Location: Skip Navigation LinksHome Page : WhosOn Introduction : Secure Live Chat

How Secure Is WhosOn Live Chat?

WhosOn Live Chat Security Features

WhosOn Security Features

We often get asked how if WhosOn is secure - and if so, how? This page answers those questions.
There are 2 parts of WhosOn in relation to security:

 

1. The Visitor Facing Live Chat Client


This is the live chat application that visitors use to chat to operators within your organization. Visitors launch this web application by selecting the 'click to chat' link on your site or by responding to an invite request sent by an operator.

The WhosOn Live Chat application runs within a web browser using standard HTML and JavaScript. It communicates back to the WhosOn server (via IIS) using 'AJAX' calls via standard HTTP. The live chat application is secured using SSL (secure sockets layer). This is the standard security layer used by all secure web pages. This means that live chat sessions in WhosOn are completely secure for the visitor - and are just as secure as any checkout page.

Visitors can see that the chat is secure with the padlock icon shown in their web browser:

Secure Live Chat

One added benefit of the WhosOn Installable Version is that you can use your own SSL certificate. This means the certificate will show your own organization details instead of ours. This gives the visitor added confidence. The Hosted version of WhosOn uses secure chat by default - but the SSL certificate will show 'Parker Software'.

2. The Operator Client


Operators within your organization run the WhosOn Client to watch live stats and take chat requests. The WhosOn Client itself in most cases is not Internet facing (since it runs behind your firewall) - however it still uses 256bit AES encryption for all communications with the WhosOn Server so it's safe to use anywhere. 

AES encryption is the standard encryption used by the US Government. See http://en.wikipedia.org/wiki/Advanced_Encryption_Standard

Operators must login to WhosOn using a username & password and must specify the correct authentication string in their settings. The authentication string is a server-wide setting that clients use to authenticate against the WhosOn server when they connect. The user names/passwords can be configured for each user and are sent encrypted by the client when the user logs in.

In summary, WhosOn is completely secure, both for the visitor and for the operator. At no point is any clear text sent over the Internet. 

Additional Security


For users that want additional levels of security - we can provide a dedicated WhosOn Server. This will be located in our secure data center. We can configure the firewall so that only operators on your internal subnet can connect to the WhosOn Server. Your own SSL certificate can be used on the visitor chat. This would be a completely secure, self contained solution running separate from your website. Please contact us for details.