OneSpan acquires G+D spinoff Build38, will integrate RASP mobile security tech

Boston-based information security firm OneSpan Inc. has entered into a definitive agreement to acquire Build38, a Munich-headquartered mobile app security platform provider spun off from Giesecke+Devrient (G+D), covering EUDI wallets, healthcare and citizen applications.

A release says Build38’s platform, which enables in-app shielding, in-app monitoring and automated in-app reaction, is expected to enhance OneSpan’s App Shielding product and improve protection against attacks that target the mobile channel – now the primary way customers interact with their banks.

“Our goal is to provide leading financial institutions with the most complete protection for their customer interactions – covering strong authentication, transaction signing, application protection and fraud detection,” says Victor Limongelli, CEO of OneSpan.

With RASP, the defense is coming from inside the app

Specifically, OneSpan plans to integrate Build38’s advanced SDK-based approach to Runtime Application Self-Protection (RASP) to deliver deeper in-app protection that combines in-app, cloud, and machine learning-driven defenses. Coined by Gartner in 2012, RASP is a server-based technology that detects attacks by using runtime instrumentation to access information from inside the running software.

“Build38’s technology already protects over 250 million endpoints,” Limongelli says. “Its SDK enables banks to incorporate next-generation RASP protection within their mobile apps and provides more comprehensive data about the mobile devices and the threats facing them. As mobile threats surge and the market moves toward embedded security and AI-driven defenses, we believe this acquisition will position us ahead of the curve and validate our strategy to meet the evolving needs of our customers.”

Dr. Christian Schläger, CEO of Build38, says the firm was founded to redefine mobile application security through next-generation RASP. “Joining OneSpan will allow us to scale this vision globally and deliver best-in-class protection to banks and businesses that demand the highest security standards.”

String of acquisitions shows shift toward software

The Build38 deal is the latest in an active push by OneSpan (founded as VASCO) to expand its stake in mobile threat intelligence. In June 2025, the company acquired longtime partner Nok Nok Labs Inc., adopting FIDO biometric authentication across its platform for passwordless e-signatures and digital banking transactions. In October 2025, it made a strategic investment in Netherlands-based fraud detection firm ThreatFabric to bring more fraud prevention capabilities to the financial industry.

OneSpan’s acquisition of Build38 will give it further standing in the EU market. The deal is expected to close by March 2026, subject to regulatory approvals and other customary closing conditions. Financial terms have not been disclosed.

Article Topics

acquisitions  |  biometrics  |  Build38  |  digital identity  |  OneSpan  |  stocks