Will the Internet Ever Be ‘Safe’?

What's Hot

2 Types of Black Marks Might Vanish From Your Credit File SoonBorrow

6 Ways the Obamacare Overhaul Might Impact Your WalletInsurance

7 Dumb and Costly Moves Homebuyers MakeBorrow

This Free Software Brings Old Laptops Back to LifeMore

Obamacare Replacement Plan Gets ‘F’ Rating from Consumer ReportsFamily

Beware These 12 Common Money MistakesCredit & Debt

21 Restaurants Offering Free Food Right NowSaving Money

17 Ways to Have More Fun for Less MoneySave

House Hunters: Beware of These 6 Mortgage MistakesBorrow

30 Household Uses for Baby OilSave

25 Ways to Spend Less on FoodMore

Nearly Half of Heart-Related Deaths Linked to These 10 Foods and IngredientsFamily

5 Surprising Benefits of Exercising Outdoors in WinterFamily

10 Ways to Save When You’re Making Minimum WageSave

Boost Your Credit Score Fast With These 7 MovesCredit & Debt

7 Painless Ways to Pay Off Your Mortgage Years EarlierBorrow

The Most Sinful City in the U.S. Is … (Hint: It’s Not Vegas)Family

The True Cost of Bad CreditCredit & Debt

10 Companies With the Best 401(k) PlansGrow

This Scam Now Tops ID Theft as the No. 2 Consumer ComplaintFamily

6 Stores With Awesome Reward ProgramsFamily

6 Ways to Save More at Lowe’s and The Home DepotSave

6 Healthful Treats for Your DogFamily

New Study Ranks the Best States in the U.S.Family

Thousands of Millionaires Moving to 1 Country — and Leaving AnotherGrow

Strapped for College Costs? How to Get the Most From FAFSABorrow

6 Overlooked Ways to Save at Chick-fil-AFamily

Ask Stacy: What’s the Fastest Way to Pay Off My Mortgage?Borrow

Where to Sell Your Stuff for Top DollarAround The House

8 Ways to Get a Good Price on a Shiny New AutoCars

Ask Stacy: How Do I Start Over?Credit & Debt

Secret Cell Plans: Savings Verizon, AT&T, T-Mobile and Sprint Don’t Want You to Know AboutFamily

30 Awesome Things to Do in RetirementCollege

14 Super Smart Ways to Save on TravelSave

The Rich Prefer Modest Cars — Should You Join Them?Cars

You’ll Soon Pay More to Shop at CostcoSave

10 Ways to Save When Your Teen Starts DrivingFamily

The Heartbleed bug is now fixed, and companies are racing to install the patch. But how many more security threats can consumers endure?

This post comes from Bob Sullivan at partner site Credit.com.

This one really hurts. In the past few months, consumers have been deluged with one reason after another to fear technology and transactions. Target. Neiman Marcus. Michaels. Millions of stolen credit cards. Millions of passwords leaked and lost by Adobe.

Net users are used to, and perhaps growing numb to, the constant bad news.

But Heartbleed is different. The most recent scary Internet disaster is much worse than a compromised bank account. Heartbleed turns the very thing that was supposed to keep us safe into our worst technology nightmare. It’s a little like learning that every cop in your city is really working for the mob. Perhaps better said, it’s like learning that every store you give your credit card to is really a hacker out to steal it.

What are we supposed to do now? And I don’t mean reset your password, which is a lovely thing to do, but it may help and it may hurt you in this situation, and it doesn’t actually help with the real problem: Trust. If consumers finally lose trust in our transaction systems, everybody loses. Even the hackers.

“This is the last thing consumers need in the wake of the Target breach and all the other security breaches we have been hearing about,” said Avivah Litan, the security analyst at Gartner Group who is the loudest voice you’ll hear when there is a big data leak.

To review, Heartbleed is a flaw in the encryption technology used to keep data safely scrambled while it flies around the Internet. You know of it mostly because of those little locks that appear next to Web addresses in your browser.

A technology that is designed to keep encrypted connections open over time — by sending a regular “heartbeat” message that lets one computer tell another “I’m still here” — was instead a hacker’s best friend. Researchers figured out they could craft a heartbeat message that tricked a server into sending back every kind of data it stored.

The heartbeat could be made to bleed data. That includes credit cards and passwords, but even worse, it even includes encryption keys. A bit like the ominous hacker movie “Sneakers,” the Heartbleed bug truly meant an end to secrets online.

