Item 7 - Management’s Discussion and Analysis of Financial Condition and Results of Operations

(in thousands, except head count, ratios, time periods and percents)

Unless otherwise noted, references in this Annual Report on Form 10-K to “ VASCO”, “company”, “we”, “our”, and “us” refer to VASCO Data Security International, Inc. and its subsidiaries.

Cautionary Note for Purposes of the Safe Harbor Provisions of the Private Securities Litigation Reform Act of 1995

This Annual Report on Form 10-K, including Management’s Discussion and Analysis of Financial Condition and Results of Operations and Quantitative and Qualitative Disclosures About Market Risk contains forward-looking statements within the meaning of Section 21E of the Securities Exchange Act of 1934, as amended and Section 27A of the Securities Act of 1933, as amended concerning, among other things, our expectations regarding the prospects of, and developments and business strategies for VASCO and our operations, including the development and marketing of certain new products and services and the anticipated future growth in certain markets in which we currently market and sell our products and services or anticipate selling and marketing our products or services in the future. These forward-looking statements (1) are identified by use of terms and phrases such as “expect”, “believe”, “will”, “anticipate”, “emerging”, “intend”, “plan”, “could”, “may”, “estimate”, “should”, “objective”, “goal”, “possible”, “potential” and similar words and expressions, but such words and phrases are not the exclusive means of identifying them, and (2) are subject to risks and uncertainties and represent our present expectations or beliefs concerning future events. VASCO cautions that the forward-looking statements are qualified by important factors that could cause actual results to differ materially from those in the forward-looking statements. These risks, uncertainties and other factors have been described in greater detail in this Annual Report on Form 10-K and include, but are not limited to, (a) risks of general market conditions, including currency fluctuations and the uncertainties resulting from turmoil in world economic and financial markets, (b) risks inherent to the computer and network security industry, including rapidly changing technology, evolving industry standards, increasingly sophisticated hacking attempts, increasing numbers of patent infringement claims, changes in customer requirements, price competitive bidding, and changing government regulations, and (c) risks specific to VASCO, including, demand for our products and services, competition from more established firms and others, pressures on price levels and our historical dependence on relatively few products, certain suppliers and certain key customers. Thus, the results that we actually achieve may differ materially from any anticipated results included in, or implied by these statements. Except for our ongoing obligations to disclose material information as required by the U.S. federal securities laws, we do not have any obligations or intention to release publicly any revisions to any forward-looking statements to reflect events or circumstances in the future or to reflect the occurrence of unanticipated events.

General

The following discussion is based upon our consolidated results of operations for the years ended December 31, 2012, 2011 and 2010 (percentages in the discussion, except for returns on average net cash balances, are rounded to the closest full percentage point) and should be read in conjunction with our consolidated financial statements included elsewhere in this Annual Report on Form 10-K.

We design, develop, market and support open standards-based hardware and software security systems that manage and secure access to information assets. We also design, develop, market and support patented strong user authentication products and services for e-business and e-commerce. Our products enable secure financial transactions to be made over private enterprise networks and public networks, such as the internet. Our strong user authentication is delivered via our hardware and software DIGIPASS security products (collectively “DIGIPASSES”), many of which incorporate an electronic and digital signature capability, which further protects the integrity of electronic transactions and data transmissions. Some of our DIGIPASSES are compliant with the Europay MasterCard Visa (“EMV”) standard and are compatible with MasterCard’s and VISA’s Chip Authentication Program (“CAP”). Some of our DIGIPASSES comply with the Initiative for Open Authentication (“OATH”). As evidenced by our current customer base, most of our products are purchased by companies and,

33

Table of Contents

depending on the business application, are distributed to either their employees or their customers. Those customers may be other businesses or, as an example in the case of internet banking, our customer banks’ corporate and retail customers. In future years, we expect that our customers will increasingly use our cloud-based service offering, DIGIPASS as a Service (“DPS”) or MYDIGIPASS.COM (“MDPC” or together, “DPS/MDPC”) as described below.

Our target market is any business process that uses some form of electronic interface, particularly the internet, where the owner of that process is at risk if unauthorized users can gain access to its process and either obtain proprietary information or execute transactions that are not authorized. Our products can not only increase the security associated with accessing the business process, thereby reducing the losses from unauthorized access, but also, in many cases, can reduce the cost of the process itself by automating activities that were previously performed manually.

We offer our products either through: (a) a product sales and licensing model, or (b) through our services platform, which includes both our DPS product offering, which was first made available in the fourth quarter of 2010, and our MDPC product offering, which was introduced in April 2012. DPS/MDPC is our cloud-based authentication platform. Our product license and sales model is expected to be used in situations where the application owner wants to control all of the critical aspects of the authentication process. We expect that our services platform will be used by: (a) companies lacking technical resources or expertise to implement a full authentication process or prefering to focus their primary attention on other aspects of their business rather than on the authentication process, or (b) consumers that are aware of the dangers posed by identity theft.

By using our DPS authentication platform, business customers can deploy two-factor authentication more quickly and incur less upfront costs when compared to an on-premises solution. Customers will also be able to use strong authentication when logging onto a larger number of internet sites and applications. We expect those applications using DPS to include B2B applications and B2E applications (e.g., employees of companies logging into third party applications operated in the cloud). We intend to market to corporations or application service providers and charge a fee based on either the number of users accessing their application through our platform or the number of authentication clicks consumed by their users when accessing their application.

