VASCO Investor Presentation - July 29, 2015

© 2015 - VASCO Data Security

`

© 2015 - VASCO Data Security CONFIDENTIAL

Forward Looking Statements

Statements made in this presentation that relate to future plans, events or performances are forward-

looking statements within the meaning of Section 21e of the Securities Exchange Act of 1934 and

Section 27A of the Securities Act of 1933. These forward-looking statements (1) are identified by use

of terms and phrases such as “expect”, “believe”, “will”, “anticipate”, “emerging”, “intend”, “plan”,

“could”, “may”, “estimate”, “should”, “objective”, “goal”, “possible”, “potential”, “project” and similar

words and expressions, but such words and phrases are not the exclusive means of identifying them,

and (2) are subject to risks and uncertainties and represent our present expectations or beliefs

concerning future events. VASCO cautions that the forward-looking statements are qualified by

important factors that could cause actual results to differ materially from those in the forward-looking

statements. These risks, uncertainties and other factors that have been described in our Annual

Report on Form 10-K for the year ended December 31, 2013 and include, but are not limited to, (a)

risks of general market conditions, including currency fluctuations and the uncertainties resulting from

turmoil in world economic and financial markets, (b) risks inherent to the computer and network security

industry, including rapidly changing technology, evolving industry standards, increasingly sophisticated

hacking attempts, increasing numbers of patent infringement claims, changes in customer

requirements, price competitive bidding, and changing government regulations, and (c) risks specific to

VASCO, including, demand for our products and services, competition from more established firms and

others, pressures on price levels and our historical dependence on relatively few products, certain

suppliers and certain key customers. Thus, the results that we actually achieve may differ materially

from any anticipated results included in, or implied by these statements. Except for our ongoing

obligations to disclose material information as required by the U.S. federal securities laws, we do not

have any obligations or intention to release publicly any revisions to any forward-looking statements to

reflect events or circumstances in the future or to reflect the occurrence of unanticipated events.

2


Company Overview

VASCO is a global leader in strong authentication, digital signatures,

and identity management solutions specializing in securing financial

transactions and protecting access to data and applications.

3


Listed on NASDAQ in 1997

21% Compound Annual Growth Rate in

Revenues from 2004-2014

50 Consecutive Quarters of Profitability

Company Overview

4


10,000+ Customers in more than 100 Countries,

More than half of the top 100 Global Banks

and 1,700+ Financial Institutions rely on VASCO

More than 200 Million Authenticators Sold

Company Overview

5


Global Company

VASCO HQ

VASCO Offices

VASCO Sales

6


Financial Institution Customers

- The world leader in two-factor authentication and

transaction signing for financial institutions.

- More than half of the top 100 global banks rely on

VASCO solutions

- More than 1,700 banking customers

7


- Frequency and sophistication of attacks has increased

- High-profile breaches have brought security

to the C-level and Board of Directors

- Regulations to protect consumer

transactions and personal privacy

- Mobile is becoming the device of choice

- Increasing demand for transparent security

Key Growth Drivers

8


"Two out of three attacks focus

on [login] credentials at some

point in the attack." Verizon Data Breach

Investigations Report

The Role of Authentication

Why Authentication?

• Data breaches are up 49%(1)

• Authentication protects against the newest attacks

• Authentication is easy to implement and use(1) The Breach Level Index, released February, 2015.

9


VASCO Innovation Timeline

19881st DIGIPASS

“Access Key”

19891st DIGIPASS

with Keypad

2002VACMAN

Controller

2004DIGIPASS GO 3

1st 1-button token

2005IDENTIKEY

SERVER

2005DIGIPASS 810

EMV card reader

2006DIGIPASS 905

1st connected

Card reader

2007DIGIPASS 270

1st thin form

Token w/keypad

2008DP for Mobile

Soft token

for phones

The First 20 Years:

1991DIGIPASS 550

with e-Signature

10

2011DIGIPASS 920

Connected reader

for e-Government


2014Rabo Scanner

Card reader with

Cronto technology

2014DIGIPASS for Apps

with Cronto

technology

VASCO Innovation Timeline


SDK for integration

into applications

2012DIGIPASS 320

1st Authenticator

with WYSIWYS

2013DIGIPASS 870

1st dual mode

e-Gov’t reader

2015IDENTIKEY

Risk Manager

Anti-fraud

solution

2013DIGIPASS 760

1st token with

Cronto technology

11

2014DIGIPASS Bluetooth

Smart-enabled

Authenticators


with RASP

Application Protection

The Last 3 Years:


Host System

• VACMAN Controller: All VASCO authentication technologies in a

unified backend platform.

