• 855-872-6632
  • Questions?
  • IntelliPay Login
IntelliPay
  • Payment Models
  • Industries
    • Auto Dealers & Repair Shops
    • Education
    • Government
    • Insurance
    • Legal
    • Medical
    • Non-Profits
    • Property Management
    • Small Business
    • Unions
    • Utilities
  • Products
    • Product and Services Catalogs
    • eCash
    • Partners – Custom
  • FAQ
  • Developers
  • Blog
  • About Us
    • Contact
    • Events
    • News
    • Support
Select Page

IntelliPay Merchant Guide: PCI DSS 4.0.1 Made Simple

by Dale Erling | Oct 24, 2025 | Payment Optimization | 0 comments

PCI DSS on blocks for blog post on

Contents

  • PCI DSS 4.0.1: What IntelliPay Merchants Must Do Before 2026
  • Key Takeaways
  • Why PCI DSS 4.0.1 Matters
  • Understanding Merchant Levels
  • What IntelliPay Does For You
  • Your Responsibilities as an IntelliPay Merchant
  • 1. Complete Your Annual Self-Assessment Questionnaire (SAQ)
  • 2. Verify IntelliPay’s Compliance Status
  • 3. Verify Other Third-Party Providers (if applicable)
  • 4. Follow Basic Security Practices
  • 5. Train Your Staff
  • 6. Use IntelliPay’s Payment Solutions Correctly
  • Common Pitfalls and Prevention Tips
  • FAQs
  • Your Simple Compliance Checklist
  • Need Help?

PCI DSS 4.0.1: What IntelliPay Merchants Must Do Before 2026

Updated October 2025

Key Takeaways

  • PCI DSS 4.0.1 compliance is mandatory—new controls become required after April 2025
  • IntelliPay handles most technical compliance requirements as your Level 1 PCI DSS certified payment processor
  • Your main responsibility: Complete an annual Self-Assessment Questionnaire (SAQ)
  • Verify third-party providers (other than IntelliPay) supply Attestations of Compliance (AOCs)
  • Train your staff on basic payment security practices

Why PCI DSS 4.0.1 Matters

The Payment Card Industry Data Security Standard (PCI DSS) protects cardholder data during payment processing. Version 4.0.1—effective April 2025—is the latest update to these requirements.

Non-compliant merchants risk:

  • Fines from card brands
  • Higher processing rates
  • Loss of ability to accept credit cards

Good news: By using IntelliPay’s hosted payment solutions, you’ve already eliminated most compliance complexity.

Understanding Merchant Levels

All merchants must comply with PCI DSS, but requirements vary by size:

LevelAnnual Transaction VolumeYour Requirements with IntelliPay
1Over 6 millionAnnual On-Site Audit by QSA
21–6 millionAnnual SAQ
320,000–1 million eCommerceAnnual SAQ
4<20,000 eCommerce or up to 1 million totalAnnual SAQ

Most small businesses are Level 4 merchants.

What IntelliPay Does For You

As a PCI DSS Level 1 certified provider, IntelliPay handles:

✓ End-to-end encryption and tokenization
✓ Secure data storage and transmission
✓ Quarterly vulnerability scans (ASV)
✓ 24/7 system monitoring
✓ File-integrity monitoring
✓ Incident response and detection
✓ Infrastructure security controls
✓ Payment page security

This means cardholder data never touches your systems.

Your Responsibilities as an IntelliPay Merchant

1. Complete Your Annual Self-Assessment Questionnaire (SAQ)

What it is: A checklist confirming you’re using IntelliPay’s secure payment solution correctly.

Which SAQ you’ll use:

  • SAQ A – If you redirect customers to IntelliPay’s payment page, download the form here.
  • SAQ A-EP – If you embed IntelliPay’s payment form on your website, download the form here 

When: Once per year

How: IntelliPay can help you identify the correct SAQ and complete it

Learn more about SAQ form types here

2. Verify IntelliPay’s Compliance Status

Request IntelliPay’s current Attestation of Compliance (AOC) annually to confirm their Level 1 certification is active.