By using our MDPC platform, consumers using B2C applications will have convenient access to those applications with increased security. MDPC will provide a secure home page, the MYDIGIPASS.COM “launch pad”, from which users can quickly link to their frequently-used on-line sites. We intend to contract with various vendors to place advertising on the MYDIGIPASS.COM launch pad and earn commissions for purchases made by consumers using our MDPC platform.

No meaningful revenues were generated from DPS/MPDC in 2012 or 2011. However, we expect that DPS/MDPC will start making a contribution in 2013. We believe that DPS/MDPC has the potential for significant future growth as it will make two-factor authentication more affordable and readily available to users and application markets.

In January 2011, we acquired an internet trusted certificate authority/provider, in a two step process. In the first step, we acquired all of the intellectual property of DigiNotar Holding B.V. and its subsidiaries. In the second step we acquired 100% of the stock of DigiNotar B.V. and DigiNotar Notariaat B.V. (collectively, “DigiNotar”). In July 2011, DigiNotar B.V. detected an intrusion into its Certificate Authority (CA) infrastructure, which resulted in the fraudulent issuance of public key certificate requests for a number of domains. On September 14, 2011, the Dutch Independent Post and Telecommunications Authority (OPTA) Commission terminated the registration of DigiNotar B.V. as a certification service provider that issues qualified certificates. As a result of the termination of its registration as a certification service provider, DigiNotar B.V. filed for bankruptcy and the Haarlem District Court, The Netherlands declared DigiNotar B.V. bankrupt on September 20, 2011.

Following the bankruptcy of DigiNotar B.V., we have not and do not plan to participate in the certificate authority business, which was DigiNotar B.V.’s core product. We have, however, been able to use the

34

Table of Contents

intellectual property acquired from DigiNotar to create our own PKI-secured applications, such as document signing, registration and storage solutions, which we believe have strengthened our core authentication product line and expanded opportunities for us on our DPS/MDPC platform.

In April 2011, we acquired Alfa & Ariss, an authority in the field of developing open identity and access management solutions. Alfa & Ariss brought additional important know-how and engineering capabilities in the fields of linking applications in the cloud. We believe that the acquisition of Alfa & Ariss will support the long-term growth strategy of our services and enterprise and application security businesses.

Industry Growth: We do not believe that there are any accurate measurements of the total industry’s size or the industry’s growth rate. We believe, however, that the industry using our product sales and licensing model will grow at a significant rate as the use of the internet increases and the awareness of the risks of using the internet become more prevalent among applications owners. We also believe that a market will develop for our cloud-based service offering and grow at a significant rate as business owners and consumers become more aware of the risks involved in conducting business over the internet. We expect that growth will be driven by new government regulations, growing awareness of the impact of identity theft, and the growth in commerce that is transacted electronically. The issues driving the growth are global issues and the rate of adoption in each country is a function of that country’s culture, the competitive position of businesses operating in that country, the country’s overall economic conditions and the degree to which businesses and consumers within the country use technology.

Economic Conditions: Our revenue may vary significantly with changes in the economic conditions in the countries in which we currently sell products. With our current concentration of revenue in Europe and specifically in the banking/finance vertical market, significant changes in the economic outlook for the European Banking market may have a significant effect on our revenue.

Following the difficult global economy starting in the second half of 2008 and continuing through the first half of 2010, many of our customers delayed the rollout of existing applications and deferred purchase decisions related to the implementation of our product in new applications. In 2010, we responded to the difficult economic conditions by focusing our sales efforts on markets that we believed to have the most near-term opportunity and by implementing cost containment initiatives, including a hiring freeze. With the apparent abatement of the difficult economic conditions in the fourth quarter of 2010 in many of the countries in which we operate, we began to hire staff to support new product development and sales initiatives as well as hiring staff to mitigate risk and strengthen our position in existing markets. In 2011, it appeared that many customers in the Banking market returned to the buying patterns that were in use prior to the economic downturn in 2008, which included large orders for our products that would be delivered to our customers over several quarters. For the full year 2011 as compared to 2010, our revenues in the Banking market increased 72%, with all geographic regions participating strongly in the increase. In 2012, revenues from the Banking market decreased approximately 9% from 2011due in part to pent-up demand from the economic slowdown that was met in 2011, but also due to the timing of the receipt and shipment of orders in 2012.

There continues to be significant global economic uncertainty , including Europe, our most important market. While it appears that circumstances that lead to the sovereign debt crisis have abated in 2012, many significant economic issues have not been addressed fully. As a result, we expect that Europe will continue to face difficult economic conditions in 2013. We expect that the current economic conditions in Europe will limit our growth opportunities in the Enterprise and Application Security market, but not have any significant impact on the Banking market. Should the sovereign debt issue escalate, especially to the point that a country defaults on its debt or the European Union, or Euro Monetary Union, either disbands or is re-formulated, we expect that the resulting economic difficulties would have a major negative impact on the global economy, not just the economies of Western Europe, and our business.

35

Table of Contents

Cybersecurity: Our use of technology is increasing and is critical in three primary areas of our business:

We believe that the risks and consequences of potential incidents in each of the above areas are different.

In the case of the information systems we use to help us run our business, we believe that an incident could disrupt our ability to take orders or deliver product to our customers, but such a delay in these activities would not have a material impact on our overall results. To minimize this risk, we actively use various forms of security and monitor the use of our systems regularly to detect potential incidents as soon as possible.

In the case of products that we have traditionally sold, we believe that the risk of a potential cyber incident is minimal. We offer our customers the ability to either create the secret numbers themselves or have us create the numbers on their behalf. When asked to create the numbers, we do so in a secure environment with limited physical access and store the numbers on a system that is not connected to any other network, including other VASCO networks, and similarly, is not connected to the internet. Were such a cyber incident to occur, our business could be subject to significant disruption and we could suffer significant monetary and other losses and significant reputational harm.

