Customer experience management behind login: addressing security challenges

Ensuring a smooth customer experience for financial services providers is critical on the secure area of the website. Customers are logging in to conduct a host of account management actions and other transactions – paying bills, making money transfers, managing investment accounts, downloading personal documents, or asking for a quote, to name a few. Providing a superior, customer-centric experience is imperative to maximize the lifetime value of these customers, who have already placed their trust in your services.

At Clicktale, we fully support every type of environment behind logins, including account management and self-service to company intranets or other internal applications. By revealing customer experience behind the login, Clicktale enables you to see why customers may be engaging (or not) with particular content; exiting a particular page prior to taking action; receiving errors on help pages; leaving feedback (negative or positive) and a variety of other behaviors.
Once a customer logs in and his or her identity and sensitive financial information is shown on the screen, it’s mission-critical to protect that data. Financial institutions require certainty that their sensitive data does not fall into the wrong hands, and any collection of such data must be conducted using the highest levels of protection.

By design, Clicktale’s experience management platform blocks recording and collection of any Personally Identifiable Information (PII) entered by keystroke, as well as any on-page PII as defined by the customer. No private information is transferred from the browser to Clicktale, nor recorded in these environments. Furthermore, any page delivered over HTTPS is also transmitted to its servers via HTTPS, supporting only the latest encryption protocols. As Clicktale relies on sending the HTML page from the browser to our servers, it is never necessary for our technology to re-authenticate against the website, reducing the need to provide Clicktale with valid credentials to the site.

Removing Personally Identifiable Information (PII):

Clicktale’s customers include Fortune 500 companies in the financial services, telecommunications, e-commerce, technology, travel and media sectors, several of whom have developed successful methodologies for removing PII. One best practice is to identify PII in the HTML itself by using special tags. The tags are picked up by Clicktale and then blocked automatically, which removes the need to manually block every instance of PII.
Clicktale has also developed several additional methods for blocking PII, including: JavaScript API that utilizes CSS selectors; adding a CSS class in the HTML mark-up or via JavaScript code that automatically masks all textual content; a Clicktale “ExcludeBlock” to exclude full blocks of content using HTML markup; among other methods. Clicktale’s thorough PII removal methods are almost effort-less for the customer.

Trust in the Clicktale source code and platform

Clicktale utilizes automated scanning to assist our R&D teams to uncover and fix potential security flaws within our uncompiled source code. Clicktale also implements an advanced Security Incident and Event Management (SIEM) solution to audit, monitor, aggregate, and correlate security alerts, ensuring swift discovery and response to security incidents.

In addition, the Clicktale experience management platform contains numerous security features, including user authentication, authorization levels, account lock-out, single sign-on, and in transit encryption.

Ironclad security policies and ISO 27001 certification

At Clicktale, security is a top focus. Our dedicated security team is part of the business lifecycle and ensures that every aspect within the company is adequately evaluated and risks are addressed. We are constantly enhancing our security practices, which are implemented across the organization. Our security program includes formal adaption by senior management of numerous policies, including: Information Security, Risk Management, HR Security, Asset Management, Acceptable Use, Data Classification, Physical and Environmental Security, Data Disposal, Access Control, Incident Management and Response, and others.
We have penetration tests conducted by third parties conducted at least twice a year to verify our security robustness. Not only is our hosting center ISO 27001 certified – but we are ISO 27001 certified ourselves. The result is that Clicktale passes security tests with flying colors when customers evaluate Clicktale to fit with their internal security team’s policies and requirements.

Lastly, I should note that we can provide additional security support for financial services clients, such as:

  • Restrictions on project access to a limited number of people
  • Access control logs
  • Dedicated third-party security review for any custom code
Talk to us to explore how customer experience analytics can improve your business