that can allow its users to do much more, and reveal much more, than they can on the internet today. Finally, in a digital world that often makes illusion easy, focus on authenticity: A critical way to inspire metaverse trust is for your metaverse presence to match your values and purpose.
Even when you go away, it’s still there: That’s true of the physical world, and it’s supposed to be true of the metaverse too. Even after your customers or employees remove their VR or XR headsets, all the activities they were involved in will persist. Smart contracts will keep enforcing agreements and trading assets. Digital products will remain on digital shelves, ready for other digital users to buy them. Virtual machines will keep producing virtual widgets.
To trust that your company’s virtual activities, investments and presence can work as expected in this persistent digital world, you may need to rethink digital services, monitoring and controls.
New technologies can help. Blockchain combined with artificial intelligence (AI), for example, can in some cases automate the authentication of identity, assets, transactions and contracts — helping establish trust in ongoing metaverse activities. Consider independent teams as well, both internal and external, to audit both smart contracts’ code and the underlying hardware and software infrastructure.
Building trust and delivering value in the next digital world with PwC’s metaverse services.
Build confidence in your technology environment
Frank Badalamenti
Principal, PwC US
Roberto Hernandez
Principal, Customer Transformation - Chief Innovation Officer, PwC US
Digital Assurance and Transparency Partner, PwC US
Incoming PwC US Chief Risk Officer, PwC US