Contents
- PCI DSS 4.0.1: What IntelliPay Merchants Must Do Before 2026
- Key Takeaways
- Why PCI DSS 4.0.1 Matters
- Understanding Merchant Levels
- What IntelliPay Does For You
- Your Responsibilities as an IntelliPay Merchant
- 1. Complete Your Annual Self-Assessment Questionnaire (SAQ)
- 2. Verify IntelliPay’s Compliance Status
- 3. Verify Other Third-Party Providers (if applicable)
- 4. Follow Basic Security Practices
- 5. Train Your Staff
- 6. Use IntelliPay’s Payment Solutions Correctly
- Common Pitfalls and Prevention Tips
- FAQs
- Your Simple Compliance Checklist
- Need Help?
PCI DSS 4.0.1: What IntelliPay Merchants Must Do Before 2026
Updated October 2025
Key Takeaways
- PCI DSS 4.0.1 compliance is mandatory—new controls become required after April 2025
- IntelliPay handles most technical compliance requirements as your Level 1 PCI DSS certified payment processor
- Your main responsibility: Complete an annual Self-Assessment Questionnaire (SAQ)
- Verify third-party providers (other than IntelliPay) supply Attestations of Compliance (AOCs)
- Train your staff on basic payment security practices
Why PCI DSS 4.0.1 Matters
The Payment Card Industry Data Security Standard (PCI DSS) protects cardholder data during payment processing. Version 4.0.1—effective April 2025—is the latest update to these requirements.
Non-compliant merchants risk:
- Fines from card brands
- Higher processing rates
- Loss of ability to accept credit cards
Good news: By using IntelliPay’s hosted payment solutions, you’ve already eliminated most compliance complexity.
Understanding Merchant Levels
All merchants must comply with PCI DSS, but requirements vary by size:
| Level | Annual Transaction Volume | Your Requirements with IntelliPay |
|---|---|---|
| 1 | Over 6 million | Annual On-Site Audit by QSA |
| 2 | 1–6 million | Annual SAQ |
| 3 | 20,000–1 million eCommerce | Annual SAQ |
| 4 | <20,000 eCommerce or up to 1 million total | Annual SAQ |
Most small businesses are Level 4 merchants.
What IntelliPay Does For You
As a PCI DSS Level 1 certified provider, IntelliPay handles:
✓ End-to-end encryption and tokenization
✓ Secure data storage and transmission
✓ Quarterly vulnerability scans (ASV)
✓ 24/7 system monitoring
✓ File-integrity monitoring
✓ Incident response and detection
✓ Infrastructure security controls
✓ Payment page security
This means cardholder data never touches your systems.
Your Responsibilities as an IntelliPay Merchant
1. Complete Your Annual Self-Assessment Questionnaire (SAQ)
What it is: A checklist confirming you’re using IntelliPay’s secure payment solution correctly.
Which SAQ you’ll use:
- SAQ A – If you redirect customers to IntelliPay’s payment page, download the form here.
- SAQ A-EP – If you embed IntelliPay’s payment form on your website, download the form here
When: Once per year
How: IntelliPay can help you identify the correct SAQ and complete it
Learn more about SAQ form types here
2. Verify IntelliPay’s Compliance Status
Request IntelliPay’s current Attestation of Compliance (AOC) annually to confirm their Level 1 certification is active.
3. Verify Other Third-Party Providers (if applicable)
If you use additional payment-related services beyond IntelliPay (examples: shopping carts, POS systems, hosting providers that touch payment data), request their AOCs annually.
4. Follow Basic Security Practices
Never:
- Write down credit card numbers on paper, emails, or spreadsheets
- Store cardholder data on your computers or systems
- Share payment processing passwords
Always:
- Use strong, unique passwords for IntelliPay access
- Enable multi-factor authentication (MFA) if available
- Keep only paper receipts with truncated card numbers (last 4 digits only)
5. Train Your Staff
Annual training should cover:
- Never write down or store card numbers
- Recognizing phishing emails
- Password security best practices
- How to properly use IntelliPay’s payment system
Document your training (dates, attendees, topics covered)
6. Use IntelliPay’s Payment Solutions Correctly
For online payments:
- Use IntelliPay’s hosted payment pages or embedded forms
- Don’t create your own payment forms that capture card data
- Ensure your website redirects properly to IntelliPay’s secure environment
For phone/mail orders:
- Enter card data directly into IntelliPay’s virtual terminal
- Never store card information temporarily in notes or documents
For in-person payments:
- Use IntelliPay-approved terminals only
- Ensure terminals are physically secured
Common Pitfalls and Prevention Tips
| Pitfall | Prevention Tip |
|---|---|
| Forgetting annual SAQ | Set a calendar reminder; IntelliPay can send reminders |
| Staff writing down card numbers | Train employees annually; post reminders at workstations |
| Using unauthorized payment methods | Only accept payments through IntelliPay’s approved solutions |
| Missing third-party AOCs | Request AOCs when onboarding new vendors |
| Outdated contact information | Keep your IntelliPay account profile current |
FAQs
Is PCI DSS 4.0.1 legally required?
While not federal law, all major card networks mandate PCI compliance. Non-compliance can result in fines or loss of card acceptance privileges.
What happens if I missed the April 2025 deadline?
You may face penalties, higher processing rates, or be classified as high-risk.
Do I need to hire a security consultant?
No. As an IntelliPay merchant using our hosted solutions, you can complete your SAQ independently or with our guidance.
How often do I need to validate compliance?
Complete your SAQ annually. IntelliPay handles ongoing monitoring and quarterly scans.
What if I add a new payment channel (online, phone, in-person)?
Contact IntelliPay first. We’ll ensure you’re using compliant solutions and may need to update your SAQ type.
Do I need my own ASV scans?
No. IntelliPay’s Level 1 certification covers required vulnerability scanning.
Your Simple Compliance Checklist
Once per year:
- Complete your annual SAQ
- Request IntelliPay’s current AOC
- Request AOCs from any other payment-related vendors
- Conduct staff security training
- Review and update security policies
Ongoing:
- Use only IntelliPay’s approved payment methods
- Never store cardholder data
- Keep passwords secure and use MFA
- Secure paper receipts (shred when disposing)
Need Help?
IntelliPay’s compliance team is here to assist with:
- Determining your correct SAQ type
- Answering compliance questions
- Providing our current AOC
- Reviewing your payment setup
Contact IntelliPay or visit IntelliPay.com By partnering with IntelliPay, a PCI DSS Level 1 compliant service provider, you’ve simplified compliance while maintaining enterprise-grade security. We handle the technical complexity so you can focus on your business.
