Is cobrowsing secure?

Cobrowsing lets you join your customers as they browse around your website. This improves customer service and boosts revenue. But . . . What are the security aspects that you need to consider?, Is cobrowsing secure and compliant?

In this article we'll discuss the security of cobrowsing systems, detailing why your agents, your organisation, and your customers have nothing to worry about.

What cobrowsing is not?

We first need to be clear with what cobrowsing is not.

Cobrowsing is not desktop sharing, screen sharing, and does not rely on plugins or other harmful downloads. What is cobrowsing?

What can agents see?

Cobrowsing only lets you see what your customer sees on your website. Specifically, only pages with cobrowsing scripts attached.

What if the customer is on a sensitive page?

You can block sensitive pages from being shared. This is achieved by masking sensitive HTML elements. This ensures that agents can neither see or interact with particular elements. For example, a credit card field can be obfuscated within an ecommerce checkout.

Is Cobrowsing secure?

Does the customer's data leave their browser? Data from masked elements never leaves the customer's browser. This data does not even pass through the cobrowsing web server.

Can the customer see the agent desktop?

No. Your customer cannot see anything the agent is doing on their desktop. The customer just knows that a cobrowsing session is in progress.

Where are the servers located?

Cobrowsing can be deployed on-premise or from a cloud service. If deployed from a cloud environment, cobrowsing instances can be deployed to regional data centres.

What if the customer is behind a login wall?

Unlike many solutions, Talkative's cobrowsing system works behind login walls. This is dependent on the scripts being included on these pages by the organisation.

Can an agent take over the customer's browser?

No. The customer may terminate the cobrowsing session at any time. Cobrowsing was built with customer understanding in mind. Customers care about their privacy and can be wary of new technology on websites. This is why Talkative ensures that the customer has the power to question and end anything they might be uncomfortable with.

Does cobrowsing require the customer to download potentially harmful files?

Since cobrowsing primarily uses JavaScript, a customer does not have to download any plugins, or sign into an application. Many desktop sharing clients require installations, but cobrowsing can be started without even refreshing the website page. Cobrowsing will work on all modern browsers and devices.

Can agents send malicious files to customers?

No. However, documents can be sent to be displayed to the customer. Talkative recommends that these files be distributed from a pre-approved organisation repository. When the document share feature is used, the cobrowse server checks the file to ensure it isn't malicious.

Can interactions be audited?

Talkative records all cobrowsing interactions and messages sent between customer and agent. All cobrowsing interactions are securely stored for analysis if required. Existing desktop recording may also be used to record sessions.

Is there any way for an outsider to hack into the session?

Cobrowse session security can be split up into several different components:

  • Protocol Security: All data is sent and received over Secure Web Sockets (WSS).
  • Session Authentication: All sessions are secured against by meta data through the Talkative authentication API.
  • Message Level Security: All messages are checked against the role of the user (agent or customer) ensuring that only the correct message can be sent to/from the correct person.
  • WebPage Level Security: This includes the obfuscation of elements on a webpage. Please see here for more detail. A more thorough guide to Talkative's security can be found here: Security overview>

Most cobrowsing solutions are sophisticated enough to remain compliant and secure in even the most stringent and demanding customer contact scenarios.

Talkative's specific security advantages:

  • Cloud and on-premise deployment to seamlessly fit into any IT environment.
  • Mask any website/app element.
  • Audit trail of interactions.
  • No downloads, plugins, or logins required for customer.
  • Works behind authenticated login walls.