APRP Cheat Sheet 2026

The 30 highest-yield APRP facts, distilled from real exam questions. Print it, save it as a PDF, or study it here — free, no sign-up.

120 questions
210 min time limit
70.00% to pass
  1. Which of the following is a key component of a risk assessment process for payment systems? Identifying potential threats and vulnerabilities
  2. What is real-time payments (RTP) and how does it differ from traditional payment processing? Payments that are initiated, cleared, and settled within seconds, available 24/7/365
  3. Mastercard's 'Consumer Clarity' program is analogous to which Visa service designed to reduce friendly fraud chargebacks? Visa Order Insight
  4. The Office of Foreign Assets Control (OFAC) is responsible for: Administering and enforcing economic and trade sanctions.
  5. What is the primary purpose of the Dodd-Frank Wall Street Reform and Consumer Protection Act? To increase oversight and prevent excessive risk-taking in the financial industry.
  6. What does 'compelling evidence' refer to in the context of a chargeback representment? Documentation that disproves the cardholder's claim or confirms transaction legitimacy
  7. In Mastercard's chargeback process, what is the typical timeframe for an acquirer to respond to a chargeback with representment documentation? 30 calendar days
  8. Which PCI DSS requirement specifically addresses the need to regularly test security systems and processes? Requirement 11: Test security of systems and networks regularly
  9. Which metric is used to describe the maximum acceptable amount of time a payment system can be offline before causing serious business impact? Recovery Time Objective (RTO)
  10. In payment risk management, what is a 'fat finger' error? A human data entry mistake resulting in an incorrect transaction amount or routing
  11. Which of the following is the best example of a preventive control in payment operational risk? Requiring dual approval before processing large-value wire transfers
  12. Which principle ensure that users only have access to the information and resources necessary for their job functions? Least privilege
  13. Which of the following is a control measure to mitigate risks in ACH payment processing? Implementing encryption for data in transit
  14. Which of the following best defines operational risk in the context of payment processing? Risk of loss from inadequate internal processes, people, systems, or external events
  15. Which of the following describes a 'skimming' attack in the context of payment data security? The theft of card data by attaching a covert device to a payment terminal or ATM
  16. Which metric is calculated by dividing the total number of chargebacks in a month by the total number of transactions processed in that same month? Chargeback-to-transaction ratio
  17. Which Visa dispute reason code applies when a cardholder claims they did not receive the goods or services they paid for? 13.1 - Merchandise/Services Not Received
  18. Which term describes the fee levied on a merchant's acquirer (and passed to the merchant) for each chargeback received? Chargeback fee
  19. Which chargeback reason code category covers 'Cardholder Does Not Recognize' a transaction under Mastercard's reason code framework? Fraud
  20. Which of the following is a common physical security measure to protect against unauthorized access to a data center? Biometric access control
  21. Which of the following is a primary risk associated with card-not-present (CNP) transactions? Data breaches leading to unauthorized transactions
  22. Which of the following operational risk tools helps quantify the frequency and severity of potential payment loss events using statistical distributions? Loss Distribution Approach (LDA)
  23. What is the primary function of an incident response plan in payment risk management? To ensure business continuity during a disruption
  24. A payment firm identifies that a key third-party processor has no documented disaster recovery plan. What risk management action should be taken first? Issue a formal finding and require the vendor to remediate within a defined timeframe
  25. Which of the following is a key characteristics of the Automated Clearing House (ACH) network? Batch processing of transactions
  26. What is the primary purpose of an arbitration chargeback in the card network dispute process? To escalate an unresolved dispute to the card network for a binding decision
  27. What is the primary purpose of implementing a comprehensive security police in an organization? To protect the organization's assets
  28. Which type of attack involves intercepting and potentially altering communication between two parties without their knowledge? Man-in-the-middle attack
  29. A merchant stores customer PANs in a database. Under PCI DSS, which method is acceptable for protecting stored PANs? Encrypting PANs using strong cryptography with proper key management
  30. Which payment system is most commonly used for recurring payments such as payroll and utility bills? ACH
Turn these facts into recall: