






















































































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
A practice exam for the certified payment processing specialist (cppstm) certification. It includes multiple-choice questions covering various aspects of the payment ecosystem, such as transaction authorization, payment types, card network rules, and payment security measures. Each question is followed by a detailed explanation of the correct answer, providing valuable insights into the concepts tested. This practice exam is designed to help individuals prepare for the cppstm certification exam and enhance their understanding of payment processing principles and practices. It covers topics such as interchange fees, tokenization, merchant category codes, and pci dss requirements, offering a comprehensive review of the key areas within the payment processing industry. The questions are structured to test knowledge and comprehension, making it a useful resource for exam preparation.
Typology: Exams
1 / 94
This page cannot be seen from the preview
Don't miss anything!























































































Question 1. In the payment ecosystem, which participant is primarily responsible for authorizing a credit‑card transaction? A) Merchant acquirer B) Cardholder bank (issuer) C) Payment gateway D) Card network Answer: B Explanation: The issuer validates the cardholder’s account, checks funds, and issues an authorization response. Question 2. Which of the following payment types is typically settled via the Automated Clearing House (ACH) network? A) Real‑time card present payments B) Wire transfers C) Direct debit from a bank account D) Mobile wallet token payments Answer: C Explanation: ACH processes batch electronic debits and credits, commonly used for direct debit and payroll. Question 3. Which card network introduced the “Visa + Mastercard + Amex” co‑branding rule that requires merchants to display all three logos when accepting any of the three? A) Visa B) Mastercard C) American Express D) None – such a rule does not exist
Answer: D Explanation: No card brand mandates co‑branding of all three logos; each network has independent branding requirements. Question 4. What is the correct order of the three core steps in a typical card transaction lifecycle? A) Capture → Authorization → Settlement B) Authorization → Capture → Settlement C) Settlement → Authorization → Capture D) Authorization → Settlement → Capture Answer: B Explanation: First the transaction is authorized, then captured (funds earmarked), and finally settled to the merchant’s account. Question 5. Interchange fees are paid by which party to which party? A) Issuer to acquirer B) Acquirer to issuer C) Card network to issuer D) Merchant to card network Answer: B Explanation: The acquiring bank (merchant’s bank) pays the issuing bank an interchange fee for each transaction. Question 6. Which of the following best describes tokenization in payment security? A) Replacing a card number with a random string that has no intrinsic meaning B) Encrypting the card number with a symmetric key
A) Tiered pricing B) Flat‑rate pricing C) Interchange‑plus pricing D) Subscription pricing Answer: C Explanation: Interchange‑plus separates the variable interchange fee from a transparent processor markup. Question 10. A merchant reserve is typically held to: A) Pay for the merchant’s advertising fees B) Cover potential future chargebacks or refunds C) Fund the merchant’s payroll D) Provide a discount on transaction fees Answer: B Explanation: Reserves act as a security deposit to mitigate the risk of chargeback losses. Question 11. Which gateway feature enables recurring billing for subscription services? A) Token vault B) Batch settlement C) Hosted payment page D) Recurring payment API Answer: D Explanation: A recurring payment API automates scheduled charges without re‑entering card data.
