Search the web
Welcome, Guest
[Sign Out, My Account]
EDGAR_Online

Quotes & Info
Enter Symbol(s):
e.g. YHOO, ^DJI
Symbol Lookup | Financial Search
VDSI > SEC Filings for VDSI > Form 10-K on 12-Mar-2014All Recent SEC Filings

Show all filings for VASCO DATA SECURITY INTERNATIONAL INC

Form 10-K for VASCO DATA SECURITY INTERNATIONAL INC


12-Mar-2014

Annual Report


Item 7 - Management's Discussion and Analysis of Financial Condition and Results of Operations

(in thousands, except head count, ratios, time periods and percentages)

Unless otherwise noted, references in this Annual Report on Form 10-K to "VASCO", "company", "we", "our", and "us" refer to VASCO Data Security International, Inc. and its subsidiaries.

Cautionary Note Regarding Forward-Looking Statements

This Annual Report on Form 10-K, including Management's Discussion and Analysis of Financial Condition and Results of Operations and Quantitative and Qualitative Disclosures About Market Risk contains forward-looking statements within the meaning of Section 21E of the Securities Exchange Act of 1934, as amended and Section 27A of the Securities Act of 1933, as amended concerning, among other things, our expectations regarding the prospects of, and developments and business strategies for, VASCO and our operations, including the development and marketing of certain new products and services and the anticipated future growth in certain markets in which we currently market and sell our products and services or anticipate selling and marketing our products or services in the future. These forward-looking statements (1) are identified by use of terms and phrases such as "expect", "believe", "will", "anticipate", "emerging", "intend", "plan", "could", "may", "estimate", "should", "objective", "goal", "possible", "potential", "projected" and similar words and expressions, but such words and phrases are not the exclusive means of identifying them, and
(2) are subject to risks and uncertainties and represent our present expectations or beliefs concerning future events. VASCO cautions that the forward-looking statements are qualified by important factors that could cause actual results to differ materially from those in the forward-looking statements. Factors that could cause actual results to differ materially from those contemplated above include, among others, our ability to integrate and effectively sell Cronto's technology, our ability to recover amounts held in escrow related to our acquisition of DigiNotar and unanticipated costs associated with DigiNotar's bankruptcy or potential claims that may arise in connection with the hacking incidents at DigiNotar. These additional risks, uncertainties and other factors have been described in greater detail in this Annual Report on Form 10-K and include, but are not limited to, (a) risks specific to VASCO, including, demand for our products and services, competition from more established firms and others, pressures on price levels and our historical dependence on relatively few products, certain suppliers and certain key customers, (b) risks inherent to the computer and network security industry, including rapidly changing technology, evolving industry standards, increasingly sophisticated hacking attempts, increasing numbers of patent infringement claims, changes in customer requirements, price competitive bidding, and changing government regulations, and (c) risks of general market conditions, including currency fluctuations and the uncertainties resulting from turmoil in world economic and financial markets. Thus, the results that we actually achieve may differ materially from any anticipated results included in, or implied by these statements. Except for our ongoing obligations to disclose material information as required by the U.S. federal securities laws, we do not have any obligations or intention to release publicly any revisions to any forward-looking statements to reflect events or circumstances in the future or to reflect the occurrence of unanticipated events.

General

The following discussion is based upon our consolidated results of operations for the years ended December 31, 2013, 2012 and 2011 (percentages in the discussion, except for returns on average net cash balances, are rounded to the closest full percentage point) and should be read in conjunction with our consolidated financial statements included elsewhere in this Annual Report on Form 10-K.

We design, develop, market and support open standards-based hardware and software security systems that manage and secure access to information assets. We also design, develop, market and support patented strong user authentication products and services for e-business and e-commerce. Our products enable secure financial transactions to be made over private enterprise networks and public networks, such as the internet. Our strong user authentication is delivered via our hardware and software DIGIPASS security products, many of which incorporate an electronic and digital signature capability, which further protects the integrity of electronic transactions and data transmissions. Some of our DIGIPASSES are compliant with the Europay MasterCard Visa


Table of Contents

("EMV") standard and are compatible with the MasterCard and VISA Chip Authentication Program ("CAP"). Some of our DIGIPASSES comply with the Initiative for Open Authentication ("OATH"). As evidenced by our current customer base, most of our products are purchased by businesses and, depending on the application, are distributed to either their employees or their customers. Those customers may be other businesses or, as an example in the case of internet banking, our customer banks' corporate and retail customers. In future years, we expect that our customers will increasingly use our cloud-based service offering, DIGIPASS as a Service ("DPS") or MYDIGIPASS.COM ("MDP") or together ("DPS/MDP") as described below.

