OneSpan announced it has signed a definitive agreement to acquire Build38, a mobile application protection company, in a move aimed at strengthening OneSpan’s SDK-based security capabilities for banks and other enterprises facing a surge in mobile-channel attacks.
OneSpan said the acquisition is intended to enhance its App Shielding offering by adding Build38’s software development kit approach that combines in-app defenses with cloud services and AI-driven techniques. The company said the combined capabilities will help organizations harden mobile applications against tampering, malware, and other threats while also generating additional device-level intelligence and telemetry to better detect and respond to attacks.
Mobile apps have become the primary interface for many consumers to access banking and financial services, increasing the stakes for institutions that must protect customers while keeping digital experiences fast and seamless. OneSpan pointed to accelerating mobile threats and the emergence of AI-enabled attack methods as key drivers behind the demand for layered security that can operate inside the application, coordinate with cloud controls, and adapt as threat patterns evolve.
A core element of the planned integration is Build38’s Runtime Application Self-Protection (RASP) approach, which embeds protection mechanisms directly into mobile applications. OneSpan said this would allow it to provide deeper in-app safeguards targeting both application-level attacks and device-centric threats, expanding what its customers can do to prevent fraud, detect compromise, and maintain trust in mobile interactions.
OneSpan CEO Victor Limongelli said the company’s broader objective is to provide end-to-end protection for customer-facing digital interactions, spanning authentication, transaction signing, application protection, and fraud detection. He added that Build38’s technology already protects more than 250 million endpoints and provides banks with the ability to integrate next-generation RASP protections directly into their mobile apps, along with more comprehensive visibility into device conditions and the threats targeting those environments.
Build38 CEO Dr. Christian Schläger said Build38 was created to reshape mobile application security by pairing next-generation RASP with cloud-delivered services and AI innovation, and that joining OneSpan would help scale that strategy globally for organizations with stringent security requirements.
OneSpan also highlighted Build38’s footprint in Europe and its work securing mobile identities, including European Digital Identity (EUDI) wallet use cases as well as healthcare and citizen-facing applications. The company said Build38’s compliance posture and experience with rigorous certifications would complement OneSpan’s product strategy as digital identity ecosystems expand and as regulators and enterprises push for stronger protections in high-risk mobile workflows.
The deal is expected to close by March 2026, subject to regulatory approvals and other customary closing conditions.
The announcement continues a series of moves by OneSpan to broaden its digital security platform. In June 2025, OneSpan acquired Nok Nok Labs Inc. to expand its passwordless authentication capabilities, and in October 2025 it announced a strategic investment in ThreatFabric to bolster fraud prevention tools. OneSpan framed the Build38 deal as another step toward delivering a more integrated mobile security stack for financial institutions seeking embedded, intelligence-driven defenses across the customer journey.
Build38, founded in 2019 as a spin-off of Giesecke+Devrient, provides mobile application security for industries including mobile banking and payments, SoftPOS, fintech, mobile ID, crypto wallets, automotive, and eHealth. The company has attracted strategic investments from G+D Ventures, eCAPITAL Entrepreneurial Partners, Criteria Venture Tech, and Tikehau Capital, according to the announcement.
OneSpan provides authentication, identity, electronic signature, and digital workflow solutions used to secure digital transactions and agreements. The company said it is used by more than 60% of the world’s 100 largest banks and supports digital agreements and multi-factor authentication transactions across more than 100 countries.
KEY QUOTES:
“Our goal is to provide leading financial institutions with the most complete protection for their customer interactions—covering strong authentication, transaction signing, application protection, and fraud detection. Build38’s technology already protects over 250 million endpoints. Its SDK enables banks to incorporate next-generation RASP protection within their mobile apps and provides more comprehensive data about the mobile devices and the threats facing them. As mobile threats surge and the market moves toward embedded security and AI-driven defenses, we believe this acquisition will position us ahead of the curve and validate our strategy to meet the evolving needs of our customers.”
Victor Limongelli, CEO, OneSpan
“Build38 was founded to redefine mobile application security through next-generation RASP, combining cloud delivered services and AI innovation. Joining OneSpan will allow us to scale this vision globally and deliver best-in-class protection to banks and businesses that demand the highest security standards.”
Dr. Christian Schläger, CEO, Build38
