10 October 2017
Providing Secure Live Chat for Website for Finance Companies
With finance companies regulated by the Financial Conduct Authority (FCA) and having to comply with stringent rules put in place, it is vital that they choose suppliers that help them remain compliant. It is more important now than ever, that they also select providers that are preparing for how the GDPR will affect their services or products, otherwise it could be the finance company left with the repercussions of fines of up to 4% of revenue.
The new enhanced solution ‘Experiences’ by Click4Assistance has been built with advanced security, meaning any action from logging in to storing data is more secure than KFC’s secret blend of herbs and spices recipe!
Active Directory (AD) Integration
Microsoft Windows supply offices with a central place (the active directory) to manage all users on the company’s network. This provides a simpler way to add or remove users and control their access rights, for example, what folders they have access to / which printers they can use.
Not only does it make it easier for users to log into platforms such as Microsoft Outlook and Dynamics CRM, it also makes logins securer. ‘Experiences’ by Click4Assistance now offers AD integration meaning that the users who have the option “Use Active Directory” selected will be able to log into their account using their Windows credentials whilst on the organisation’s network. This reduces the chance of your users logging into the account outside of work.
Another way to ensure users are only logging into the Click4Assistance account in the workplace, is to provide an IP address on the user type security permissions, that restricts them to only logging in via the location associated with the IP address. Administrators can also determine access times that users can only log into the account between.
If your finance company has an internal contact centre and has 2 teams covering chat throughout the day, you can have both teams assigned as separate user types within the solution, setting their shift time against each type, for example:
Team A covers chat between 9 am and 1pm, therefore those times are selected against their user type. Team B who take over the chat from 1pm and have their access revoked at 5pm can have these times assigned to their type, allowing each team to smoothly access the solution during their allotted coverage times.
For those not using AD integration, users can use their email address and a password. Good practice within companies is to change passwords regularly; this reduces the chance of a breach from someone being careless with their login credentials. The Click4Assistance solution can automatically expire passwords and encourage users to choose a new one.
Users can reset their password if they have forgotten it by requesting a code or they can change it altogether from the login screen. Those with access to “My Account” module and the “Users” area can change the password against a user by entering their current password and inputting a new one.
Auditing Your Account
If a user adds any additional functionality including licences and features, the Primary User will be notified regarding what was changed, who changed it and their IP address to ensure the upgrade was intended.
The Account Audit report shows a trail which can include:
- Who’s logged off and why they were logged off (intentional or their connection expired)
- Which scheduled report was sent out and to whom, the date range and frequency
- What users were created and by who
- If any users have updated settings, and what they changed
- If any users have updated the Experience the visitor sees on your website and what they changed.
As a UK based company with data centres in London conforming to ISO 9001 and 27001 standards, Click4Assistance adheres to the stringent regulations laid out by the FCA for data storage, Data Protection Act 1998 and PCI compliance.
Click4Assistance has been designed from the ground-up with security laying the foundations, all chat communications are over https/SSL using SHA-256bit encryption (the same level of encryption you would expected on any payment page). By default, the ability to mask sensitive data such as credit card numbers is enabled, masking ensures this type of information does not even reach our servers.
For more information on our current security policies, download our Security Documentation from our support page.
GDPR will be taking affect in the UK from 25th May 2018, for more information about how the information will affect users of live chat, take a look at our blog How Will the GDPR Affect Finance Companies Using Live Chat? which includes insights from Click4Assistance’s DPO.
Click4Assistance has been providing live chat for website software to finance companies for over 10 years, our customers include Card One Banking, Polaris and One Call Direct, we ensure their use of live chat complies with data protection rules and their users and visitors are secure using it. For more information speak with our finance co-ordinator on 01268 524628 or email firstname.lastname@example.org.