After Heartbleed: are you vulnerable?

by Guest Contributor 3 min read May 2, 2014

The discovery of Heartbleed earlier this year uncovered a large-scale threat that exploits security vulnerability in OpenSSL posing a serious security concern.This liability gave hackers access to servers for many Websites and put consumers’ credentials and private information at risk. Since the discovery, most organizations with an online presence have been trying to determine whether their servers incorporate the affected versions of OpenSSL. However, the impact will be felt even by organizations that do not use OpenSSL, as some consumers could reuse the same password across sites and their password may have been compromised elsewhere.

The new vulnerabilities online and in the mobile space increase the challenges that security professionals face, as fraud education is a necessity for companies. Our internal fraud experts share their recommendation in the wake of the Heartbleed bug and what companies can do to help mitigate future occurrences. Here are two suggestions on howto prevent compromised credentials from turning into compromised accounts:

  1. Authentication
  2. Adopting layered security strategy

Authentication
The importance of multidimensional and risk-based authentication cannot be overstated. Experian Decision Analytics and 41st Parameter® recommend a layered approach when it comes to responding to future threats like the recent Heartbleed bug. Such methods include combining comprehensive authentication processes at customer acquisition with proportionate measures to monitor user activities throughout the life cycle.

"Risk-based authentication is best defined and implemented in striking a balance between fraud risk mitigation and positive customer experience," said Keir Breitenfeld, Vice President of Fraud Product Management for Experian Decision Analytics. "Attacks such as the recent Heartbleed bug further highlight the foundational requirement of any online business or agency applications to adopt multifactor identity and device authentication and monitoring processes throughout their Customer Life Cycle."

Some new authentication technologies that do not rely on usernames and passwords could be part of the broader solution. This strategic change involves the incorporation of broader layered-security strategy. Using only authentication puts security strategists in a difficult position since they must balance:

  • Market pressure for convenience (Note that some mobile banking applications now provide access to balances and recent transactions without requiring a formal login.)
  • New automated scripts for large-scale account surveillance.
  • The rapidly growing availability of compromised personal information.

Layered security
"Layered security through a continuously refined set of ‘locks’ that immediately identify fraudulent access attempts helps organizations to protect their invaluable customer relationships," said Mike Gross, Global Risk Strategy Director for 41st Parameter. "Top global sites should be extra vigilant for an expected rush of fraud-related activities and social engineering attempts through call centers as fraudsters try to take advantage of an elevated volume of password resets."

By layering security consistently through a continuously refined set of controls, organizations can identify fraudulent access attempts, unapproved contact information changes and suspicious transactions.

Learn more aboutfraud intelligence products and services from 41st Parameter, a part of Experian.

Related Posts

Explore how Experian Verify Hub is simplifying income and employment verification as Sophia Cheung shares insights on reducing complexity, improving data access, and helping organizations make faster, more confident decisions.

Published: July 3, 2026 by Ted Wentzel
How Union Credit Expands Access to Credit Unions with Experian

Discover how Union Credit and Experian help credit unions reach younger consumers through personalized digital lending experiences.

Published: July 1, 2026 by Scarlet.Nickel@experian.com
Faster Decisions, Better Outcomes: Experian Verify™ Now Available Through Centro, Mezzo’s Orchestration Engine 

Explore how Experian Verify™ and Mezzo’s Centro orchestration engine are helping mortgage lenders modernize income and employment verification, reduce workflow complexity, and make faster, more confident lending decisions at scale.

Published: July 1, 2026 by Lizel Ferrer