Our target market is any business process that uses some form of electronic interface, particularly the internet, where the owner of that process is at risk if unauthorized users can gain access to its process and either obtain proprietary information or execute transactions that are not authorized. Our products can not only increase the security associated with accessing the business process, thereby reducing the losses from unauthorized access, but also, in many cases, can reduce the cost of the process itself by automating activities that were previously performed manually.

We offer our products either through: (a) a product sales and licensing model or
(b) through our services platform, which includes both our DPS product offering, which was first made available in the fourth quarter of 2010, and our MDP product offering, which was introduced in April 2012. DPS/MDP is our cloud-based authentication platform. Our product license and sales model is expected to be used in situations where the application owner wants to control all of the critical aspects of the authentication process. We expect that our services platform will be used by: (a) companies lacking technical resources or expertise to implement a full authentication process or preferring to focus their primary attention on other aspects of their business rather than on the authentication process or (b) consumers that are aware of the dangers posed by identity theft.

By using our DPS/MDP authentication platform, business customers can deploy two-factor authentication more quickly, incur less upfront costs and be able to use strong authentication when logging onto a larger number of internet sites and applications. We expect those applications using DPS/MDP to include B2B applications and B2E applications (e.g., employees of companies logging into third party applications operated in the cloud). We believe that corporations or application service providers will pay us a fee based on either the number of users accessing their application through our platform or the number of authentication clicks consumed by their users when accessing their application.

While there were minimal revenues generated from the services platform to date, we expect that DPS/MDP will start making a contribution in 2014. We believe that DPS/MDP has the potential for significant future growth as it will make two-factor authentication more affordable and readily available to users and application markets.

In January 2011, we acquired an internet trusted certificate authority/provider, in a two-step process. In the first step, we acquired all of the intellectual property of DigiNotar Holding B.V. and its subsidiaries. In the second step we acquired 100% of the stock of DigiNotar B.V. and DigiNotar Notariaat B.V. (collectively, "DigiNotar"). In July 2011, DigiNotar B.V. detected an intrusion into its Certificate Authority (CA) infrastructure, which resulted in the fraudulent issuance of public key certificate requests for a number of domains. On September 14, 2011, the Dutch Independent Post and Telecommunications Authority (OPTA) Commission terminated the registration of DigiNotar B.V. as a certification service provider that issues qualified certificates. As a result of the termination of its registration as a certification service provider, DigiNotar B.V. filed for bankruptcy and the Haarlem District Court, The Netherlands declared DigiNotar B.V. bankrupt on September 20, 2011.

Following the bankruptcy of DigiNotar B.V., we have not and do not plan to participate in the certificate authority business, which was DigiNotar B.V.'s core product. We have, however, been able to use the intellectual property acquired from DigiNotar and DigiNotar Holding B.V. to create our own PKI-secured applications, such as document signing, registration and storage solutions, which we believe have strengthened our core authentication product line and expanded opportunities for us on our DPS/MDP platform.


Table of Contents

In April 2011, we acquired Alfa & Ariss, an authority in the field of developing open identity and access management solutions. Alfa & Ariss brought additional important know-how and engineering capabilities in the fields of linking applications in the cloud. We believe that the acquisition of Alfa & Ariss will support the long-term growth strategy of our services and enterprise and application security businesses.

In May 2013, we acquired Cronto, a provider of secure visual transaction authentication solutions for online banking. Using the patented Cronto technology, customers can establish a secure optical communication channel with their client and display the details of a transaction in an encrypted graphical cryptogram consisting of a matrix of colored dots, which are displayed on the end user's screen. Account holders can simply "scan" the image with our device to verify the transaction details and respond with an electronic signature, if needed. We believe that the acquisition of Cronto will support the long-term growth strategy of all of our businesses.

Industry Growth: We do not believe that there are any accurate measurements of the total industry's size or the industry's growth rate. We believe, however, that the industry using our product sales and licensing model will grow at a significant rate as the use of the internet increases and the awareness of the risks of using the internet become more prevalent among application owners. We also believe that a market will develop for our cloud-based service offering and grow at a significant rate as business owners and consumers become more aware of the risks involved in conducting business over the internet. We expect that growth will be driven by new government regulations, growing awareness of the impact of identity theft, and the growth in commerce that is transacted electronically. The issues driving the growth are global issues and the rate of adoption in each country is a function of that country's culture, the competitive position of businesses operating in that country, the country's overall economic conditions and the degree to which businesses and consumers within the country use technology.