In the case of our new products and services, which involve the active daily processing of the secret numbers on our servers or servers managed by others in a hosted environment, we believe a cyber incident could have a material impact on our future business. We also believe that these products may be more susceptible to cyber attacks than our traditional products since it involves the active processing of transactions using the secret numbers. While we do not have a significant amount of revenue from these products today, we believe that these products have the potential to provide substantial future growth. A cyber incident involving these products in the future could substantially impair our ability to grow the business and we could suffer significant monetary and other losses and significant reputational harm.

In July 2011, we experienced a cyber incident related to DigiNotar B.V. We expect that there are likely to be other hacking attempts intended to impede the performance of our products, disrupt our services and harm our reputation as a company, as the processes used by computer hackers to access or sabotage technology products, services and networks are rapidly evolving. As discussed above, our business could be subject to significant disruption, and we could suffer monetary and other losses and reputational harm, in the event of such incidents.

While we did not experience any cyber incident in 2012 that had a significant impact on our business or receive any significant claims in 2012 related to the bankruptcy in DigiNotar in 2011, it is possible that we could receive a claim or could experience an incident in 2013, which could result in unanticipated costs.

See Note 3 to the financial statements for additional information associated with a cybersecurity incident involving DigiNotar B.V. that we experienced in July 2011. See also Part I, Item 3—Legal Proceedings for a description of legal proceedings related to the cybersecurity incident in 2011.

36

Table of Contents

Income Taxes: Our effective tax rate reflects our global structure related to the ownership of our intellectual property (“IP”). All our IP is owned by two subsidiaries, one in the U.S. and one in Switzerland. Our two subsidiaries have entered into agreements with most of the other VASCO entities under which those other entities provide services to our U.S. and Swiss subsidiaries on either a percentage of revenue or on a cost plus basis or both. Under this structure, the earnings of our service provider subsidiaries are relatively constant. These service provider companies tend to be in jurisdictions with higher effective tax rates. Fluctuations in earnings tend to flow to the U.S. and Swiss companies. Earnings flowing to the U.S. company are expected to be taxed at a rate of 35% to 40%, while earnings flowing to the Swiss company are expected to be taxed at a rate ranging from 8% to 12%.

At the beginning of 2011, we had a U.S. net operating loss (“NOL”) carryforward that was fully reserved as we had not been able to establish that it was more likely than not that we would be able to use the U.S. NOL. As a result of the U.S. NOL and related reserve, the effective tax rate on U.S. earnings up through 2010 had approximated zero, excluding the impact of the alternative minimum tax (“AMT”). The AMT rate had generally computed to be about 2% of pretax income in the U.S.

In 2011, with the strong performance in the territories in which the U.S. subsidiary owns the IP, we used a significant portion of the U.S. NOL that had been reserved and we determined that it was more likely than not that we would use the remaining unused portion of U.S. NOL in future years. As a result, the effective tax rate for 2011 reflected both a benefit of using the U.S. NOL against income in 2011 and a benefit from eliminating the reserve against the U.S. NOL that remained unused at December 31, 2011. See the effective tax rate reconciliation in Note 7 to the financial statements for the benefits related to the use of NOL carryforwards or the changes in the reserves related to NOL carryforwards in 2011.

With the majority of our revenues being generated outside of the U.S., our consolidated effective tax rate is strongly influenced by the effective tax rate of our foreign operations. Changes in the effective rate related to foreign operations reflect changes in the geographic mix of where the earnings are realized and the tax rates in each of the countries in which it is earned. The statutory tax rate for the primary foreign tax jurisdictions ranges from 8% to 35%.

The geographic mix of earnings of our foreign subsidiaries will primarily depend on the level of our service provider subsidiaries’ pretax income, which is recorded as an expense by the U.S. and Swiss subsidiaries and the benefit that is realized in Switzerland through the sales of product. The level of pretax income in our service provider subsidiaries is expected to vary based on:

For items 1 and 2 above, there is a direct impact in the opposite direction on earnings of the U.S. and Swiss entities. Any change from item 3 is generally expected to result in a larger change in income in the U.S. and Swiss entities in the direction of the change (increased revenues expected to result in increased margins/pretax profits and conversely decreased revenues expected to result in decreased margins/pretax profits).

In addition to the provision of services, the intercompany agreements transfer the majority of the business risk to our U.S. and Swiss subsidiaries. As a result, the contracting subsidiaries’ pretax income is reasonably assured while the pretax income of the U.S. and Swiss subsidiaries varies directly with our overall success in the market.

For 2013, we expect that our tax rate will decline slightly as growth in earnings of the Swiss subsidiary are expected to exceed the growth in earnings of the U.S. subsidiary, in part due to the fact that the final

37

Table of Contents

payments related to the original purchase of the IP were completed in 2012 (i.e., taxable income in the foreign countries will decrease in the higher tax rate jurisdictions and increase in the lower tax rate jurisdictions as the Swiss and U.S. subsidiaries no longer make payments to the higher rate foreign countries related to the original purchase of the IP). The actual tax rate for 2013, however, will be determined based on the geographic location of earnings in 2013.

