PCI Compliance
Smarter Than a 5th Grader?
What does EMV stand for?
Europay, MasterCard and Visa
What does the PCI, in PCI Compliance stand for?
Payment Card Industry
What card association (card brand) is consolidating their chargeback reason codes?

Businesses that have an EMV-enabled device are safe from card data theft. True or False?
False. EMV enable devices only protect against card present fraud, and do not alone protect against card data theft.

PCI compliance is only mandatory for businesses that process:

A. Over $6 million in payment card transactions

B. Any amount of payment card transactions

C. More than $20,000 in payment card transactions

(B) PCI applies to all businesses that accept credit or debit card payments, regardless of size. Compliance is mandatory, and failure to do so leaves a merchant vulnerable to a data breach.
If a cardholder contacts their issuing bank and states that their card was in their possession and they did not purchase anything from FashionNova.com, what chargeback reason code would be assigned to this case?

When did the signature requirement become optional for all EMV-enabled merchants in the U.S?

A. March 1, 2018

B. March 21, 2018

C. April 14, 2018

C. April 14, 2018
What does SAQ Stand for?

Self-Assessment Questionnaire

What does it mean when a merchant receives a chargeback for "exceeding the floor limit"?

A floor limit is the maximum amount a merchant can charge to the customers card without getting authorization. For a charge above the floor limit, the merchant must obtain authorization from the card issuer.

For example, If a store has a floor limit of $30.00, a purchase costing $29.99 (or less) would not need to be authorized by the customer's bank. However, a transaction of $30.00 (or more) would require authorization to confirm that the customer has the necessary funds available in their bank account.

What month and year was the Liability shift effective? A. August 2014

B. December 31, 2015

C. October 2015

(C) With this liability shift, the party that is the cause of a chip transaction not occurring (i.e., either the cardholder/issuer or the merchant/ acquirer) will be held financially liable for any resulting card present counterfeit fraud losses. The shift helps to better protect all parties by encouraging chip transactions that use unique, dynamic authentication data.

What is a Common Point of Purchase (CPP) report?

What does it tell us (the acquierer) and the card associations (VISA, MC, Discover and AMEX)?

The Common Point of Purchase report tells the Acquirer and the Card associations the common point that all the compromised cardholders have in common.


What is "friendly fraud"?

A – Consumers illegitimately dispute a transaction with the bank instead of contacting the merchant for a refund.

B – The cardholder didn’t recognize the charge or forgot about making the purchase and contacted their bank to dispute the transaction.

C – A customer uses a credit card to make a purchase, and then disputes the charge with their credit card company once the item(s) are received.

D – All of the above (Friendly fraud means the actual cardholder made the transaction. The cardholders card number had not been compromised by a fraudster.)

E – None of the above

D – All of the above (Friendly fraud means the actual cardholder made the transaction. The cardholders card number had not been compromised by a fraudster.)


If a customer has to swipe their chip card for payment instead of dipping it in an EMV terminal and the transaction results in a chargeback, who is responsible for the fees associated with the chargeback?

A. The merchant

B. The payment card brand (ie. Visa, MasterCard, Discover)

C. The reseller who provided the payment terminal

D. The issuing bank (the credit card issuer)

A. With the implementation of the liability shift on October 1, 2015, merchants may be held liable for certain fraud related chargebacks if they process chip cards on a terminal that is not EMV-enabled.

How Many Different SAQ (Self Assessment Questionnaire) validation levels are there?


A- Card-not-present (e-commerce or mail/telephone-order) merchants, all cardholder data functions outsourced. This would never apply to face-to-face merchants.

B- Imprint-only merchants with no electronic cardholder data storage, or standalone, dialout terminal merchants with no electronic cardholder data storage.

C-Merchants with payment application systems connected to the Internet, no electronic cardholder data storage.

C-VT- Merchants using only web-based virtual terminals, no electronic cardholder data storage.

D- All other merchants not included in descriptions for SAQ types A through C above, and all service providers defined by a payment brand as eligible to complete an SAQ.


The customer has participated in a trial offer and cancelled the service(s)/merchandise but was charged a subsequent amount.

The correct reason code to use would be 4860-Credit not processed. True or False

False. The reason code should be cancelled recurring transaction