Economic Conditions: Our revenue may vary significantly with changes in the economic conditions in the countries in which we currently sell products. With our current concentration of revenue in Europe and specifically in the banking/finance vertical market, significant changes in the economic outlook for the European Banking market may have a significant effect on our revenue.

There continues to be significant global economic uncertainty, including Europe, our most important market. While it appears that circumstances that led to the sovereign debt crisis have abated, many significant economic issues have not been addressed fully. As a result, we expect that Europe will continue to face difficult economic conditions in 2014. We believe that the current economic conditions in Europe may limit our growth opportunities in the Enterprise and Application Security market, but do not expect that the economic conditions will have a significant impact on the Banking market. Should the sovereign debt issue escalate, especially to the point that a country defaults on its debt or the European Union, or Euro Monetary Union, either disbands or is re-formulated, we expect that the resulting economic difficulties would have a major negative impact on the global economy, not just the economies of Western Europe, and our business.

Cyber security: Our use of technology is increasing and is critical in three primary areas of our business:

1. Software and information systems that we use to help us run our business more efficiently and cost effectively;

2. The products we have traditionally sold and continue to sell to our customers for integration into their software applications contain technology that incorporates the use of secret numbers and encryption technology; and

3. Products and services, such as DPS/MDP, providing authentication services through our servers (or in the cloud from our customers' perspective).

We believe that the risks and consequences of potential incidents in each of the above areas are different.


Table of Contents

In the case of the information systems we use to help us run our business, we believe that an incident could disrupt our ability to take orders or deliver product to our customers, but such a delay in these activities would not have a material impact on our overall results. To minimize this risk, we actively use various forms of security and monitor the use of our systems regularly to detect potential incidents as soon as possible.

In the case of products that we have traditionally sold, we believe that the risk of a potential cyber incident is minimal. We offer our customers the ability to either create the secret numbers themselves or have us create the numbers on their behalf. When asked to create the numbers, we do so in a secure environment with limited physical access and store the numbers on a system that is not connected to any other network, including other VASCO networks, and similarly, is not connected to the internet.

In the case of our new products and services, which involve the active daily processing of the secret numbers on our servers or servers managed by others in a hosted environment, we believe a cyber incident could have a material impact on our future business. We also believe that these products may be more susceptible to cyber attacks than our traditional products since it involves the active processing of transactions using the secret numbers. While we do not have a significant amount of revenue from these products today, we believe that these products have the potential to provide substantial future growth. A cyber incident involving these products in the future could substantially impair our ability to grow the business and we could suffer significant monetary and other losses and significant reputational harm.

To minimize the risk, we review our security procedures on a regular basis. Our reviews include the processes and software programs we are currently using as well as new forms of cyber incidents and new or updated software programs that may be available in the market that would help mitigate the risk of incidents. While we do not have insurance of any kind against cyber incidents today, we would likely review insurance policies related to our new product offering in the future. Overall, we expect the cost of securing our networks will increase in future periods, whether through increased staff, systems or insurance coverage.

In July 2011, we experienced a cyber incident related to DigiNotar B.V. We expect that there are likely to be other hacking attempts intended to impede the performance of our products, disrupt our services and harm our reputation as a company, as the processes used by computer hackers to access or sabotage technology products, services and networks are rapidly evolving. As discussed above, our business could be subject to significant disruption, and we could suffer monetary and other losses and reputational harm, in the event of such incidents.

While we did not experience any cyber incident in 2013 or 2012 that had a significant impact on our business or receive any significant claims in 2013 or 2012 related to the bankruptcy of DigiNotar in 2011, it is possible that we could receive a claim or could experience an incident in 2014, which could result in unanticipated costs.

Our losses from discontinued operations resulting from the these events may be exceeded as a result of unanticipated costs associated with DigiNotar B.V.'s bankruptcy, potential claims that may arise in connection with the hacking incidents, further impairment of our investment in DigiNotar, the timeframe in which the impairment costs will be incurred or our inability to recover amounts held in escrow relating to our acquisition of DigiNotar.