Currency Fluctuations. In 2012, approximately 93% of our revenue and approximately 81% of our operating expenses were generated/incurred outside of the U.S. In 2011, approximately 90% of our revenue and approximately 78% of our operating expenses were generated/incurred outside of the U.S. As a result, changes in currency exchange rates, especially the Euro to U.S. Dollar, can have a significant impact on revenue and expenses. To mitigate the net impact of currency on operating earnings, we attempt to denominate an amount of billings in a currency such that it would provide a hedge against the operating expenses being incurred in that currency. If the amount our revenue in Europe denominated in Euros continues as it is now or declines, however, we do not expect that we will be able to balance fully the exposures of currency exchange rates on revenue and operating expenses.

In 2012 compared to 2011, the U.S. Dollar, on average, strengthened approximately 9% against the Euro, but was essentially flat against the Australian Dollar. In 2011 compared to 2010, on average, the U.S. Dollar weakened approximately 5% against the Euro and weakened approximately 13% against the Australian Dollar. We estimate that the net impact of the change in currency rates in 2012 compared to 2011 resulted in a decrease in revenue of approximately $4,005 and a decrease in operating expenses of $4,553. We also estimate that the change in currency rates in 2011 compared to 2010 resulted in an increase in revenue of approximately $5,406 and an increase in operating expenses of $3,475.

The financial position and the results of operations of most of our foreign subsidiaries, with the exception of our subsidiaries in Switzerland and Singapore, are measured using the local currency as the functional currency. Accordingly, assets and liabilities are translated into U.S. Dollars using current exchange rates as of the balance sheet date. Revenues and expenses are translated at average exchange rates prevailing during the year. Translation adjustments arising from differences in exchange rates generated other comprehensive gain of $1,677 in 2012, a loss of $2,120 in 2011, and a loss of $3,747 in 2010. These amounts are included as a separate component of stockholders’ equity. The functional currency for both our subsidiaries in Switzerland and Singapore is the U.S. Dollar.

Gains and losses resulting from foreign currency transactions are included in the consolidated statements of operations as other non-operating income/expense. In 2012, 2011 and 2010, we reported foreign exchange transaction losses of $410, $760 and $225, respectively.

Revenue

Revenue by Geographic Regions: We classify our sales by customers’ location in four geographic regions: 1) EMEA, which includes Europe, the Middle East and Africa; 2) the United States, which for our purposes includes sales in Canada; 3) Asia Pacific Rim; and 4) Other Countries, including Australia, Latin America and India. The breakdown of revenue in each of our major geographic areas was as follows:

38

Table of Contents

2012 Compared to 2011

Total revenue in 2012 decreased $14,053 or 8% from 2011. The decrease in total revenue was primarily attributable to a decrease in hardware products sold to both the Banking and Enterprise and Application Security markets and the strengthening of the U.S. Dollar as compared to the Euro, as noted above, partially offset by an increase in non-hardware products sold to the both the Banking and Enterprise and Application Security markets. Please see the discussion below under “Revenue by Target Market” for additional information regarding the changes in revenue from the Banking market and the Enterprise and Application Security market.

Revenue generated in EMEA for the full-year 2012 was $16,583 (or 15%) lower in 2012 than in 2011. The decrease reflected a decrease of approximately 18% in revenue from the Banking market and a decrease of 3% in revenue from the Enterprise and Application Security markets. We estimate that the change in currency rates decreased revenues in EMEA by $3,983 compared to 2011. Had currency exchange rates in 2012 remained unchanged from 2011, revenues in EMEA would have been approximately 11% lower than in full-year 2011.

Revenue generated in the United States for the full-year 2012 was $4,882 (or 30%) lower in 2012 than in 2011. Revenue was approximately 33% lower in the Banking market and 27% lower in the Enterprise and Application Security markets than in full-year 2011. The U.S. market continues to defer the adoption of two factor authentication for retail internet banking applications. The results in the U.S. also reflect strong competition, especially in the Enterprise and Application Security market.

Revenue generated in Asia Pacific for the full-year 2012 was $18,045 (or 122%) higher in 2012 than in 2011. Revenue was approximately 153% higher in the Banking market and 19% lower in the Enterprise and Application Security markets than in full-year 2011. We believe the region offers substantial opportunities for future growth as our sales offices in Japan and Beijing mature and the two-factor authentication market expands.

Revenue generated in other countries for the full-year 2012 was $10,633 (or 41%) lower in 2012 than in 2011. Revenue in other countries was approximately 48% lower in the Banking market and 61% higher in the Enterprise and Application Security markets. We expect that revenue from other countries will be more volatile than our other regions given the earlier stage of development of the authentication market in those countries. VASCO, however, plans to continue to invest in new markets based on our estimates of the market’s demand for strong user authentication.

Given the relatively small size of the revenue in regions other than EMEA, the results may vary substantially year-to-year on both an absolute and on a percentage basis depending upon the timing of the receipt and delivery of a large new order or the completion of a large rollout. We believe that the variability in results will lessen as we develop a larger base of Banking customers and further develop our distribution channel and direct touch sales model for the Enterprise and Application Security market.

2011 Compared to 2010

Total revenue in 2011 increased $60,119 (or 56%) from 2010. The increase in total revenue was primarily attributable to an increase in products sold to the Banking market, both hardware and non-hardware, an increase in non-hardware products sold to the Enterprise and Application Security market and the weakening of the U.S. Dollar as compared to the Euro, as noted above, partially offset by a decrease in hardware products sold to the Enterprise and Application Security market.

Revenue generated in EMEA for the full-year 2011 was $38,881 (or 53%) higher in 2011 than in 2010. The increase reflected an increase of approximately 67% in revenue from the Banking market and an increase of 13% in revenue from the Enterprise and Application Security markets. We estimate that the change in currency rates increased revenues in EMEA by $4,776 compared to 2010. Had currency exchange rates in 2011 remained unchanged from 2010, revenues in EMEA would have been approximately 47% higher than in full-year 2010.

