MESA Banner
Digital Infrastructure and Financial Security in the Islamic Republic: Iranian Banks, State, and Society
Abstract
This paper aims to situate new research on Iranian state banks’ cybersecurity posture within the wider discourse on digital financial infrastructure in Iran, which has tended to link the security of financial institutions to social stability and has highlighted security as a central concern in the development of digital banking. This research is particularly relevant in light of the widely reported exposure of millions of Iranians’ bank card data in late 2019, which presumably had a major impact on trust in online banking. The Iranian economic ministry’s Deputy Director of Stock Exchange, Bank, and Insurance, Abbas Memarnejad, later commented, "Banks are facing challenges in the transformation to digital banking and the implementation of smart services, which vary between public and private banks, and between small and large banks, which ultimately make all aspects of this sector a necessity." Given the relationship between perceptions of security and customer adoption of digital banking, and in light of the state’s digitization efforts, I propose to complement the extant research on online banking in Iran by studying banks’ online security, comparing the security of the Central Bank of Iran and nine other state-owned banks to a control group of Turkish state-owned banks. I will base this assessment upon data furnished by cybersecurity firm BlueVoyant, which measures security across three categories: vulnerabilities and hygiene, threats, and compromises. Vulnerability and hygiene data will furnish information regarding devices on bank networks and enumerate domain and server vulnerabilities affecting the banks studied. I will use BlueVoyant’s adversarial observation dataset to assess threats to the banks in question, which highlights potential threats to the entities studied by recording potentially malicious inbound traffic to their domains. BlueVoyant’s malicious intersection dataset will furnish the data for compromises of bank systems, which could reveal if any bank IP addresses have been observed distributing spam or malware, engaging in phishing, or participating in a botnet. These results could offer particularly valuable insights when paired with the above-cited discussions of public opinion regarding online banking in Iran by offering data against which claims regarding bank infrastructure security can be measured.
Discipline
Business & Public Administration
Geographic Area
Iran
Sub Area
None