{"id":"https://openalex.org/W7125719704","doi":"https://doi.org/10.1109/icit64950.2025.11049241","title":"Penetration Testing of a Merchant Payment Platform; Systemic Vulnerabilities and Compliance-Centric Mitigation","display_name":"Penetration Testing of a Merchant Payment Platform; Systemic Vulnerabilities and Compliance-Centric Mitigation","publication_year":2025,"publication_date":"2025-05-27","ids":{"openalex":"https://openalex.org/W7125719704","doi":"https://doi.org/10.1109/icit64950.2025.11049241"},"language":null,"primary_location":{"id":"doi:10.1109/icit64950.2025.11049241","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icit64950.2025.11049241","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 12th International Conference on Information Technology (ICIT)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5023615998","display_name":"Ahmad H. Al-Omari","orcid":null},"institutions":[{"id":"https://openalex.org/I145019703","display_name":"Al-Zaytoonah University of Jordan","ror":"https://ror.org/04a5b0p13","country_code":"JO","type":"education","lineage":["https://openalex.org/I145019703"]}],"countries":["JO"],"is_corresponding":true,"raw_author_name":"Ahmad H. Al-Omari","raw_affiliation_strings":["Al-Zaytoonah University of Jordan,Faculty of Science and Information Technology,Cyber Security Department,Amman,Jordan"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Al-Zaytoonah University of Jordan,Faculty of Science and Information Technology,Cyber Security Department,Amman,Jordan","institution_ids":["https://openalex.org/I145019703"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":1,"corresponding_author_ids":["https://openalex.org/A5023615998"],"corresponding_institution_ids":["https://openalex.org/I145019703"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.74786101,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"196","last_page":"200"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.334199994802475,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.334199994802475,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.13699999451637268,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.05400000140070915,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/payment","display_name":"Payment","score":0.6230999827384949},{"id":"https://openalex.org/keywords/hacker","display_name":"Hacker","score":0.5717999935150146},{"id":"https://openalex.org/keywords/payment-card","display_name":"Payment card","score":0.51910001039505},{"id":"https://openalex.org/keywords/data-breach","display_name":"Data breach","score":0.4708999991416931},{"id":"https://openalex.org/keywords/payment-system","display_name":"Payment system","score":0.3741999864578247},{"id":"https://openalex.org/keywords/safeguard","display_name":"Safeguard","score":0.3702000081539154},{"id":"https://openalex.org/keywords/work","display_name":"Work (physics)","score":0.35409998893737793},{"id":"https://openalex.org/keywords/data-security","display_name":"Data security","score":0.3361999988555908}],"concepts":[{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6561999917030334},{"id":"https://openalex.org/C145097563","wikidata":"https://www.wikidata.org/wiki/Q1148747","display_name":"Payment","level":2,"score":0.6230999827384949},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.5867000222206116},{"id":"https://openalex.org/C86844869","wikidata":"https://www.wikidata.org/wiki/Q2798820","display_name":"Hacker","level":2,"score":0.5717999935150146},{"id":"https://openalex.org/C21021354","wikidata":"https://www.wikidata.org/wiki/Q1207171","display_name":"Payment card","level":3,"score":0.51910001039505},{"id":"https://openalex.org/C165609540","wikidata":"https://www.wikidata.org/wiki/Q1172486","display_name":"Data breach","level":2,"score":0.4708999991416931},{"id":"https://openalex.org/C2776983043","wikidata":"https://www.wikidata.org/wiki/Q986008","display_name":"Payment system","level":3,"score":0.3741999864578247},{"id":"https://openalex.org/C2780771206","wikidata":"https://www.wikidata.org/wiki/Q3271761","display_name":"Safeguard","level":2,"score":0.3702000081539154},{"id":"https://openalex.org/C18762648","wikidata":"https://www.wikidata.org/wiki/Q42213","display_name":"Work (physics)","level":2,"score":0.35409998893737793},{"id":"https://openalex.org/C10511746","wikidata":"https://www.wikidata.org/wiki/Q899388","display_name":"Data