39

Table of Contents

Revenue generated in the United States for the full-year 2011 was $6,113 (or 62%) higher in 2011 than in 2010. Revenue was approximately 155% higher in the Banking market and 1% lower in the Enterprise and Application Security markets than in full-year 2010. The U.S. market continues to defer the adoption of two factor authentication for retail internet banking applications.

Revenue generated in Asia Pacific for the full-year 2011 was $3,878 (or 36%) higher in 2011 than in 2010. Revenue was approximately 29% higher in the Banking market and 78% higher in the Enterprise and Application Security markets than in full-year 2010.

Revenue generated in other countries for the full-year 2011 was $11,247 (or 78%) higher in 2011 than in 2010. Revenue in other countries was approximately 97% higher in the Banking market and 27% lower in the Enterprise and Application Security markets. As noted above, the average exchange rate for the U.S. Dollar was approximately 13% weaker than the Australian Dollar in 2011 compared to 2010 and we estimate that the change in currency rates increased revenues in other countries by $555 compared to 2010.

Revenue by Target Market: Revenue is generated currently from two primary markets, (1) Banking and (2) Enterprise and Application Security, through the use of both direct and indirect sales channels. The Enterprise and Application Security market includes products used by employees of corporations to secure their internal networks (the enterprise security market) and business-to-business, business-to-consumer, e-commerce, e-government, e-gaming and other vertical applications (the application security market) that are not related to banking or finance. In addition, revenues from services-related activities, such as maintenance and support are included in the Enterprise and Application Security markets. Management currently views the Enterprise and Application Security market as one market because the same products are sold using the same methods to both groups (i.e., a direct touch model and channel distribution model). Sales to the Enterprise and Application Security market are generally for smaller quantities and higher prices than sales made to the Banking market. The breakdown of revenue between the two primary markets is as follows:

2012 Compared to 2011

Revenue for the full year 2012 from the Banking market decreased $12,299 (or 9%) from 2011 and revenue from the Enterprise and Application Security market decreased $1,754 or 6% in the same period.

The decrease in both the Banking and Enterprise and Application Security markets reflects a decrease in hardware products sold and a decrease in revenue resulting from the strengthening of the U.S. Dollar as compared to the Euro, as previously noted, partially offset by an increase in non-hardware related revenues in both the Banking and Enterprise and Application Security markets.

The decline in revenue in both markets reflects the transaction nature of our business where the absolute amount of revenue reported in any given period is a reflection of transactions closed in that period. While that amount of revenue reported in 2012 declined from 2011, our overall order intake in 2012 (firm orders

40

Table of Contents

scheduled to ship in 2012 and future years) was the best in the company’s history. As noted in Section 1 of this Form 10-K, during 2012 the backlog increased $12 million and decreased $25 million in 2011.

Also, given the sustainable, repeatable nature of our revenue model, we believe that the growth over a longer period of time reflects the growth in our customer base, which we expect will lead to continued increases in revenues in future years, albeit with uneven growth reported annually. We expect that customers that have purchased our products in prior years will replace those products in future years for several reasons, including but not limited to;

2011 Compared to 2010

Revenue for the full year 2011 from the Banking market increased $57,218 or 72% from 2010 and revenue from the Enterprise and Application Security market increased $2,901 or 10% in the same period.

The increase in the Banking market reflects an increase in products sold, both hardware and non-hardware, and an increase resulting from the weakening of the U.S. Dollar as compared to the Euro, as previously noted. In 2011, banks returned to a buying pattern that was more consistent with the way that they had placed orders prior to the crisis in 2008, which included larger orders for significant rollouts to their retail customers. Revenues in 2011 reflected large transactions from both new banking customers as well as existing banking customers.

While we believe that the revenues in 2011 reflected a certain amount of catch-up related to replacement cycles that we otherwise would have expected to take place in 2009 and 2010, we also believe the total revenue for the full year 2011 reflects a more normal level of revenue associated with the long-term growth that we expect from the banking industry as banks continue to increase the use of internet banking applications. Our revenues in 2011 included significant amounts of revenue from new customers.

The increase in the Enterprise and Application Security market was primarily attributable to an increase in non-hardware revenue and the weakening of the U.S. Dollar as compared to the Euro partially offset by a decline in the number of products shipped.

41

Table of Contents

Gross Profit

2012 Compared to 2011

Consolidated gross profit for 2012 was $99,565, a decrease of $8,547, or 8%, from the $108,112 reported for 2011. Gross profit as a percentage of revenue (“gross profit margin”) was 65% in 2012 compared to 64% in 2011. The increase in the gross profit margin was primarily attributable to the following factors:

partially offset by

We experienced an increase in the gross profit margin from non-hardware related revenues generated in both the Banking and the Enterprise and Application Security markets. Non-hardware revenue as a percentage of total revenue was approximately 24% in 2012 compared to 21% in 2011. The amount of non-hardware revenue increased by approximately 4% in 2012 compared to 2011. Non-hardware revenue can have a gross profit margin that is approximately 20 to 30 percentage points higher than hardware-related revenue, depending on the model and quantity of the hardware units sold.

Card readers represented 14% of our total revenue in 2012 as compared to 19% of our total revenue in 2011. Card readers generally have a gross profit margin that is approximately 25 to 35 percentage points lower

42

Table of Contents

than other hardware-related margins, due to competitive pricing pressures. There are a number of competitors in the EMV market that produce card reader products with fewer features at a lower cost than our products.

