Item 7 - Management’s Discussion and Analysis of Financial Condition and Results of Operations

(in thousands, except head count, ratios, time periods and percentages)

Unless otherwise noted, references in this Annual Report on Form 10-K to “ VASCO”, “company”, “we”, “our”, and “us” refer to VASCO Data Security International, Inc. and its subsidiaries.

Cautionary Note Regarding Forward-Looking Statements

This Annual Report on Form 10-K, including Management’s Discussion and Analysis of Financial Condition and Results of Operations and Quantitative and Qualitative Disclosures About Market Risk contains forward-looking statements within the meaning of Section 21E of the Securities Exchange Act of 1934, as amended and Section 27A of the Securities Act of 1933, as amended concerning, among other things, our expectations regarding the prospects of, and developments and business strategies for, VASCO and our operations, including the development and marketing of certain new products and services and the anticipated future growth in certain markets in which we currently market and sell our products and services or anticipate selling and marketing our products or services in the future. These forward-looking statements (1) are identified by use of terms and phrases such as “expect”, “believe”, “will”, “anticipate”, “emerging”, “intend”, “plan”, “could”, “may”, “estimate”, “should”, “objective”, “goal”, “possible”, “potential”, “projected” and similar words and expressions, but such words and phrases are not the exclusive means of identifying them, and (2) are subject to risks and uncertainties and represent our present expectations or beliefs concerning future events. VASCO cautions that the forward-looking statements are qualified by important factors that could cause actual results to differ materially from those in the forward-looking statements. Factors that could cause actual results to differ materially from those contemplated above include, among others, our ability to integrate and effectively sell Cronto’s technology, our ability to recover amounts held in escrow related to our acquisition of DigiNotar and unanticipated costs associated with DigiNotar’s bankruptcy or potential claims that may arise in connection with the hacking incidents at DigiNotar. These additional risks, uncertainties and other factors have been described in greater detail in this Annual Report on Form 10-K and include, but are not limited to, (a) risks specific to VASCO, including, demand for our products and services, competition from more established firms and others, pressures on price levels and our historical dependence on relatively few products, certain suppliers and certain key customers, (b) risks inherent to the computer and network security industry, including rapidly changing technology, evolving industry standards, increasingly sophisticated hacking attempts, increasing numbers of patent infringement claims, changes in customer requirements, price competitive bidding, and changing government regulations, and (c) risks of general market conditions, including currency fluctuations and the uncertainties resulting from turmoil in world economic and financial markets. Thus, the results that we actually achieve may differ materially from any anticipated results included in, or implied by these statements. Except for our ongoing obligations to disclose material information as required by the U.S. federal securities laws, we do not have any obligations or intention to release publicly any revisions to any forward-looking statements to reflect events or circumstances in the future or to reflect the occurrence of unanticipated events.

General

The following discussion is based upon our consolidated results of operations for the years ended December 31, 2013, 2012 and 2011 (percentages in the discussion, except for returns on average net cash balances, are rounded to the closest full percentage point) and should be read in conjunction with our consolidated financial statements included elsewhere in this Annual Report on Form 10-K.

We design, develop, market and support open standards-based hardware and software security systems that manage and secure access to information assets. We also design, develop, market and support patented strong user authentication products and services for e-business and e-commerce. Our products enable secure financial transactions to be made over private enterprise networks and public networks, such as the internet. Our strong user authentication is delivered via our hardware and software DIGIPASS security products, many of which incorporate an electronic and digital signature capability, which further protects the integrity of electronic transactions and data transmissions. Some of our DIGIPASSES are compliant with the Europay MasterCard Visa

34

Table of Contents

(“EMV”) standard and are compatible with the MasterCard and VISA Chip Authentication Program (“CAP”). Some of our DIGIPASSES comply with the Initiative for Open Authentication (“OATH”). As evidenced by our current customer base, most of our products are purchased by businesses and, depending on the application, are distributed to either their employees or their customers. Those customers may be other businesses or, as an example in the case of internet banking, our customer banks’ corporate and retail customers. In future years, we expect that our customers will increasingly use our cloud-based service offering, DIGIPASS as a Service (“DPS”) or MYDIGIPASS.COM (“MDP”) or together (“DPS/MDP”) as described below.

Our target market is any business process that uses some form of electronic interface, particularly the internet, where the owner of that process is at risk if unauthorized users can gain access to its process and either obtain proprietary information or execute transactions that are not authorized. Our products can not only increase the security associated with accessing the business process, thereby reducing the losses from unauthorized access, but also, in many cases, can reduce the cost of the process itself by automating activities that were previously performed manually.

We offer our products either through: (a) a product sales and licensing model or (b) through our services platform, which includes both our DPS product offering, which was first made available in the fourth quarter of 2010, and our MDP product offering, which was introduced in April 2012. DPS/MDP is our cloud-based authentication platform. Our product license and sales model is expected to be used in situations where the application owner wants to control all of the critical aspects of the authentication process. We expect that our services platform will be used by: (a) companies lacking technical resources or expertise to implement a full authentication process or preferring to focus their primary attention on other aspects of their business rather than on the authentication process or (b) consumers that are aware of the dangers posed by identity theft.

