4) Force consumers to take security seriously. You’ve probably seen stories about the most commonly-used passwords: the word “password” and “1,2,3,4,” etc. That has to stop. Online commerce sites, including those of the credit card companies, should make consumers change passwords at least once a year. If they don’t, their access to the site should be blocked or revoked. That might really bother some consumers, but having their identities stolen could be much, much worse.