Chipping away

The Heartbleed code is now fixed, and companies are racing to install the fix, and consumers are stumbling through changing passwords and doing the usual “have I been robbed?” inventory on their bank accounts.

Crisis averted. This time. (Aside: If you have already changed your passwords, you should really change them again in about a month, because there’s no way to know if you updated your security while a hacker still controlled the website you logged into.)

The question has to be asked: How many times can we warn consumers to check their bank account statements carefully? Hanging over the Heartbleed incident, and Target before it, is a dark feeling that the whole thing might not be safe. Consumers always react to large credit card hacks by saying they will now buy with cash. Most of the time, data shows, they don’t mean it. But Target had to admit last quarter that its revenue was materially impacted by the credit card incident. This is getting serious.

In the credit card world, the response to Target was straightforward. Journalists discovered that U.S. credit cards were a decade behind the times, and folks started pushing to add computer chips to our old-fashioned plastic, using a technology known as EMV.

Of course, if EMV was so great, U.S. card issuers would have installed the chips 10 or even 15 years ago. Folks who know credit card security will admit privately that moving to EMV isn’t really much of a solution; fraudsters can just move to other kinds of credit card fraud the chips can’t stop. But there is still a very good reason to add the chips.


EMV will make shoppers feel better. That’s not a placebo. Trust is a very real thing. In fact, it’s the only thing.

If — when? — consumers finally get fed up by all the bad news, and a real trust gap arises, lots of people are going to lose lots of money. When a consumer pays for something with a $20 bill instead of swiping a card, at least four different entities miss out on getting a cut of that transaction.

Trust means you don’t think, you just pull out your plastic. A trust gap means, perhaps, you don’t bother logging into that website and changing your password. You simply go somewhere else.

In other words, trust is basically the currency of our time. A tipping point on trust would create the equivalent of a run on a bank during a currency crisis. Lack of trust can snowball. With each “withdrawal,” the trust gap only grows.

What it will take to rebuild

In the credit card world, only comprehensive changes to the entire, end-to-end system of payments will really take a bite out of crime. I recently spoke to Visa’s chief risk officer, Ellen Richey, who told me that a move to chip cards should be accompanied by new technology that makes online credit card fraud more difficult.

We don’t need to plug a hole in the dam with our thumb; we need a new dam.

This same thinking needs to govern online transactions, and privacy in general. It’s terrible that folks around the world are being told, in rather panicked tones, “CHANGE ALL YOUR PASSWORDS!” But it’s even more terrible that most of our digital and financial lives are guarded only by 50-year-old technology involving eight upper- or lower-case letters and maybe a number or two.

Two years ago, after a series of high-profile password list leaks from sites like LinkedIn, experts proclaimed the password dead. Heartbleed proves it’s more like a vampire that seems to live forever and come out to threaten us once in a while.

Litan, the Gartner analyst, actually has some good news about Heartbleed. Remember, this is a flaw discovered by good guys, not an active crime (like Target). That means the damage can be contained, and she thinks it will be. This time.

“I don’t think this is an uncontrollable disaster,” she said. “It’s manageable and as long as the companies who use this version of Open SSL act responsibly – i.e., patch and secure their systems and ask users to change passwords – we are OK. There is no evidence that the criminals have used this attack vector yet. And if these security steps are taken and upgrades are made – they won’t be able to.”

So, there’s no run on the trust bank this time. But I guarantee that consumer patience is not infinite. We can only come up with so many variations of our pets’ names. Tokens? Fingerprints? Disposable passcodes? Something needs to change before we ask users to invent new passwords one time too many, and the trust gap swallows up the whole thing.

This story is an Op/Ed contribution to Credit.com and does not necessarily represent the views of the company or its affiliates.

More on Credit.com:

Stacy Johnson

It's not the usual blah, blah, blah

I know... every site you visit wants you to subscribe to their newsletter. But our news and advice is actually worth reading! For 25 years, I've been making people richer without making their eyes glaze over. You'll be glad you did. I guarantee it!


Read Next: 5 Easy Ways to Save on Your Cell Phone Bill

Check Out Our Hottest Deals!

We're always adding new deals and coupons that'll save you big bucks. See the deals to the right and hundreds more in our Deals section.

Click here to explore 2,062 more deals!