The cost of shipping our products to customers was lower in 2012 than in 2011. In the first half of 2011, we incurred increased costs associated with shipping our products on an expedited basis to ensure that we met our delivery commitments to customers. As we worked through 2011, we reduced the number of expedited shipments to a more normalized level and maintained that program throughout 2012. We estimate that the reduction in shipping costs increased our gross margin as a percent of revenue by approximately 1.9 percentage points.

We monitor our inventory levels on a quarterly basis and write down the value of selected inventory items to their expected net realizable value when it appears that the value of the item may not be realized through the ultimate sale of a finished product. The total amount of the inventory write down was approximately $2,176 for the full-year 2012 compared to $1,558 for full-year 2011. Going forward, we believe that similar adjustments may be needed reflecting the risk associated with making estimates of future demand and buying inventory to meet that demand on a recurring basis.

Changes in currency exchange rates had a negative impact on our gross profit margins in 2012. The majority of our inventory purchases are denominated in U.S. Dollars. As previously noted, our sales are denominated in various currencies, including the Euro and Australian Dollar. As the U.S. Dollar strengthened in 2012 when compared to the Euro in 2011, revenue as measured in U.S. Dollars decreased from sales made in Euros, without a corresponding decrease in cost of goods sold. The impact from changes in currency rates, as noted above, is estimated to have decreased revenue by approximately $4,405 for the full year 2012. Had the currency rates in 2012 been equal to the rates in 2011, the gross profit margin would have been approximately 0.9 percentage points higher for the year ended December 31, 2012.

2011 Compared to 2010

Consolidated gross profit for 2011 was $108,112, an increase of $32,146, or 42%, from the $75,966 reported for 2010. Gross profit as a percentage of revenue (“gross profit margin”) was 64% in 2011 compared to 70% in 2010. The decline in the gross profit margin was primarily attributable to the following factors:

partially offset by

Our gross profit margin was negatively impacted by the higher growth rate in revenues coming from our Banking market as compared to the growth rate of revenues coming from our Enterprise and Application Security market. As noted above, revenues from the Banking market increased to 81% of total revenue in 2011 from 74% of total revenue in 2010. In contrast, revenues from the Enterprise and Application Security markets declined to 19% of total revenue in 2011 from 26% of total revenue in 2010.

43

Table of Contents

We experienced a decline in the gross profit margin coming from hardware-related revenues generated in both the Banking and the Enterprise and Application Security markets. The decline in the gross profit margin for hardware-related revenues was primarily attributable to:

Non-hardware revenue as a percentage of total revenue was approximately 21% in 2011 compared to 25% in 2010. While the amount of non-hardware revenue increased by approximately 30% in 2011 compared to 2010, it was a lower percentage of total revenue as the growth rate in non-hardware revenues was less than the growth rate in hardware revenues.

In the fourth quarter of 2011, we wrote down the value of selected inventory items to their expected net realizable value. The total amount of the write down was approximately $1,375. The amount of the write down was based on our evaluation of specific inventory items on hand at the end of 2011 in relation to our estimates of future demand for that inventory.

Changes in currency exchange rates had a positive impact on our gross profit margins in 2011. The majority of our inventory purchases are denominated in U.S. Dollars. As previously noted, our sales are denominated in various currencies, including the Euro and Australian Dollar. As the U.S. Dollar weakened in 2011 when compared to the Euro and the Australian Dollar in 2010, revenue as measured in U.S. Dollars increased from sales made in Euros and Australian Dollars, without a corresponding increase in cost of goods sold. The impact from changes in currency rates, as noted above, is estimated to have increased revenue by approximately $5,406 for the full year 2011. Had the currency rates in 2011 been equal to the rates in 2010, the gross profit margin would have been approximately 1.2 percentage points lower for the year ended December 31, 2011.

Operating Expenses

Our operating expenses are generally based on anticipated revenue levels and the majority of such expenses are fixed over short periods of time. As a result, small variations in the amount of revenue recognized in any given period could cause significant variations in the period-to-period comparisons of either the absolute amounts of operating income or operating income as a percentage of revenue. There are three primary factors that impact our operating expenses: our headcount levels, our stock-based incentive plan compensation expenses and the impact of changes in foreign exchange rates.

Generally, the most significant factor driving our operating expenses is our headcount. Direct compensation and benefit plan expenses generally represent between 55% and 65% of our operating expenses. In addition, a number of other expense categories are directly related to headcount. We attempt to manage our headcount within the context of the economic environments in which we operate and the investments that we

44

Table of Contents

believe we need to make to help ensure that our infrastructure is able to support future growth and ensure that our products are competitive. The headcount from continuing operations for 2009 through 2012 is recapped in the following table:

With the economic crisis that began in 2008, we implemented a cost containment initiative that resulted in a decrease of staff in 2009. In the fourth quarter of 2009, with the increase in requests for information and proposals, we began to invest in our business by recruiting staff in critical areas to begin in 2010. In 2011, other than our acquisitions of DigiNotar and Alfa & Ariss early in 2011, our primary focus was on realizing a benefit from the staff additions made in 2010. Our headcount at December 31, 2011 was 358, including 10 persons from the acquisition of Alfa & Ariss, but excluding DigiNotar, which was discontinued in 2011 as noted above. In 2012, we increased our headcount, primarily in Research and Development (“R&D”) in large part to support the development of our services platform. For 2013, we expect to hire between 25 and 35 persons, with hiring focused primarily on sales and business development staff.

