Security
Give every visitor a real-time trust score, automatically flag or block suspicious activity, and review borderline visitors — all from one dashboard.
Overview
Security gives every visitor a trust score from 0 to 100 — think of it as a credit score for the person on the other end of the chat. The score is calculated in real time from a set of built-in signals that look at behaviour, identity, and bot-like activity. Where a visitor's score lands decides whether they chat normally, get flagged as low trust, or are automatically blocked.
Key concepts
Trust score
Every new, anonymous visitor starts in the neutral middle at 50. From there:
- Risk signals push the score down — attack tools, suspicious URLs, bot-like activity, or weak identity hints (like a disposable email).
- Trust signals push the score up — a real email on file, an account that has been around for a while, or a known customer.
Weak risk flags fade after 30 days if the behaviour stops, proof of an attack is permanent, and trust a visitor has earned stays with them. Genuine search engine crawlers (Googlebot, Bingbot, and the like) are filtered out before scoring and never appear here.
The two lines and three zones
You set two threshold lines that split the 0–100 scale into three colour-coded zones:
| Zone | Where the score sits | What happens |
|---|---|---|
| 🟢 Trusted | At or above the low-trust line | Chats normally, no friction |
| 🟡 Low trust | Between the two lines | Can still chat; simply flagged as low trust |
| 🔴 Blocked | Below the block line | Automatically blocked from chatting |
You can move both lines yourself, or pick a one-click protection preset, on the Policy page.
Trust band and team decisions
Security works on two layers:
- Trust band (passive) — derived straight from the score, this is awareness only. A visitor sits in one of three bands — Trusted, Low trust, or Blocked — based on where their score lands. A low-trust visitor is never pushed at anyone to "decide" on; they can still chat.
- Team decision (durable) — an optional, lasting choice your team makes that overrides the band:
- Allowed — a permanent exemption. This visitor is never auto-blocked again, even if their score later drops into the low-trust or blocked range.
- Blocked — this visitor is blocked, regardless of their score.
A visitor with no team decision simply follows their trust band.
What's inside
Overview
Key numbers at a glance — trusted, flagged and blocked counts, trust distribution, top risk signals, and recently flagged visitors.
How it works
Scoring runs automatically in the background — no extra code or SDK changes are needed:
- The Yaplet widget collects the events it already gathers (page views, sessions, identity).
- Each visitor is evaluated against the built-in signals.
- Triggered signals raise or lower the visitor's trust score.
- If the score drops into the low-trust zone, the visitor is flagged as low trust (awareness only — no action required).
- If it drops below the block line, the visitor is automatically blocked — the chat widget locks in their browser straight away.