APRP exam – how much do you actually need to know about payment card networks?
I'm preparing for the APRP and I work in ACH fraud operations, so I'm very strong on NACHA rules and ACH risk management. The card network rules – Visa, Mastercard, card-not-present fraud – are less familiar territory for me professionally, and I'm worried the exam might weight those areas more than my background covers.
I'm 6 weeks out from my exam date, studying about 1.5 hours on weekday evenings. I've done maybe 120 practice questions so far and I'm at about 67% overall – 85%+ on ACH-related content, around 50% on card fraud and dispute resolution. That gap is concerning.
The AAP Body of Knowledge guide lists about 12 domains. Is the card network content roughly proportional across domains or are some disproportionately represented? I've heard physical security and internal controls show up more than people expect.
Also curious whether anyone has experience with the exam in 2025 vs earlier versions – I've seen comments suggesting the question style changed to be more scenario-based and less definitional.
Card fraud and dispute resolution was roughly 15–18% of my exam. Your 50% practice score there will hurt you if it stays that low, but 6 weeks is enough to close that gap. I'd dedicate the first 3 weeks almost entirely to card network content to get yourself to parity.
The internal controls section tied closely to the COSO framework in my exam. If you haven't reviewed COSO's five components recently, that's worth an afternoon. Not super deep but the terminology shows up in maybe 8–10 questions.
I scored a 78% overall. My ACH background helped a lot but I had to study check fraud and wire transfer risk from scratch. Those two areas plus card networks are where people with ACH-only backgrounds tend to underperform – plan for it.
The physical security questions caught me off guard – specifically ATM skimming countermeasures and logical access controls for payment systems. They weren't deep technical questions but they required knowing the terminology and standard frameworks.
Yes, the questions have been more scenario-based since the 2024 refresh. They'll describe a situation and ask what the risk professional should do first, rather than asking you to define something directly.