What the **** is the metaverse and why should business care?

what metaverse DeFi
Image by peshkov | Bigstockphoto

I’ve seen so many different descriptions of the new cyberspace for work, rest and play over the last few months that it’s really unclear to me what most people mean by “metaverse”. In fact, despite Gartner’s prediction that by 2026, a quarter of the population will spend at least one hour a day in the metaverse “for work, shopping, education, social and/or entertainment“, I doubt that many in the financial services industry can give a cogent and concise description of what that metaverse itself will be, other than it will be a bit like “Call of Duty” with Mark Zuckerberg dressed as a skeleton in it and there will be a tiger wandering around in a JP Morgan branch in Minecraft.

The fuzziness is not confined to the professionals, of course. A March 2022 Wunderman Thompson Intelligence survey of more than 3,000 people between the ages of 16 and 65 in China, the United States and the United Kingdom found that while three-quarters of them had heard of the metaverse, only 15% said they could explain the concept of the metaverse to another person (and half of them were probably wrong).

Interestingly, those same people, when asked about their concerns about the metaverse, put children’s privacy first and highlighted a number of other data protection, privacy and safety issues. This indicates there is a challenge here: explaining what the metaverse is so that business people can develop their strategies for exploitation while simultaneously working out how to deal with privacy and security (hint: digital identity). So let me rise to that challenge and try to tackle both of these complex issues head-on, starting with developing a simple model.

Fortunately, I had the privilege to chair a discussion about the metaverse at the Identiverse conference in Denver in June 2022. I had great fun discussing the new landscape for identity with Heather Vescent, Jonathan Howle, Katryna Dow and Gopal Padinjaruveetil. In order to frame my thoughts and get the discussion about identity and privacy going, I needed that mental model.

Rather than complain about the imprecision of other people’s visions, I thought it might be a good approach to think from first principles what the metaverse is and, therefore, what corporate strategies around it will be important. To do this, I went ahead and created a model of the metaverse as a framework for this discussion. Using this model did, I think, help to frame a useful (and, I have to say, entertaining) discussion and lead to some actual learning (to judge from the very positive feedback on that panel, at least), so I thought I’d expand on it here.

Real But Virtual

It seems to me that the obvious starting point for any metaverse model is virtual worlds. Banks, like others, are already experimenting with more immersive experiences. Accenture says that almost half of bankers believe that customers will use augmented reality (AR) / virtual reality (VR) as an alternative channel for transactions by 2030. They point to early experiments from BNP Paribas, which has launched an app that allows customers to use VR in their banking transactions, and Citi, which has tested holographic workstations for financial trading. Furthermore, according to the 2021 edition of the Digital Banking Report, a third of bankers believed that around a fifth of their customers would use this alternative channel in that timeframe.

(Virtual worlds are already a very, very big business, and there are big businesses inside them. I couldn’t help but notice the recent announcement from EVE Online, the long-running sci-fi massively multiplayer online game known for its enormous and long-running space battles, that it will soon have Microsoft Excel support! This illustrates the point about virtual corporates rather well! The integration means that players will be able to export in-game data out to Excel so they can “calculate everything from profit margins to battle strategy”.)

These virtual worlds and experiences have been around for many years, and financial services organisations have been experimenting with them for a generation (remember those virtual bank branches in Second Life). Therefore it is reasonable to wonder what will transform these virtual worlds into a metaverse? It is not simply VR headsets or AR spectacles. I could use them to play World of Warcraft, and it would be a lot of fun, but it would still be nothing more than a virtual world. A metaverse is more than Second Light UHD.

The Financial Times defined the metaverse as a collection of shared virtual worlds that are interoperable in the sense that people can navigate them while taking their digital identity and assets with them. This strikes me as a very straightforward and practical description, and I like it very much. This is a world where transactions take place between what Jaron Lanier called “economic avatars” (that is, virtual identities that can own property), and reputation is the fundamental transaction enabler.

(That point about property is at the heart of the matter and the reason the world of finance is paying attention is that property means markets.)

This gives us a good starting point for the simple model. The metaverse is virtual worlds with digital assets and digital identity. But what are digital assets?

Well, that is relatively easy to answer: digital assets are tokens, and the protocols for moving these tokens around is known as decentralised finance (or “DeFi“). Digital assets and decentralised finance are together loosely known as “web3”. Frances Zelazny of Anonybit set out the relationship between the two plainly when she wrote, “the metaverse is dependent on [web3]“, going on to say that users can expect “increased democratisation, inclusion and user control, instead of having big tech and centralized gatekeepers”.

So you might say that the metaverse is made up of virtual worlds with web3 transactions in them. Now we are getting somewhere.

A checkpoint back to that Financial Times definition, though. The metaverse is virtual worlds plus digital assets (i.e. web3) plus digital identity. That’s what’s missing, and that’s where we need some new thinking. In essence, there are two ways forward: we can take things that already exist in web3 (i.e. tokens) and repurpose them to handle identity — and, indeed, this is what Vitalik Buterin and others set out in their proposal for “soulbound tokens” — or we take things that exist outside of web3 and bring them into the metaverse: this is the approach that I favour.

