Now this could be interesting. Express Scripts is offering $1,000,000 reward for information leading to the arrest and conviction of the attacker trying to blackmail them. That is a lot of Ameros.

If this works, then we can expect to see a lot more of it. If it doesn't then perhaps we will see a lot more blackmail?

Specifically, two-factor authentication for Citrix Web Interface. The article doesn't say if Web Interface supports radius, but a quick google search seems to indicate it does. This configuration seems exactly the same as setting up WiKID and Citrix Access Gateway.

According to Security Fix Visa is going to enforce PCI DSS in Europe:

Visa Inc. on Monday dramatically expanded its credit and debit card security requirements to retailers in Europe, an unexpected move that could be a financial boon to security auditing companies, but a huge cost for European merchants already feeling the pinch from the global financial crisis.

One of our customers, Online Banking Solutions offers banks and financial institution software for commercial account management. They have embedded WiKID for two-factor and mutual https authentication in both the server side and on their optional client. The combined client facilitates the initial validation process, performs session authentication using the one-time passcode and performs mutual https authentication to prevent MITM attacks.

The product is a single-sign on solution that aggregates access to the numerous applications a single corporate banker might use:

This new feature of the Secure Desktop client enables the bank to package the desktop with a pre-determined list of web sites to be accessed with the embedded web browser. While the user can move back and forward, refresh the page or even detach the browser for better viewing, no web URL can be entered into the embedded browser.

This capability, when coupled with the OBS WiKID two-factor authentication, can be used to provide a bank single sign-on (SSO) service for multiple bank web applications.

And here's a screen shot of the combined client showing the OTP:

OBS uses the Java network client that comes with the server. We also have network clients for C#, PHP, Ruby and Python

The WiKID Strong Authentication System - Community Edition is #38 in the 50 Must-Have Open Source Tools for Security.

Hat tip: Securology.

Kaspersky Labs has an updated analysis of banking attacks. You should read the whole thing, but I'll point out this section of the conclusion:

Nonetheless, there is a fundamental problem with two-factor authentication, namely that though the session may be secure, whatever happens during that session goes unchecked. In order to increase security, some additional form of communication, such as the use of a cryptographic token or SMS messages (already implemented by some financial institutions) is required. SMS messages could set limits on the lifetime of the TAN, the account numbers being accessed and the maximum permissible transaction amount.

Obviously there is a potential downside to the method detailed above: it could lead to virus writers creating malware to run on the devices which receive the SMS messages. A cryptographic token is therefore a better solution as it's not possible to install any additional software on such a token. Ideally, it would have separate algorithms for both logging on to a site and signing a transaction.