Organisation: Woods Group
PCI DSS Compliance Status: Compliant
Expiry Date: 30.05.2021
PCI DSS Version: 3.2.1
Woods Group Limited (trading as Woods Valldata) has been providing specialist fund-raising services for charities since 1998 and provides payment services for those charities which include the use of payment cards.
Woods Valldata processes card payments in three different ways. The primary channel is through the use of paper forms. These are completed by members of the public (supporters) and either sent via post directly to Woods Valldata, with staff then scanning the information into a temporary database, or they are collected by merchants who scan them and upload them in batches to Woods Valldata in digital files. Periodically, throughout each day, these forms are batch processed via one of two processing applications to one of two PCI compliant payment gateways, depending on the merchant. As part of this process, the cardholder data is redacted from the paper forms once it has been processed.
The second method, which is rarely used, involves customer service agents taking card details from customers over the telephone. This process is used when there are queries associated with the paper forms. The card payments are then processed in the same way as paper forms.
The third method is via one of the two Woods Valldata websites. The first website does not handle cardholder data, but simply redirects the supporter to the payment processor for payment to be made through its website. The second website is restricted to only Woods Valldata merchants and collects data via an iFrame; the data is then sent to the same processing application as used to process the paper forms.
WoodsValldata does not collect any sensitive authentication data as part of any of the above three processes