I believe tokens and DeFi are not a good way to implement general-purpose digital identity; without identity, we cannot complete the metaverse. We need identity to make our metaverse work, and to do this, we need to bring in something from outside web3 to fix the problem.


Professor Bill Buchanan, OBE from the School of Computing at Edinburgh Napier University, is a leading expert on cryptography and cyber security (and also an excellent speaker, by the way). I always take what he has to say about things very seriously, and I couldn’t agree more with him on his comments about the nature of the infrastructure we need for the online economy. As Bill writes, we joined together a set of interweb tubes with very little trust built into them, and then we patched them up with what he calls “simple methods” but what I might call string and sealing wax. He says that “our digital future must be towards an infrastructure that properly integrates trust” and that when it comes down to it, web3 means the digital signing of transactions to support the true integration of the digital identity of the citizen into the digital world.

That is, web3 plus digital identity gives us the trust infrastructure we need. We already have the tools and techniques required to implement digital identities that work in this context. We have private keys, digital signatures, computers, and other components. We already have smartphones with Trusted Execution Environments (TEEs) capable of handling advanced cryptography, yet we send them completely insecure text messages and call them “security”. We need a way of using them; this is where credentials come into play.

Why do I focus on credentials? In that paper on soulbound tokens, Vitalik Buterin and his co-authors write, “the economic value finance trades on is generated by humans and their relationships. Because web3 lacks primitives to represent such social identity, it has become fundamentally dependent on the very centralised web2 structures it aims to transcend, replicating their limitations”.

That is the missing piece of our jigsaw. Relationships that enable transactions, or what I might paraphrase as “the reputation economy”. This is an economy where the fundamental enabler of economic activity is not identity but credentials, not who you are but what you are. Credentials and, more specifically, verifiable credentials (that is, if you present your driving licence to me, I can cryptographically verify that it is not a fake and that it really does belong to you) are the way forward.

Verifiable credentials (VCs) have a crucial role in resolving the “clash of the titans” between the emerging metaverse and the growing demands for data privacy. The metaverse wants to harvest new, uncharted personal information, even to note and analyse where your eyes go on a screen and how long you gaze at certain products. On the other hand, data privacy wants to protect consumers from this incessant cherry-picking.

As David Blonder (legal counsel and data protection officer at BlackBerry) notes, since people will always trade security for convenience and since the metaverse means far more user interaction than, for example, a mobile phone, we (i.e. the industry) must assemble a robust infrastructure without negatively impacting user convenience. I think we will achieve this through smart wallets, but that’s a topic for another day.

There you have it then. The metaverse is virtual worlds plus web3 plus digital identity. Web3 is tokens and DeFi. Digital identity is DIDs plus VCs. That seems to move us forward.


What I think about the evolution of virtual worlds into metaverses is one thing, but what people who know about virtual worlds feel about them should have priority. The CEO of Epic Games, Tom Sweeney, is one such person; his views, not the topic, are fascinating. He, for example, points toward the field of zero-knowledge proofs (the idea that you can verify that something happened without receiving any private details about it), a powerful mechanism for delivering both privacy and security in a decentralised system, and he is absolutely right. There is groundbreaking work going on right now to bring zero-knowledge proofs and verifiable credentials together, so when Tim says, “I think that’s going to be the backbone of a large part of the next century in technology”, he’s almost certainly correct.

Another visionary in the field is Philip Rosedale, the chap who founded Linden Lab (the home of Second Life) a generation back and has therefore spent more time in the metaverse, or at least the proto-metaverse, than pretty much anyone else on the plant. Hence his views on the topic are of signal importance. After Linden Lab, he launched a VR startup that later pivoted to spatial audio (so perhaps Scott Galloway’s insistence that the metaverse will come in via AirPods rather than headsets is more considered than I thought).

In an interesting twist, that startup is now investing in Linden Lab, and Mr Rosedale is returning as a strategic advisor. There was a very interesting piece on his perspectives on the metaverse in “The Information”. Given my obsession with digital identity as a fundamental platform for the new economy, was his view on “true” names. He says that persistent pseudonyms are at the heart of the metaverse and that “true names, for so many reasons, are not what we want to go toward, because not everybody wants to use their true name or true face”.

(This is in stark contrast to Meta’s metaverse. They are going for photorealistic avatars with Facebook’s real names policy as a backdrop.)

When you put all this together — virtual worlds where people want to do business, decentralised finance moving tokens around, and persistent pseudonymous identifiers with verifiable credentials — I think you can see a clear and consistent definition of the metaverse as well as the strategic outline for the financial services sector’s response: managing the customer’s digital assets and digital identity.

Read more from David Birch at dgwbirch.com

Be the first to comment

What do you think?

This site uses Akismet to reduce spam. Learn how your comment data is processed.