Question 12. In batch processing, the “cut‑off time” refers to: A) The time the merchant must submit the batch to the acquirer for same‑day settlement B) The time the cardholder’s bank stops accepting authorizations C) The time the payment network updates its fee schedule D) The time the merchant’s website goes offline for maintenance Answer: A Explanation: Cut‑off time is the deadline for merchants to submit their batch for that day’s settlement. Question 13. Which transaction type results in a “void” rather than a “refund”? A) A transaction that has already settled to the merchant’s bank account B) A transaction that is still in the authorization‑only stage and not yet captured C) A transaction that was partially refunded D) A transaction that was disputed by the cardholder Answer: B Explanation: A void cancels an unsettled (authorized‑only) transaction; refunds apply after settlement. Question 14. Dynamic Currency Conversion (DCC) allows the cardholder to: A) Pay in the merchant’s local currency while the issuer converts it to the cardholder’s home currency at the point of sale B) Choose to be charged in the merchant’s currency or the cardholder’s home currency, with the conversion rate disclosed at the terminal C) Avoid any foreign‑exchange fees by using a prepaid card D) Convert the transaction amount after settlement using the daily FX rate Answer: B
Answer: B Explanation: Reason code 12 indicates the transaction was submitted more than once. Question 18. Representment must be submitted within how many days of the chargeback notification for most Visa transactions? A) 30 days B) 45 days C) 60 days D) 90 days Answer: B Explanation: Visa’s standard representment window is 45 days from the chargeback receipt. Question 19. Which liability shift occurs when a transaction successfully completes 3‑D Secure authentication? A) Issuer remains liable for all fraud B) Acquirer becomes fully liable for fraud C) Merchant assumes liability for any future disputes D) Issuer assumes liability for fraudulent transactions Answer: D Explanation: Successful 3‑DS authentication shifts liability for fraud to the card issuer. Question 20. An AVS (Address Verification Service) mismatch is most likely to trigger which of the following? A) Automatic approval of the transaction B) A decline code for “Invalid CVV” C) A higher fraud score or transaction decline
D) Immediate token generation for the card Answer: C Explanation: AVS mismatches increase fraud risk and can cause higher scoring or declines. Question 21. Which of the following is a common characteristic of high‑risk merchant industries? A) Low average transaction value and high volume B) High incidence of chargebacks and regulatory scrutiny C] Predominantly cash‑only sales D) Exclusive use of offline payment methods Answer: B Explanation: High‑risk industries (e.g., travel, gaming) often face higher chargeback rates and tighter compliance requirements. Question 22. Velocity monitoring primarily helps detect: A) Slow‑moving inventory issues B) Sudden spikes in transaction count or value that may indicate fraud C) Long settlement times for international transfers D) Changes in merchant’s MCC classification Answer: B Explanation: Velocity checks flag abnormal transaction patterns in real time. Question 23. PCI DSS Requirement 3 focuses on: A) Maintaining a vulnerability management program B) Protecting stored cardholder data
Question 26. The GDPR principle of “data minimization” requires payment processors to: A) Store all cardholder data for at least seven years B) Collect only the personal data necessary for the specific processing purpose C) Share cardholder data with any third‑party without consent D) Encrypt data only during transmission, not at rest Answer: B Explanation: Data minimization limits collection to what is strictly needed for the transaction. Question 27. Which network rule defines the “hard‑decline” response code 05 for “Do Not Honor”? A) Visa Core Rules B) Mastercard Rules C) American Express Rules D) All major card network core rules Answer: D Explanation: Response code 05 is a standard “Do Not Honor” decline across Visa, Mastercard, Amex, and Discover. Question 28. Token standards for mobile wallets such as Apple Pay are defined by which organization? A) ISO/IEC 7816 B) EMVCo C) PCI SSC D) NFC Forum Answer: B
Explanation: EMVCo develops tokenization specifications used by Apple Pay, Google Pay, and others. Question 29. Real‑time payments (RTP) differ from traditional ACH in that RTP: A) Operates only on weekends B) Settles instantly, 24 × 7, with immediate fund availability C) Requires manual batch uploads by merchants D) Is limited to intra‑bank transfers within the same country Answer: B Explanation: RTP provides immediate, continuous settlement, unlike batch‑based ACH. Question 30. Which of the following best describes a “Buy Now, Pay Later” (BNPL) model? A) A merchant‑funded line of credit that charges interest after 30 days B) A third‑party provider that pays the merchant upfront while the consumer repays the provider over time C) A credit‑card program with a 0 % APR for 12 months D) An ACH debit that splits the purchase into two equal installments Answer: B Explanation: BNPL providers front‑load payment to the merchant and collect installments from the consumer. Question 31. In cryptocurrency payment processing, which of the following is a primary compliance concern? A) ACH return codes B) AML/KYC regulations for converting crypto to fiat C) PCI DSS tokenization standards
C) Forward contracts or FX hedging D) Tokenization of foreign‑card data Answer: C Explanation: Forward contracts lock in exchange rates, mitigating currency volatility. Question 35. Open Banking APIs enable which of the following capabilities? A) Direct access to a consumer’s card PAN without tokenization B) Secure initiation of payments from the consumer’s bank account with consent C) Unlimited data sharing without regulatory oversight D) Automatic chargeback generation for disputed transactions Answer: B Explanation: Open Banking allows third‑party providers to initiate payments on behalf of the consumer, given explicit consent. Question 36. EMV chip cards reduce fraud primarily because: A) They store the PAN in plain text on the chip B) They generate a unique transaction cryptogram for each use C) They require a magnetic stripe swipe for verification D) They eliminate the need for CVV verification Answer: B Explanation: EMV creates a dynamic cryptogram per transaction, making replay attacks ineffective. Question 37. Which of the following is NOT a typical function of a payment service provider (PSP)? A) Aggregating multiple acquiring banks for merchants
B) Issuing credit cards directly to consumers C) Providing tokenization services for digital wallets D) Offering fraud‑management tools and reporting dashboards Answer: B Explanation: PSPs facilitate merchant processing; they do not generally act as card issuers. Question 38. A “soft decline” response code such as 04 (Pick‑Up Card) indicates: A) The transaction is permanently blocked for the cardholder B) A temporary issue that could be resolved on a subsequent attempt C) The merchant must void the transaction immediately D) The issuing bank has flagged the card for fraud Answer: B Explanation: Soft declines are temporary and often succeed if retried later. Question 39. Which of the following best describes “point‑to‑point encryption” (P2PE) in a payment terminal? A) Encryption of card data only when stored in the merchant’s database B) Encryption of card data from the point of capture to the payment processor, never exposing clear data to the merchant C) Use of a token instead of the PAN for all transactions D) Manual entry of encrypted card numbers by the cashier Answer: B Explanation: P2PE encrypts data at the terminal and keeps it encrypted until it reaches the secure processor.