See Note 3 to the financial statements for additional information associated with a cyber security incident involving DigiNotar B.V. that we experienced in July 2011. See also Part I, Item 3 - Legal Proceedings for a description of legal proceedings related to the cyber security incident in 2011.

Income Taxes: Our effective tax rate reflects our global structure related to the ownership of our intellectual property ("IP"). All our IP is owned by two subsidiaries, one in the U.S. and one in Switzerland. These two subsidiaries have entered into agreements with most of the other VASCO entities under which those


Table of Contents

other entities provide services to our U.S. and Swiss subsidiaries on either a percentage of revenue or on a cost plus basis or both. Under this structure, the earnings of our service provider subsidiaries are relatively constant. These service provider companies tend to be in jurisdictions with higher effective tax rates. Fluctuations in earnings tend to flow to the U.S. company and Swiss company. Earnings flowing to the U.S. company are expected to be taxed at a rate of 35% to 40%, while earnings flowing to the Swiss company are expected to be taxed at a rate ranging from 8% to 12%.

With the majority of our revenues being generated outside of the U.S., our consolidated effective tax rate is strongly influenced by the effective tax rate of our foreign operations. Changes in the effective rate related to foreign operations reflect changes in the geographic mix of where the earnings are realized and the tax rates in each of the countries in which it is earned. The statutory tax rate for the primary foreign tax jurisdictions ranges from 8% to 35%.

The geographic mix of earnings of our foreign subsidiaries will primarily depend on the level of our service provider subsidiaries' pretax income, which is recorded as an expense by the U.S. and Swiss subsidiaries and the benefit that is realized in Switzerland through the sales of product. The level of pretax income in our service provider subsidiaries is expected to vary based on:

1. the staff, programs and services offered on a yearly basis by the various subsidiaries as determined by management, or

2. the changes in exchange rates related to the currencies in the service provider subsidiaries, or

3. the amount of revenues that the service provider subsidiaries generate.

For items 1 and 2 above, there is a direct impact in the opposite direction on earnings of the U.S. and Swiss entities. Any change from item 3 is generally expected to result in a larger change in income in the U.S. and Swiss entities in the direction of the change (increased revenues expected to result in increased margins/pretax profits and conversely decreased revenues expected to result in decreased margins/pretax profits).

In addition to the provision of services, the intercompany agreements transfer the majority of the business risk to our U.S. and Swiss subsidiaries. As a result, the contracting subsidiaries' pretax income is reasonably assured while the pretax income of the U.S. and Swiss subsidiaries varies directly with our overall success in the market.

Currency Fluctuations. In 2013, approximately 93% of our revenue and approximately 82% of our operating expenses were generated/incurred outside of the U.S. In 2012, approximately 93% of our revenue and approximately 81% of our operating expenses were generated/incurred outside of the U.S. As a result, changes in currency exchange rates, especially the Euro to U.S. Dollar, can have a significant impact on revenue and expenses. To minimize the net impact of currency on operating earnings, we attempt to denominate an amount of billings in a currency such that it would provide a hedge against the operating expenses being incurred in that currency. If our revenue in Europe continues as it is now, where Euro-based operating expenses exceed Euro-denominated revenues, we do not expect that we will be able to balance fully the exposures of currency exchange rates on revenue and operating expenses. In periods in which the U.S. Dollar is weakening, we expect that our operating income will increase as a result of the change in currency exchange rates. Conversely, in periods in which the U.S. Dollar is strengthening, we expect that our operating income will decrease as a result of the change in currency exchange rates.

In 2013 compared to 2012, the U.S. Dollar, on average, weakened approximately 3% against the Euro and strengthened approximately 7% against the Australian Dollar. In 2012 compared to 2011, on average, the U.S. Dollar strengthened approximately 9% against the Euro, but was essentially flat against the Australian Dollar. We estimate that the net impact of the change in currency rates in 2013 compared to 2012 resulted in an increase in revenue of approximately $708 and an increase in operating expenses of $1,280. We also estimate that the change in currency rates in 2012 compared to 2011 resulted in a decrease in revenue of approximately $4,005 and a decrease in operating expenses of $4,553.


