Secure Web Chat payments

Secure Chat allows you to offer real-time chat assistance and take secure payments to your website visitors. Your agents can chat , push urls, take secure payments and co-browse both reactively and pro-actively too. It is quick, efficient, customer friendly and what customers want.


  • • Text chat instantly with your customers
  • • Real time engagement
  • PCI compliant for payments in chat
  • • Operates via one line of JavaScript - Light touch
  • • Page Share and full Co-Browse
  • • One or two way Video option
  • • Fully customisable by client
  • • Full Library and push URL
  • • Canned responses automatically filled in
  • • Full back office of insights and analytics


  • Increases online sales
  • Handle multiple customers at one time
  • Enhances Customer care
  • Channel shift possibility


£65 per unit per month

Service documents


G-Cloud 11

Service ID

8 9 4 3 7 8 6 2 4 2 3 8 7 8 6



Louisa Seymour

07825 219705

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
All other services
Cloud deployment model
Private cloud
Service constraints
None that aren't browser related (such as using old browser versions).
System requirements
  • Windows 7 or above
  • Mac OSX 10.8 or above
  • IE9 or above.
  • Google Chrome (30 or above).
  • Mozilla Firefox (27 or above).
  • Opera (22 or above).
  • Safari (6 or above).

User support

Email or online ticketing support
Email or online ticketing
Support response times
Response times do not change at the weekends. Response times differ on the error severity for example: Serious (24/7 Support) - 1 hour Service Affecting - 4 Business Hours Minor - 48 Business Hours
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Onsite support
Yes, at extra cost
Support levels
Cover 1 - Charged at 5% of annual service cost, payable in advance
Monday to Friday 09.00 – 18.00, excluding UK public holidays to include help desk telephone support providing user assistance and fault reporting, and resolution within SLA.
Cover 2 – Charged at 8% of annual service cost, payable in advance
Monday to Saturday 09.00 – 18.00 excluding UK public holidays to include help desk telephone support providing user assistance and fault reporting and resolution within SLA.
Cover 3 – Charged at 10% of annual service cost, payable in advance
Monday to Saturday 24 hour a day (24/6) to include help desk telephone support providing user assistance and fault reporting and resolution within SLA.
Cover 4 – Charged at 15% of annual service cost, payable in advance
Seven days a week 24 hours a day (24/7/365) to include help desk telephone support providing user assistance and fault reporting and resolution within SLA.
Other maintenance schedules can be agreed upon request.
Support available to third parties

Onboarding and offboarding

Getting started
We provide complete end to end account management, onsite and online training and online user documentaion
Service documentation
Documentation formats
  • ODF
  • PDF
End-of-contract data extraction
This can be a manual process via the API or console or they can request this as a mass transfer as required by their security/business requirements.
End-of-contract process
There are no costs at the end of a contract and we require three months notice before the contract end.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Mobile has different collapsed styling
Service interface
What users can and can't do using the API
You can harvest data from the API, or, for bespoke implementations handle chats via the API using your own application/interface.
API documentation
API documentation formats
API sandbox or test environment
Customisation available
Description of customisation
Front end can be completely skinned by the client and their design team. They provide the design to us as part of implementation and we apply. This can be modified going forward as needed by the client.


Independence of resources
Our systems are constantly monitored and never exceed 60% of system capacity. When 60% is reached, more containers are added horizontally to scaled the platform in real time without affecting service uptime.


Service usage metrics
Metrics types
We provide many metrics based on the customer experience (tracking activity on the website) along with performance metrics for agents, and general 'overview' information. We also provide customer feedback via online surveys.
Reporting types
  • API access
  • Real-time dashboards
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least every 6 months
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Users can export as JSON over the API or CSV via the console. Other methods are available such as mySQL dump - this would need to be requested separately and may incur additional cost.
Data export formats
  • CSV
  • Other
Other data export formats
  • JSON
  • MySQL Dump
Data import formats
  • CSV
  • Other
Other data import formats
  • JSON
  • MySQL Dump

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
We support 99.99% uptime as part of our SLA, but for the last 12 months have achieved 100% uptime. Users are refunded on a pro-rate basis for any time this is exceeded. We have never had to perform any refunds.
Approach to resilience
This information is available on request.
Outage reporting
There is a public dashboard for this, along with account management who will update via email.

Identity and authentication

User authentication needed
User authentication
  • Username or password
  • Other
Other user authentication
Can be setup to work only to pre-defined IP addresses as required.
Access restrictions in management interfaces and support channels
User roles define the level of access any user will have to the system. User actions when authenticated are recorded for audit purposes.
Access restriction testing frequency
At least every 6 months
Management access authentication
Description of management access authentication
There isn't any management access to this service

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
British Assessment Bureau
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
All covered
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Who accredited the PCI DSS certification
PCI DSS accreditation date
What the PCI DSS doesn’t cover
Nothing. Available through Eckoh, our parent company.
Other security certifications
Any other security certifications
  • Cyber Security Essentials

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
For ISO27001 we have to show our compliance with our own ISMS which includes a complete Information Security Policy. This is escalated to the service desk internally and externally and then up through the management layer to the board. This is reviewed externally to ensure compliance before certification is awarded.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
We adhere to our clients change management processes as required, either using ITIL or PRINCE2 as preferred by our clients.

Changes are always impacted for risk and effort by the responsible area and fed back to all stakeholders via an IA document prior to work being scheduled.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We have information about potential threats from multiple online sources including security providers, blogs, forums and other community areas for our application stack. There is a 2 weekly patching cycle, and sooner if threats are discovered or announced.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We use web application firewalls and intrusion detection systems to identify potential compromises. These are alerted immediately to system admins who would assess and action.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
We have pre-defined processes as part of our ISMS users report incidents to our 24/7 service desk who also provide reports to clients about incidents. This may also be provided via the account manager.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks


£65 per unit per month
Discount for educational organisations
Free trial available

Service documents

Return to top ↑