Explanation: Acquirers perform currency conversion at the time of settlement, crediting the merchant in their chosen currency. Question 43. Which of the following is a common trigger for a “force‑capture” transaction? A) A merchant‑initiated capture without prior authorization, often used for card‑present sales after a failed authorization B) A recurring subscription payment that exceeds the original amount C) An offline transaction processed after the network is back online D) A token‑based payment that requires re‑tokenization Answer: A Explanation: Force‑capture allows merchants to capture funds when the original authorization failed but the card is present. Question 44. A “negative database” used in fraud prevention typically contains: A) A list of all valid card numbers issued by a network B) Records of known fraudulent cardholder data, IP addresses, or device fingerprints C) Historical settlement amounts for each merchant D) All approved merchant category codes for a processor Answer: B Explanation: Negative databases store identifiers associated with fraud to block or flag future attempts. Question 45. Which of the following is an example of a “regulatory‑driven” PCI DSS requirement? A) Offering a discount for merchants that process fewer than 1,000 transactions per month B) Conducting quarterly network vulnerability scans by an Approved Scanning Vendor (ASV)
C) Providing a loyalty program for repeat customers D) Allowing merchants to store full PANs for up to 90 days Answer: B Explanation: Quarterly external scans are mandated by PCI DSS to detect vulnerabilities. Question 46. Under the Gramm‑Leach‑Bliley Act (GLBA), a financial institution must provide consumers with: A) A detailed breakdown of each transaction fee B) A privacy notice describing information‑sharing practices C) A guarantee of zero fraud liability D) Immediate refunds for any disputed transaction Answer: B Explanation: GLBA requires a clear privacy notice outlining how consumer data is collected and shared. Question 47. Which of the following is a key difference between a “token” and a “cryptogram” in EMV transactions? A) Tokens are generated by the issuer, cryptograms by the merchant B) Tokens replace the PAN for storage, cryptograms are dynamic data used for transaction authentication C) Tokens are only used in contactless payments, cryptograms only in chip‑and‑pin D) Tokens are reversible, cryptograms are not Answer: B Explanation: Tokens act as a surrogate for the PAN, while cryptograms are transaction‑specific authentication data.
Explanation: MITs are initiated by the merchant, such as recurring billing or card‑on‑file payments. Question 51. The primary purpose of a “settlement file” sent by a processor to a merchant is to: A) List all chargebacks for the previous month B) Provide detailed transaction data for reconciliation, including amounts settled and fees applied C) Notify the merchant of upcoming network assessment changes D) Deliver encrypted token vault keys to the merchant Answer: B Explanation: Settlement files contain transaction‑level details needed for daily reconciliation. Question 52. Which of the following is a typical indicator of “friendly fraud”? A) Multiple chargebacks with reason code 01 (fraud) from the same cardholder B) A chargeback with reason code 53 (goods not received) despite delivery confirmation C) A chargeback that occurs after the merchant has already refunded the customer D) A chargeback that is disputed by the issuer and results in a reversal Answer: C Explanation: Friendly fraud occurs when a cardholder claims non‑receipt after already receiving a refund. Question 53. In a “dual‑message” transaction flow (e.g., Visa 2‑Message), which messages are exchanged? A) Authorization request and settlement request only B) Authorization request and capture request (often combined)
C) Authorization request and reversal request only D) Authorization request and chargeback request only Answer: B Explanation: Dual‑message flows combine authorization and capture (or use a separate capture message) in two steps. Question 54. Which of the following best explains the purpose of a “network assessment” fee? A) To compensate the issuer for risk incurred on each transaction B) To fund the card network’s operational, branding, and rule‑maintenance costs C) To cover the cost of merchant’s PCI compliance audits D) To reimburse the acquirer for settlement processing time Answer: B Explanation: Network assessments are charged by the card brand to all participants to support its infrastructure. Question 55. A “chargeback representment” packet typically includes: A) The original transaction receipt, evidence of delivery, and a signed merchant affidavit B) The merchant’s annual revenue statement C) A copy of the cardholder’s driver’s license D) A list of all other merchants in the same MCC Answer: A Explanation: Representment requires documentation proving the transaction was valid and fulfilled.