• IDENTIKEY Authentication Server: Centralized server with

complete functionality.

• Cloud Services: Authentication services hosted by VASCO.

Client Authenticators

• DIGIPASS: Industry-leading hardware and software authenticators.

Developer Tools

• DIGIPASS for Apps: Software development kit (SDK) for native

integration of application security.

VASCO Product Offerings

12


Market Segments

Enterprise Security:

• Remote access

• Employee network access

Application Security:

• Stand-alone application

• SDK for app integration

13

Banking Security:

• Commercial Accounts

• Retail Accounts

• Employee Access


Key Product Initiatives

Cronto

Technology

New Attack Methods Require Innovative Solutions

14

DIGIPASS

for Apps

DIGIPASS

Bluetooth-

smart

Intelligent

Fraud

Prevention

IDENTIKEY

Risk Manger


• Next generation HD Color QR Code

• Authentication and signature

capabilities with a high level of user

convenience

• Defeats Man-in-the-Middle attacks

• Fully supported by VACMAN and

IDENTIKEY

• Integrated into DIGIPASS for

Apps/Mobile or as a hardware device

Cronto Visual Authentication

15

DIGIPASS 760

SC Magazine

April, 2015



How it Works

16



How it Works

17


Mobile Application Protection

Growth in the market for mobile Apps

Source: Gartner

Estimated Mobile App Downloads Worldwide (in billions)

18

By 2017, mobile apps will be downloaded more than 268 billion times.



19

• Allows any developer to integrate security features

into their application.

• Developers focus

on their application

and outsource the

security to VASCO.

• Comprehensive

library of essential

security functions.

DIGIPASS for Apps/Mobile

SC Magazine

April, 2015

Current and future features

© 2015 - VASCO Data Security CONFIDENTIAL 20

Geolocation

OS Version

JailBreak &

Root Detection

Malware

PIN Activated

Clie

nt

Score

Polic

y

Score

Calc

ula

tion

OT

P Inje

ction

Clie

nt

Sid

e D

ecis

ion P

olic

y

Action 1

Action 2

Action 3

Action 4

Action 5

Action 6

…

1 2

3 4

Action 1

Action 2

Action 3

Action 4

Action 5

Action 6

…

Serv

er

Score

Polic

y

OT

P E

xtr

action

OT

P V

alid

ation

5 6

Conte

xt

Pla

tform

User


Intelligent Risk Scoring for Mobile Devices


• Eliminates the biggest hurdles to cloud adoption

• Boosts customer trust

• Security as a competitive differentiator

• Ease of implementation

• Provides a pay-as-you-grow approach

• Next step in DIGIPASS as a Service

Cloud-based Security for Application Developers


21


Bluetooth Smart-enabled

22

Bluetooth Smart enabled Authenticators

connect with almost any mobile user device

• Solves the problem of mobile devices with no USB port

• More convenient with no cables to connect

• Secure Bluetooth Smart-enabled connection

• Works in connected and unconnected mode


How it works:

IDENTIKEY Risk Manager

Source: Gartner

23

IDENTIKEY

Risk Manger


• Contextual analysis to apply the appropriate level of security

• Real-time analysis and intelligent decision engine focusing on:

• Web and mobile application login

• Financial transactions via online and mobile channels

• Monitoring non-monetary events such as change of address

• Identification of accounts that demonstrate abnormal characteristics

for the prevention of money laundering.

IDENTIKEY Risk Manager

Risk-Based Authentication and Fraud Prevention

24


Financial Information

Historical Overview

25


Revenue and Operating Income

Revenue Operating Incomein millions USD in millions USD

CAGR(revenue)

2004-2014

21%

26


Cash Balance and Net Working Capital

Net Cash Balance Net working capitalin millions USDin millions USD

27



Copyright

2015 VASCO Data Security. All rights reserved.

No part of this publication may be reproduced, stored in a retrieval system, or

transmitted, in any form or by any means, electronic, mechanical, photocopying,

recording, or otherwise, without the prior written permission of VASCO Data

Security.

Trademarks

VASCO®, VACMAN®, IDENTIKEY®, aXsGUARD®, DIGIPASS®, Cronto®,

DIGIPASS for Apps®, DIGIPASS for Mobile®, MYDIGIPASS ®

MYDIGIPASS.COM® and the ® logo are registered or unregistered

trademarks of VASCO Data Security, Inc. and/or VASCO Data Security

International GmbH in the U.S. and other countries

Copyright & Trademarks

29