Table of Contents

The financial position and the results of operations of most of our foreign subsidiaries, with the exception of our subsidiaries in Switzerland and Singapore, are measured using the local currency as the functional currency. Accordingly, assets and liabilities are translated into U.S. Dollars using current exchange rates as of the balance sheet date. Revenues and expenses are translated at average exchange rates prevailing during the year. Translation adjustments arising from differences in exchange rates generated other comprehensive income of $1,906 and $1,677 in 2013 and 2012, respectively, and a loss of $2,120 in 2011. These amounts are included as a separate component of stockholders' equity. The functional currency for both our subsidiaries in Switzerland and Singapore is the U.S. Dollar.

Gains and losses resulting from foreign currency transactions are included in the consolidated statements of operations as other non-operating income/expense. In 2013, 2012 and 2011, we reported foreign exchange transaction losses of $624, $410 and $760, respectively.

Revenue

Revenue by Geographic Regions: We classify our sales by customers' location in four geographic regions: 1) EMEA, which includes Europe, the Middle East and Africa; 2) the United States, which for our purposes includes sales in Canada;
3) Asia Pacific Rim; and 4) Other Countries, including Australia, Latin America and India. The breakdown of revenue in each of our major geographic areas was as follows:

                     Europe, Middle
                      East, Africa         United         Asia           Other
      Year               (EMEA)            States       Pacific        Countries         Total
Total Revenue:
2013                $         95,794      $ 11,781      $ 27,356      $    20,116      $ 155,047
2012                          94,992        11,143        32,783           15,111        154,029
2011                         111,575        16,025        14,738           25,744        168,082
Percent of Total:
2013                              62 %           7 %          18 %             13 %          100 %
2012                              62 %           7 %          21 %             10 %          100 %
2011                              66 %          10 %           9 %             15 %          100 %

2013 Compared to 2012

Total revenue in 2013 increased $1,018 (or 1%) from 2012. The increase in total revenue was primarily attributable to an increase in non-hardware products sold to the Banking market and the strengthening of the Euro as compared to the U.S. Dollar, as noted above, partially offset by a decrease in hardware products sold to the both the Banking and Enterprise and Application Security markets. Please see the discussion below under "Revenue by Target Market" for additional information regarding the changes in revenue from the Banking market and the Enterprise and Application Security market.

Revenue generated in EMEA for the full-year 2013 was $802 (or 1%) higher in 2013 than in 2012. The increase reflected an increase of approximately 2% in revenue from the Banking market partially offset by a decrease of 3% in revenue from the Enterprise and Application Security market. We estimate that the change in currency rates increased revenues in EMEA by $1,080 compared to 2012. Had currency exchange rates in 2013 remained unchanged from 2012, revenues in EMEA would have been less than 1% lower than in full-year 2012.

Revenue generated in the United States for the full-year 2013 was $638 (or 6%) higher in 2013 than in 2012. Revenue was approximately 9% higher in the Banking market, but flat in the Enterprise and Application Security market when compared to the revenue for full-year 2012. In 2013, the U.S. market continued to defer the adoption of two factor authentication for retail internet banking applications. The results in the U.S. also reflected strong competition, especially in the Enterprise and Application Security market.


Table of Contents

Revenue generated in Asia Pacific for the full-year 2013 was $5,427 (or 17%) lower in 2013 than in 2012. Revenue was approximately 22% lower in the Banking market and 55% higher in the Enterprise and Application Security market when compared to the revenue for full-year 2012. We believe the region offers substantial opportunities for future growth as our sales offices in Japan and Beijing mature and the two-factor authentication market expands.

Revenue generated in other countries for the full-year 2013 was $5,005 (or 33%) higher in 2013 than in 2012. Revenue in other countries was approximately 53% higher in the Banking market and 58% lower in the Enterprise and Application Security market when compared to the revenue for full-year 2012. We estimate that the change in currency rates decreased revenues in other countries by $301 compared to 2012 due in large part to the strengthening of the U.S. Dollar . . .

  Add VDSI to Portfolio     Set Alert         Email to a Friend  
Get SEC Filings for Another Symbol: Symbol Lookup
Quotes & Info for VDSI - All Recent SEC Filings
Copyright © 2014 Yahoo! Inc. All rights reserved. Privacy Policy - Terms of Service
SEC Filing data and information provided by EDGAR Online, Inc. (1-800-416-6651). All information provided "as is" for informational purposes only, not intended for trading purposes or advice. Neither Yahoo! nor any of independent providers is liable for any informational errors, incompleteness, or delays, or for any actions taken in reliance on information contained herein. By accessing the Yahoo! site, you agree not to redistribute the information found therein.