Organisation: Woods Group

PCI DSS Compliance Status: Compliant

Expiry Date: 30.05.2021

PCI DSS Version: 3.2.1

Woods Group Limited (trading as Woods Valldata) has been providing specialist fund-raising services for charities since 1998 and provides payment services for those charities which include the use of payment cards.

Woods Valldata processes card payments in three different ways. The primary channel is through the use of paper forms. These are completed by members of the public (supporters) and either sent via post directly to Woods Valldata, with staff then scanning the information into a temporary database, or they are collected by merchants who scan them and upload them in batches to Woods Valldata in digital files. Periodically, throughout each day, these forms are batch processed via one of two processing applications to one of two PCI compliant payment gateways, depending on the merchant. As part of this process, the cardholder data is redacted from the paper forms once it has been processed.

The second method, which is rarely used, involves customer service agents taking card details from customers over the telephone. This process is used when there are queries associated with the paper forms. The card payments are then processed in the same way as paper forms.

The third method is via one of the two Woods Valldata websites. The first website does not handle cardholder data, but simply redirects the supporter to the payment processor for payment to be made through its website. The second website is restricted to only Woods Valldata merchants and collects data via an iFrame; the data is then sent to the same processing application as used to process the paper forms.

WoodsValldata does not collect any sensitive authentication data as part of any of the above three processes

More information regarding URM's PCI DSS QSA Auditing Services
Disclaimer: URM Consulting Services Ltd. has undertaken an audit of Woods Group to obtain evidence of PCI DSS compliance. Based on evidence reviewed by URM's QSAs, Woods Group has been found to be compliant with PCI DSS v3.2.1. This activity is a 'snapshot in time' and requires that Woods Group maintain the controls that were reviewed during the audit. Please contact Woods Group if you have questions about their products, services or customer support.