‘Global open banking is more like the metaverse than you might think’ – Finicity’s Nick Thomas

Contrary to what many people think, the metaverse isn’t one place, but a collection of digital worlds created on different platforms, some of which blend with the real world. Management consulting firm Gartner predicts that by 2026, one in four people will spend at least one hour a day in the metaverse for work, shopping, education, social, or entertainment purposes.

Understandably, such an all-encompassing network of virtual worlds will create massive amounts of personal data, raising complex questions pertaining to privacy, security, and ethics. What will be the geopolitical ramifications of this? As borders blur in the metaverse, what kind of laws will govern these types of environments? Should there be an overarching set of rules for data sharing? And is that even possible?

These were some of the questions raised at Tearsheet's DataDay Conference 2022 by Nick Thomas, founder of Finicity and EVP of global open finance innovation at Mastercard, which now owns his company.

Challenges in protecting financial data in the metaverse

The first time Thomas experienced the metaverse was when he bought his sons the Meta Quest 2 VR headset for Christmas. He explored many different virtual spaces and had conversations with people from all parts of the world. As he was interacting with people from different countries, he began to think, what about the privacy laws in those countries? And what about their different financial regulations?

Thomas says these questions are similar to those raised by open banking data and the globalization of open financial data transactions. “So imagine, I’m engaging in the metaverse with someone from another part of the world, and I want to buy something from them. Who and what governs that exchange?” he asked. “And how am I protected as a consumer when engaging in purchases and conversations in the metaverse?”

Today, it’s corporate law that governs what happens in a hosted environment, which means that if a company hosts a meeting in the metaverse, its laws should technically apply to all interactions in that meeting. But corporate laws on data privacy are very different from consumer laws, which could create some complications.

“If Meta hosts a Horizon Worlds event, does Meta have to think about all of the data exchange details down to the nation state level? Or is there another governance layer that makes sure that we’re complying with all the regulations and standards that exist?”

This idea of rising above nation states in the metaverse creates an interesting analogy to the idea of global open finance and global data exchange, according to Thomas. “All of these nation states are establishing open banking, consumer data, digital identity, and data privacy laws – how do all of those get vetted out in this borderless digital multiverse? We’re going to see some interesting dilemmas around this when dealing in the metaverse.”

Thomas says there’s currently a lot of discussion in North America, Europe, as well as parts of Asia about the global unification of standards with regards to consumer data rights – such as the right to erasure – and data privacy will likely continue to be driven as a global UN initiative.

When it comes to the metaverse, there needs to be greater clarity on the topic of global consumer data rights. At the moment, there seem to be a lot of question marks around this issue. “If you’re meeting with somebody from a country that has really strict regulations, and this person speaks PII (personally identifiable information) to you in the metaverse, is Meta liable?”, asked Thomas. “I think there’s a big question around, how do you maintain compliance with country-specific or global, UN-level data privacy when engaging internationally? And can that even be administered?”

Mastercard's global open banking strategy

In addition to raising questions about financial data in the metaverse, Thomas also talked about Mastercard’s new network strategy to expand its role from payments into open banking and digital identity, extending its value before and after the payment transaction. The firm is capitalizing on opportunities and trends in open banking, and improving access to financial services by bringing new solutions to market for consumers and businesses.

Payments are “a huge piece of the puzzle” when it comes to open banking, according to Thomas. Ahead of this year’s Money 20/20 in Amsterdam, Mastercard launched Pay by Link, a service developed by European open banking technology provider Aiia, which was acquired by Mastercard last year. Using financial data provided by Aiia, the feature allows businesses to simplify the process of sending out an invoice, as well as cut out unnecessary steps by creating a link that enables their customers to pay them on the go without the need to enter payment details.

Another way Mastercard plans to expand its open banking strategy is by using Finicity’s APIs and credit decisioning tools to improve financial access. Going forward, Thomas says Mastercard aims to contribute to global financial inclusion by taking Finicity’s technology and business model into new markets, and using financial data aggregation to increase access to credit for people in the US as well as abroad.

“There are over 3 billion people in the global markets we’re pursuing who can actually be underwritten and can get better rates because they are banking digitally. Taking all of our work in cash flow underwriting, together with our acquisition of identity verification firm Ekata, we have a unique opportunity to help include these 3 billion people who previously relied on loan sharks to get access to capital,” said Thomas.

“I think that in today’s destabilizing world, this idea of consumer-empowered verification of creditworthiness is going to be a game-changer.”