The comparison of operating expenses in both 2012 to 2011 and 2011 to 2010 were impacted by adjustments to our stock-based incentive plan compensation expenses. Stock-based incentive plan compensation expenses generally relate to stock-based, long-term performance incentives. For the full year of 2012, operating expenses included $3,726 of expense related to stock-based incentive plans compared to expense of $6,117 in 2011 and expense of $1,021 in 2010.

In 2012, 2011 and 2010, we recorded adjustments to the accrual each year for such plans based on management’s determination of whether it was probable that the performance criteria for each plan outstanding at the end of each period would be met. With the shortfall to our performance targets in 2012, we eliminated the costs associated with our 2012 stock-based incentive plan awards, which reduced our full-year 2012 expenses by $504. With our strong performance in 2011, we achieved the performance targets that had been set in the 2009 plan awards for which management had determined in the fourth quarter of 2010, and maintained such determination through the end of the third quarter 2011, that it was improbable that we would meet the targets. As a result of achieving the targets, expense increased by $2,493 in the fourth quarter of 2011. In 2010, we reversed $721 of accruals that had been established in the prior year for the 2009 awards based on management’s assessment that it was improbable that the 2009 plan award targets would be met.

Sales and Marketing Expenses

2012 Compared to 2011

Consolidated sales and marketing expenses for the year ended December 31, 2012 were $37,768, a decrease of $2,526, or 6%, from $40,294 reported for 2011. This decrease in sales and marketing expenses primarily relates to:

45

Table of Contents

Our average full year headcount was essentially flat in 2012 compared to 2011. The average full-time sales, marketing and operations employee headcount was 171 in 2012 compared to 172 in 2011. At year-end 2012, 2011 and 2010, the company employed 172, 167 and 170 sales, marketing and operations employees, respectively.

2011 Compared to 2010

Consolidated sales and marketing expenses for the year ended December 31, 2011 were $40,294, an increase of $9,267, or 30%, from $31,027 reported for 2010. This increase in sales and marketing expenses, including the impact of changes in currency exchange rates, is primarily related to:

We estimate that the weakening of the U.S. Dollar in relation to other currencies, primarily the Euro and Australian Dollar, increased sales and marketing expenses by approximately $1,752 in 2011 compared to 2010.

Our average full year headcount increased approximately 6% in 2011 compared to 2010. The average full-time sales, marketing and operations employee headcount was 172 in 2011 compared to 162 in 2010. At year-end 2011, 2010 and 2009, the company employed 167, 170 and 156 sales, marketing and operations employees, respectively.

Research and Development Expenses

2012 Compared to 2011

Consolidated research and development costs for the year ended December 31, 2012 were $18,794, an increase of $158, or 1%, from the $18,636 reported for 2011. The increase in research and development was primarily attributable to:

partially offset by

The average research and development headcount increased approximately 10% to 140 in 2012 from 128 in 2011. At year-end 2012, 2011 and 2010, the company employed 143, 136 and 115 research and development employees, respectively.

2011 Compared to 2010

Consolidated research and development costs for the year ended December 31, 2011 were $18,636, an increase of $5,068, or 37%, from the $13,568 reported for 2010. The increase in research and development, including the impact of changes in currency exchange rates, was primarily attributable to:

46

Table of Contents

We estimate that the weakening of the U.S. Dollar to other currencies, primarily the Euro and Australian Dollar, increased research and development expenses by approximately $1,128 in 2011 compared to 2010.

The average research and development headcount, including the staff of Alfa & Ariss, increased approximately 22% to 128 in 2011 from 105 in 2010. Excluding the Alfa & Ariss staff, the average full time research and development headcount was 122 in 2011, an increase of 16% over 2010. At year-end 2011, 2010 and 2009, the company employed 136, 115 and 92 research and development employees, respectively.

General and Administrative Expenses

2012 Compared to 2011

Consolidated general and administrative expenses for the year ended December 31, 2012 were $20,071, a decrease of $2,379 or 11%, from the $22,450 reported for 2011. The decrease in general and administrative expense was primarily attributable to:

The average full-time general and administrative employee headcount was flat with 56 persons in 2012 and 2011. At year-end 2012, 2011 and 2010, the company employed 59, 55 and 57 general and administrative employees, respectively.

2011 Compared to 2010

Consolidated general and administrative expenses for the year ended December 31, 2011 were $22,450, an increase of $3,912 or 21%, from the $18,538 reported for 2010. The increase in general and administrative expense, including the impact of changes in currency exchange rates, was primarily attributable to:

We estimate that the weakening of the U.S. Dollar to other currencies, primarily the Euro and Australian Dollar, increased general and administrative expenses by approximately $594 in 2011 compared to 2010.

The average full-time general and administrative employee headcount increased 6% to 56 in 2011 from 53 in 2010. At year-end 2011, 2010 and 2009, the company employed 55, 57, and 46 general and administrative employees, respectively.

47

Table of Contents

Amortization Expense

2012 Compared to 2011

Amortization expense for 2012 was $1,905, a decrease of $62 (or 3%) from $1,967 reported for 2011. The decrease was primarily due to the impact of changes in foreign exchange rates.

2011 Compared to 2010

Amortization expense for 2011 was $1,967, an increase of $1,524 (or 344%) from $443 reported for 2010. The increase was primarily due to the asset acquisition of the intellectual property of DigiNotar, which is not impacted by the bankruptcy of DigiNotar B.V., and the stock acquisition of Alfa & Ariss.

