Organisation: Woods Group

PCI DSS Compliance Status: Compliant

Expiry Date: 30.05.2019

PCI DSS Version: 3.2

Woods Group Ltd (Woods) has been providing specialist fund-raising services for charities since 1998 and provides payment services for those charities which include the use of payment cards.

Woods processes card payments in three different ways. The primary channel is through the use of paper forms. These are completed by members of the public (supporters) and sent through the post to Woods. Woods staff then take the information from the forms and enter it into their processing application (Admin System) and the details are then sent via the application to a PCI compliant payment gateway called Creditacall.

The second method, which is rarely used involves customer service agents taking card details from when there are queries associated with the paper forms. The card payments are then processed in the same way as paper forms.

The third method is via the Woods website. The website does not handle cardholder data but simply redirects the supporter to Creditcall for payment to be made through its website.

Woods does not collect any sensitive authentication data as part of any of the above three processes.

Woods does not store any cardholder data.

More information regarding URM's PCI DSS QSA Auditing Services
Disclaimer: Ultima Risk Management Ltd has undertaken an audit of Woods Group to obtain evidence of PCI DSS compliance. Based on evidence reviewed by URM's QSAs, Woods Group has been found to be compliant with PCI DSS v3.2. This activity is a 'snapshot in time' and requires that Woods Group maintain the controls that were reviewed during the audit. Please contact Woods Group if you have questions about their products, services or customer support.