Payment Innovation – IDnow: Technology crucial to a smooth AML experience in the metaverse


The exponential growth of the metaverse opens a new door for fraudsters, as the space looks to evolve at a rapid rate to provide a secure framework for AML and KYC.

For the latest in our Payment Innovation series, we spoke to Roger Redfearn-Tyrzyk, Director for UK/Ireland & Global Gaming at identity verificator IDnow, on the dangers businesses should be aware of when entering the metaverse.

“The metaverse will be worth $800 billion in 2024”

Payment Expert: With the average cost for a land parcel across all major metaverse platforms reaching $12,000, how lucrative for criminals is the high value of transactions taking place within those virtual environments?

Roger Redfrean-Tyrzyk: It’s a very lucrative option for criminals and one that carries some risk for the users who are already active within the metaverse. Plus, the incentives for malicious actors to get active within this environment will only increase with the growing popularity among users. Experts are estimating that the metaverse will be worth nearly $800 billion in 2024 – an astonishing number. 

Therefore, it is no wonder that the metaverse has to protect itself from any malicious forces. A central part of this protection – and that goes for any business or person – is that they should be fully verified within the metaverse. As long as they are part of it, the users and businesses also need to be monitored according to AML legislation.  

“We should implement digital identity within the blockchain”

PE: When blockchain technology inevitably fully intertwines with the metaverse and given the decentralised nature of this marriage, how difficult will it be to implement an overall AML regulatory framework?

An intertwining of blockchain technology and the metaverse will not necessarily make it more difficult to implement an AML regulatory framework. In my view, this is a myth. In fact, we should implement digital identity within the blockchain because it could solve a lot of our digital identity problems by creating a digital identity norm. 

Everyone could have a wallet style identity stored on their devices and manage their digital identity themselves, right from their smartphones. This would safeguard people and protect them from fraud. When we imagine such a construct, an AML regulatory framework fits nicely into it. 

“No one is questioning the need for verification”

PE: Is there a risk that a heavy-handed approach to AML and KYC mitigates what is the key allure of the blockchain and the metaverse for many users? How important is finding a balance between the two approaches? 

In my opinion, there is no risk that stricter AML and KYC approaches would take away from the allure of the blockchain and the metaverse. People need to stop thinking that only because an asset is digital, there is no need for a verification process. For example, if you want to buy property in the non-digital world, you also have to verify yourself. 

No one is questioning the need for this verification. Instead of trying to find a balance that takes away from AML or KYC regulations, the key is to use technology – that we already have today – to make verification processes as smooth and easy as possible for the users. 

PE: Can you take us through the process of creating a metaverse-friendly KYC? 

Of course. At registration, the user verifies themselves with an identification document like with a passport or an ID card and a selfie on their mobile device. The first step in the KYC process is to prove that the customer is who they claim to be. This includes both individual and corporate customers. Identity verification involves collecting identity documents and checking their authenticity by ensuring the customer and document identity match. In the background, the system also checks through data triangulation if the person resides at the listed address. 

Customer Due Diligence (CDD) takes verification one step further and aims to prove whether the user can be trusted. It defines the user’s risk level and includes AML screening to check that the user isn’t on any sanctions or Politically Exposed Persons (PEP) lists. Users deemed to be of higher risk will undergo further checks under Enhanced Due Diligence, which can include PEP screening, checking sanctions and watchlists, and monitoring adverse media.

However, AML and KYC compliance is not just about checking new users during onboarding. Metaverse companies should also have a program in place for ongoing KYC checks and monitoring. This can include further sanction and PEP checking, and regular monitoring of transactions. 

We have to remember that all of this happens in the background. The user does not notice the majority of the KYC processes going on, which makes the process easy-to-use and accommodates the user.  

PE: Can current AML protections be evolved to adapt to the metaverse, or do you believe firms will have to find a completely new model as they venture into the metaverse?  

I believe the liability should be on the firms rather than on the actual metaverse creators to establish a safe environment, including AML protections. In my view, there should be a metaverse regulator that fully understands the technology, Web3 and all its implications.

This likely means a different regulatory body than we often encounter today. None of our current regulators are likely to understand this world, which is why a new regulator must be formed by experts who are knowledgeable in the field. 

“The metaverse could become its own world with its own rules”

PE: Where will the responsibility lie when it comes to ensuring AML standards are met and those looking to launder money aren’t provided with avenues? 

This is difficult to answer. However, I believe the responsibility will lie within the metaverse itself and the businesses who are residing in it and who are offering their products to the users. For now, we are seeing local AML directives, such as the 5th AML EU Directive, be applied in the metaverse. 

In the long run, though, the metaverse could help to develop global AML directives without having to go through complex in-country regulations. This means that it could become its own world with its own rules. This doesn’t mean that there will be lawlessness within this world. The people who are active in the metaverse need to be protected from fraud and theft at all times – just like everyone else outside of the metaverse.

PE: What is the current scope of money laundering in the metaverse when pitted against its web3 counterparts – cryptocurrencies and NFTs?

Some financial experts have recently conducted investigations into one of the earlier metaverses, Second Life, for this question. Their investigation indicated that the scope for money laundering has increased along with the value of transactions within the metaverse. However, in their view, the metaverse does not yet offer enough assets or incentives to be a prime target for organised crime, especially when compared to the billions of dollars that move in the NFT and crypto markets. 

Innovating in the payment journey will be a key topic at this year’s SBC Summit Barcelona 2022, which takes place at Fira Barcelona Montjuïc on 20-22 September. 

The event will see 6,000 delegates enjoy a 12-track conference covering all aspects of the international sports betting, payments and online casino industries, an exhibition with 200 companies showcasing their latest innovations, and a programme of spectacular evening networking events. 

Visit the SBC Summit Barcelona website to book your All Access Pass.