• Tom O'Connor

Quiz: How much do you really know about secure merchant services?

Updated: Mar 18, 2019

Considering that 96% of data breaches target payment card data, having a plan for secure merchant services is not optional. Although the U.S. has seen a 70% increase in fraud since 2004, four out of five SMB merchants believe they are not in danger. This overconfidence can be risky as 80 percent of data breaches target small businesses, and 60 percent of small businesses close within six months after experiencing a breach.

Most security issues among SMB merchants arise from lack of education. So the more you know about secure merchant services, the more you know about the solutions and best practices you need to implement to help protect your business. To find out how informed you are about secure merchant services, I invite you to take this short quiz.

1. Why is tokenization an important feature to look for in a payment solution?

a) It covers the cost of card replacements and fines if hackers attack your business

b) It protects data in transit so that if intercepted during the transaction, it cannot be deciphered

c) It secures cardholder data for post-authorization transactions like tip adjustment and recurring billing 2. PCI compliance is only mandatory for businesses that process:

a) Over $6 million in payment card transactions

b) Any amount of payment card transactions

c) More than $20,000 in payment card transactions

3. If a customer has to swipe their chip card for payment instead of dipping it in an EMV terminal and the transaction results in a chargeback, who is responsible for the ensuing fees?

a) The merchant

b) The payment card brand (ie. Visa, MasterCard, Discover)

c) The reseller who provided the payment terminal 4. Businesses that have an EMV-enabled device are safe from card data theft.

a) True

b) False 5. Protecting cardholder data in transit is an important facet of a secure payment solution, and is called:

a) Encryption

b) Protection Plus

c) End-to-end encryption

d) A or C

e) A, B, or C


  1. (c) Tokenization replaces card data with a “token” that can be used within the payment environment for post-authorization services, but has no value if intercepted by hackers.

  2. (b) PCI applies to all businesses that accept credit or debit card payments, regardless of size. Compliance is mandatory, and failure to do so leaves a merchant vulnerable to a data breach.

  3. (a) With the implementation of the liability shift on October 1, 2015, merchants may be held liable for certain fraud related chargebacks if they process chip cards on a terminal that is not EMV-enabled.

  4. False. EMV enable devices only protect against card present fraud, and do not alone protect against card data theft. A robust EMV-enabled payment solution should include other security technologies such as tokenization and end-to-end encryption.

  5. (d) Encryption and end-to-end encryption are two names for the technology that masks sensitive cardholder data from the moment a card is entered and throughout the transaction.

Your score:

5 correct: You are a payment security rock star!

2-4 correct: You’re somewhat familiar with secure merchant services, but need more information

0-1 correct: You could use guidance from Vantiv’s security professionals

To learn more about payment security for your merchant services, contact me today!