OneSpan has reached a definitive agreement to acquire Build38, a European leader in mobile application protection, to strengthen its SDK-based mobile security capabilities for financial institutions facing escalating digital threats.
The acquisition, announced January 12, is designed to enhance OneSpan’s App Shielding portfolio by incorporating Build38’s software development kit–based approach to Runtime Application Self-Protection (RASP). The combined technologies are expected to provide deeper, in-app defenses against attacks targeting mobile applications and devices, while also delivering richer telemetry and threat intelligence from the mobile channel.
The deal comes as banks and financial institutions grapple with a sharp rise in mobile-centric attacks, many of them increasingly driven by artificial intelligence. As mobile apps remain the primary interface between banks and customers, security leaders are under pressure to protect digital channels without compromising user experience or operational efficiency.
OneSpan executives say the Build38 acquisition directly addresses that challenge by embedding advanced security controls directly into mobile applications, rather than relying solely on perimeter or backend defenses.
“Our goal is to provide leading financial institutions with the most complete protection for their customer interactions—covering strong authentication, transaction signing, application protection, and fraud detection,” said Victor Limongelli, CEO of OneSpan. “Build38’s technology already protects over 250 million endpoints. Its SDK enables banks to incorporate next-generation RASP protection within their mobile apps and provides more comprehensive data about the mobile devices and the threats facing them.”
Build38’s platform combines in-app protections with cloud-delivered services and AI-driven analysis to detect and respond to threats such as malware, tampering, and device compromise in real time. The company has been recognized as a Sample Vendor in the Gartner® Hype Cycle™ for Application Security, 2025, and is widely used across Europe to secure mobile identities, including EU Digital Identity (EUDI) wallets, healthcare applications, and citizen services.OneSpan plans to integrate Build38’s SDK-based RASP capabilities into its broader mobile security portfolio, extending protections beyond authentication and transaction security to include continuous, in-app defense and intelligence. Company officials say this will help financial institutions better understand device-level attack patterns while reducing fraud and risk across mobile channels.
“Build38 was founded to redefine mobile application security through next-generation RASP, combining cloud-delivered services and AI innovation,” said Dr. Christian Schläger, CEO of Build38. “Joining OneSpan will allow us to scale this vision globally and deliver best-in-class protection to banks and businesses that demand the highest security standards.”
The acquisition also reflects OneSpan’s broader strategy to expand its role as a full-spectrum digital security provider for financial services. Over the past year, the company has made several strategic moves to strengthen its portfolio. In June 2025, OneSpan acquired Nok Nok Labs to advance its passwordless authentication capabilities. Later, in October 2025, it announced a strategic investment in ThreatFabric to enhance fraud prevention and behavioral intelligence.
Together, these initiatives signal a shift toward more embedded, intelligence-driven security models that operate directly within customer-facing applications—particularly on mobile devices, where attackers increasingly focus their efforts.
The transaction is expected to close by March 2026, subject to regulatory approvals and customary closing conditions.