3. Verify Other Third-Party Providers (if applicable)

If you use additional payment-related services beyond IntelliPay (examples: shopping carts, POS systems, hosting providers that touch payment data), request their AOCs annually.

4. Follow Basic Security Practices

Never:

  • Write down credit card numbers on paper, emails, or spreadsheets
  • Store cardholder data on your computers or systems
  • Share payment processing passwords

Always:

  • Use strong, unique passwords for IntelliPay access
  • Enable multi-factor authentication (MFA) if available
  • Keep only paper receipts with truncated card numbers (last 4 digits only)

5. Train Your Staff

Annual training should cover:

  • Never write down or store card numbers
  • Recognizing phishing emails
  • Password security best practices
  • How to properly use IntelliPay’s payment system

Document your training (dates, attendees, topics covered)

6. Use IntelliPay’s Payment Solutions Correctly

For online payments:

  • Use IntelliPay’s hosted payment pages or embedded forms
  • Don’t create your own payment forms that capture card data
  • Ensure your website redirects properly to IntelliPay’s secure environment

For phone/mail orders:

  • Enter card data directly into IntelliPay’s virtual terminal
  • Never store card information temporarily in notes or documents

For in-person payments:

  • Use IntelliPay-approved terminals only
  • Ensure terminals are physically secured

Common Pitfalls and Prevention Tips

PitfallPrevention Tip
Forgetting annual SAQSet a calendar reminder; IntelliPay can send reminders
Staff writing down card numbersTrain employees annually; post reminders at workstations
Using unauthorized payment methodsOnly accept payments through IntelliPay’s approved solutions
Missing third-party AOCsRequest AOCs when onboarding new vendors
Outdated contact informationKeep your IntelliPay account profile current

FAQs

Is PCI DSS 4.0.1 legally required?
While not federal law, all major card networks mandate PCI compliance. Non-compliance can result in fines or loss of card acceptance privileges.

What happens if I missed the April 2025 deadline?
You may face penalties, higher processing rates, or be classified as high-risk.

Do I need to hire a security consultant?
No. As an IntelliPay merchant using our hosted solutions, you can complete your SAQ independently or with our guidance.

How often do I need to validate compliance?
Complete your SAQ annually. IntelliPay handles ongoing monitoring and quarterly scans.

What if I add a new payment channel (online, phone, in-person)?
Contact IntelliPay first. We’ll ensure you’re using compliant solutions and may need to update your SAQ type.

Do I need my own ASV scans?
No. IntelliPay’s Level 1 certification covers required vulnerability scanning.

Your Simple Compliance Checklist

Once per year:

  • Complete your annual SAQ
  • Request IntelliPay’s current AOC
  • Request AOCs from any other payment-related vendors
  • Conduct staff security training
  • Review and update security policies

Ongoing:

  • Use only IntelliPay’s approved payment methods
  • Never store cardholder data
  • Keep passwords secure and use MFA
  • Secure paper receipts (shred when disposing)

Need Help?

IntelliPay’s compliance team is here to assist with:

  • Determining your correct SAQ type
  • Answering compliance questions
  • Providing our current AOC
  • Reviewing your payment setup

Contact IntelliPay or visit IntelliPay.com By partnering with IntelliPay, a PCI DSS Level 1 compliant service provider, you’ve simplified compliance while maintaining enterprise-grade security. We handle the technical complexity so you can focus on your business.

About Us

Blog

Developers

eCash

Emergency Support

FAQ

Glossary

Industries

Payment Models

Partners – Custom

Products

Reseller Resources

Resources

Support

Cookie Policy

Privacy Policy

Privacy Statement-California 

Do Not Track or Sell My Information

Contact

12884 Frontrunner Blvd, Suite 220
Draper, Utah 84020

Have any questions?
855-872-6632
sales@intelliPay.com

  • Follow
  • Follow
  • Follow

©2011- 2026 Convenient Payments dba IntelliPay. All rights reserved.
IntelliPay is a registered ISO/MSP of Citizens Bank, Providence, RI, and Synovus Bank, Columbus, GA .
Privacy Policy  –  Privacy Statement-California