security","level":3,"score":0.3361999988555908},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.32519999146461487},{"id":"https://openalex.org/C69360830","wikidata":"https://www.wikidata.org/wiki/Q1172237","display_name":"Data Protection Act 1998","level":2,"score":0.32120001316070557},{"id":"https://openalex.org/C2781016034","wikidata":"https://www.wikidata.org/wiki/Q794134","display_name":"Due diligence","level":2,"score":0.3192000091075897},{"id":"https://openalex.org/C2780233690","wikidata":"https://www.wikidata.org/wiki/Q535347","display_name":"Transparency (behavior)","level":2,"score":0.3100000023841858},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.2939999997615814},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.29260000586509705},{"id":"https://openalex.org/C2983355114","wikidata":"https://www.wikidata.org/wiki/Q161380","display_name":"Credit card","level":3,"score":0.2874000072479248},{"id":"https://openalex.org/C185822510","wikidata":"https://www.wikidata.org/wiki/Q1956140","display_name":"Payment service provider","level":3,"score":0.27790001034736633},{"id":"https://openalex.org/C164516710","wikidata":"https://www.wikidata.org/wiki/Q1166072","display_name":"Financial transaction","level":3,"score":0.27709999680519104},{"id":"https://openalex.org/C139043278","wikidata":"https://www.wikidata.org/wiki/Q837171","display_name":"Financial services","level":2,"score":0.2743000090122223},{"id":"https://openalex.org/C10138342","wikidata":"https://www.wikidata.org/wiki/Q43015","display_name":"Finance","level":1,"score":0.2599000036716461}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/icit64950.2025.11049241","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icit64950.2025.11049241","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 12th International Conference on Information Technology (ICIT)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Decent work and economic growth","id":"https://metadata.un.org/sdg/8","score":0.44997525215148926}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Merchant":[0],"Payment":[1,133],"Platform":[2],"(MPPs)":[3],"are":[4],"vital":[5],"systems":[6],"in":[7,18,109],"today\u2019s":[8],"financial":[9],"world,":[10],"handling":[11],"payments,":[12],"transactions,":[13],"and":[14,47,63,74,77,100,132,141,153],"customer":[15],"support":[16],"all":[17],"one":[19,110],"place.":[20],"However,":[21],"their":[22],"complexity,":[23],"especially":[24],"when":[25],"serving":[26],"multiple":[27],"businesses":[28,161],"on":[29],"the":[30,95,113,120],"same":[31],"platform":[32],"makes":[33],"them":[34],"a":[35,67],"magnet":[36],"for":[37],"cyberattacks.":[38],"In":[39],"this":[40],"study,":[41],"we":[42,81],"rigorously":[43],"tested":[44],"an":[45],"MPP":[46],"uncovered":[48],"eleven":[49],"exploitable":[50],"weaknesses,":[51],"including":[52],"critical":[53,164],"flaws":[54],"like":[55,126],"price":[56],"manipulation,":[57],"unauthorized":[58],"access":[59,148],"to":[60,159],"sensitive":[61],"data,":[62],"tampered":[64],"transactions.":[65],"Using":[66],"mix":[68],"of":[69,112,122],"automated":[70],"tools":[71],"(like":[72],"Nessus":[73],"Burp":[75],"Suite)":[76],"hands-on":[78],"hacking":[79],"techniques,":[80],"identified":[82],"these":[83,163],"issues":[84],"while":[85],"aligning":[86],"our":[87],"work":[88],"with":[89,124],"top":[90],"security":[91,155],"standards":[92],"such":[93,145],"as":[94,146],"OWASP":[96],"Top":[97],"10":[98],"2023":[99],"PCI":[101],"DSS":[102],"v4.0.":[103],"Our":[104],"findings":[105],"highlight":[106],"how":[107],"vulnerabilities":[108],"part":[111],"system":[114],"can":[115],"cascade":[116],"into":[117,156],"others,":[118],"emphasize":[119],"importance":[121],"compliance":[123],"regulations":[125],"General":[127],"Data":[128,136],"Protection":[129],"Regulation":[130],"(GDPR)":[131],"Card":[134],"Industry":[135],"Security":[137],"Standard":[138],"(PCI":[139],"DSS),":[140],"offer":[142],"practical":[143],"fixes,":[144],"tightening":[147],"controls,":[149],"validating":[150],"data":[151],"server-side,":[152],"embedding":[154],"development":[157],"processes":[158],"help":[160],"safeguard":[162],"platforms":[165],"against":[166],"evolving":[167],"threats":[168]},"counts_by_year":[],"updated_date":"2026-01-28T23:14:49.684275","created_date":"2026-01-27T00:00:00"}