Interest Income, Net

2012 Compared to 2011

Consolidated net interest income was $261 in 2012 compared to $543 in 2011. The decrease in net interest income reflected a decrease in the average return on invested balances partially offset by an increase in the average net cash balance. Our return on average net cash balances was 0.3% in 2012 compared to 0.7% in 2011. Average net cash balances were $92,741 in 2012, an increase of $10,366 or 13% from $82,375 in 2011. Due to the uncertainty in Europe created by the sovereign debt crisis, we converted approximately 29 million Euros into Swiss Francs. We preferred the safety of holding Swiss Francs instead of Euros with the understanding that we would have limited opportunities to invest the Swiss Francs. As the monetary situation regarding the Euro appeared to stabilize in the later part of 2012, we moved Swiss Francs back into Euros. We expect that the rates of return on invested cash will continue to be minimal in 2013.

2011 Compared to 2010

Consolidated net interest income was $543 in 2011 compared to $324 in 2010. The increase in net interest income reflected an increase in both the average net cash balances and the average return on those balances. Average net cash balances were $82,375 in 2011, an increase of $4,112 or 5% from $78,263 in 2010. Our return on average net cash balances was 0.7% in 2011 compared to 0.4% in 2010.

Other Income (Expense), net

2012 Compared to 2011

Other income (expense), net in 2012 primarily included exchange gains (losses) on transactions that are denominated in currencies other than a subsidiary’s functional currency and subsidies received from foreign governments related to increasing trade in other countries or increasing spending on research and development. Other income was $409 in 2012 compared to $500 in 2011. The decrease in other income primarily reflects a decline in government subsidies partially offset by a decrease in exchange losses. Exchange losses were $410 in 2012 compared to exchange losses of $760 in 2011. We expect that the government subsidies will continue to decline in the countries in which we operate as each country looks for new revenue sources to fund their governmental spending.

2011 Compared to 2010

Other income (expense), net in 2011 primarily included exchange gains (losses) on transactions that are denominated in currencies other than a subsidiary’s functional currency and subsidies received from foreign governments related to increasing trade in other countries or increasing spending on research and development. Other income was $500 in 2011 compared to $698 in 2010. The decrease in other income primarily reflects an increase in exchange losses of $535 partially offset by an increase in other income of $337. Exchange losses were $760 in 2011 compared to exchange losses of $225 in 2010.

48

Table of Contents

Income Taxes

2012 Compared to 2011

Income tax expense for 2012 was $5,468, compared to $1,557 in 2011. The effective tax rate in 2012 was 25%, an increase of 19 percentage points from 6% in 2011. The increase in the rate in 2012 is primarily attributable to the fact that 2011 included a significant benefit from the use of net operating loss carryforwards in the U.S., including the reversal of a reserve related to the use of remaining U.S. net operating loss carryforwards in future years. The effective tax rate also increased slightly in 2012 as a result of having a higher percentage of our earnings subject to tax at the U.S. rate, which increases our overall effective tax rate.

For 2013, we expect that our rate will decline slightly as our Swiss and U.S. entities will no longer be making payments to our other subsidiaries related to the initial purchase of our intellectual property. We expect that tax savings from the elimination of the payments may be partially offset by a continued increase in the percentage of our earnings that are taxed at the U.S. rate. See the discussion regarding income taxes in the general commentary section of Management’s Discussion and Analysis above and in Note 7 to the consolidated financial statements for additional information.

2011 Compared to 2010

Income tax expense for 2011 was $1,557, compared to $2,606 in 2010. The effective tax rate in 2011 was 6%, a decrease of 13 percentage points from 19% in 2010. The reduction in the rate in 2011 is primarily attributable to the benefit of the use of net operating loss carryforwards in the U.S. and the reversal of a reserve related to the use of remaining U.S. net operating loss carryforwards in future years.

Loss Carryforwards Available

At December 31, 2012, we had U.S. NOL carryforwards of $11,620, foreign NOL carryforwards of $5,279, and other deductible foreign carryforwards of $3,491. U.S. NOL carryforwards expire in varying amounts beginning in 2022 and continuing through 2032. Foreign NOL carryforwards do not expire. Other deductible foreign carryforwards expire from 2016 through 2019.

Such tax loss carryforwards may provide an offset to future tax liabilities. In addition to the reduction in tax liabilities, we had a valuation reserve of $2,284 against the foreign net operating loss and other deductible carryforwards at December 31, 2012. A reduction in the valuation reserve may be possible if it is more likely than not that we will realize the benefit of the deferred tax asset. The reduction in the reserve would reduce income tax expense in the period it is reduced. See Note 7 to the consolidated financial statements for more information on tax loss carryforwards.

Loss from Discontinued Operations

Our losses from discontinued operations were $630 for full-year 2012 compared to $6,118 for the full-year 2011. Losses in 2012 primarily reflect the ongoing legal and other third party costs associated with the bankruptcy of DigiNotar in 2011. The loss for the full-year 2011 reflected a loss on the disposal of DigiNotar B.V. of $4,523 and a loss from DigiNotar’s operations of $1,595. As described in Note 3 of the financial statements, the loss on disposal of DigiNotar B.V. included the following losses on an after-tax basis:

49

Table of Contents

The decrease in contingent consideration reflects the amount that is expected to be recovered from the escrow agent that is holding funds associated with the original purchase transaction due to the fact that DigiNotar B.V. will not be able to achieve the earnings target established in the original purchase agreements.

We did not write off any of the intellectual property that we purchased prior to the purchase of the stock of DigiNotar. We believe we have strengthened our authentication product lines using the PKI technology acquired from DigiNotar.

Note 3 of the consolidated financial statements contains additional information about the discontinued operations. See Part 1, Item 1A – Risk Factors and Part 1, Item 3 - Legal Proceedings for additional information related to DigiNotar B.V.