By using our DPS/MDP authentication platform, business customers can deploy two-factor authentication more quickly, incur less upfront costs and be able to use strong authentication when logging onto a larger number of internet sites and applications. We expect those applications using DPS/MDP to include B2B applications and B2E applications (e.g., employees of companies logging into third party applications operated in the cloud). We believe that corporations or application service providers will pay us a fee based on either the number of users accessing their application through our platform or the number of authentication clicks consumed by their users when accessing their application.

While there were minimal revenues generated from the services platform to date, we expect that DPS/MDP will start making a contribution in 2014. We believe that DPS/MDP has the potential for significant future growth as it will make two-factor authentication more affordable and readily available to users and application markets.

In January 2011, we acquired an internet trusted certificate authority/provider, in a two-step process. In the first step, we acquired all of the intellectual property of DigiNotar Holding B.V. and its subsidiaries. In the second step we acquired 100% of the stock of DigiNotar B.V. and DigiNotar Notariaat B.V. (collectively, “DigiNotar”). In July 2011, DigiNotar B.V. detected an intrusion into its Certificate Authority (CA) infrastructure, which resulted in the fraudulent issuance of public key certificate requests for a number of domains. On September 14, 2011, the Dutch Independent Post and Telecommunications Authority (OPTA) Commission terminated the registration of DigiNotar B.V. as a certification service provider that issues qualified certificates. As a result of the termination of its registration as a certification service provider, DigiNotar B.V. filed for bankruptcy and the Haarlem District Court, The Netherlands declared DigiNotar B.V. bankrupt on September 20, 2011.

Following the bankruptcy of DigiNotar B.V., we have not and do not plan to participate in the certificate authority business, which was DigiNotar B.V.’s core product. We have, however, been able to use the intellectual property acquired from DigiNotar and DigiNotar Holding B.V. to create our own PKI-secured applications, such as document signing, registration and storage solutions, which we believe have strengthened our core authentication product line and expanded opportunities for us on our DPS/MDP platform.

35

Table of Contents

In April 2011, we acquired Alfa & Ariss, an authority in the field of developing open identity and access management solutions. Alfa & Ariss brought additional important know-how and engineering capabilities in the fields of linking applications in the cloud. We believe that the acquisition of Alfa & Ariss will support the long-term growth strategy of our services and enterprise and application security businesses.

In May 2013, we acquired Cronto, a provider of secure visual transaction authentication solutions for online banking. Using the patented Cronto technology, customers can establish a secure optical communication channel with their client and display the details of a transaction in an encrypted graphical cryptogram consisting of a matrix of colored dots, which are displayed on the end user’s screen. Account holders can simply “scan” the image with our device to verify the transaction details and respond with an electronic signature, if needed. We believe that the acquisition of Cronto will support the long-term growth strategy of all of our businesses.

Industry Growth: We do not believe that there are any accurate measurements of the total industry’s size or the industry’s growth rate. We believe, however, that the industry using our product sales and licensing model will grow at a significant rate as the use of the internet increases and the awareness of the risks of using the internet become more prevalent among application owners. We also believe that a market will develop for our cloud-based service offering and grow at a significant rate as business owners and consumers become more aware of the risks involved in conducting business over the internet. We expect that growth will be driven by new government regulations, growing awareness of the impact of identity theft, and the growth in commerce that is transacted electronically. The issues driving the growth are global issues and the rate of adoption in each country is a function of that country’s culture, the competitive position of businesses operating in that country, the country’s overall economic conditions and the degree to which businesses and consumers within the country use technology.

Economic Conditions: Our revenue may vary significantly with changes in the economic conditions in the countries in which we currently sell products. With our current concentration of revenue in Europe and specifically in the banking/finance vertical market, significant changes in the economic outlook for the European Banking market may have a significant effect on our revenue.

There continues to be significant global economic uncertainty, including Europe, our most important market. While it appears that circumstances that led to the sovereign debt crisis have abated, many significant economic issues have not been addressed fully. As a result, we expect that Europe will continue to face difficult economic conditions in 2014. We believe that the current economic conditions in Europe may limit our growth opportunities in the Enterprise and Application Security market, but do not expect that the economic conditions will have a significant impact on the Banking market. Should the sovereign debt issue escalate, especially to the point that a country defaults on its debt or the European Union, or Euro Monetary Union, either disbands or is re-formulated, we expect that the resulting economic difficulties would have a major negative impact on the global economy, not just the economies of Western Europe, and our business.

Cyber security: Our use of technology is increasing and is critical in three primary areas of our business:

We believe that the risks and consequences of potential incidents in each of the above areas are different.

36

Table of Contents

In the case of the information systems we use to help us run our business, we believe that an incident could disrupt our ability to take orders or deliver product to our customers, but such a delay in these activities would not have a material impact on our overall results. To minimize this risk, we actively use various forms of security and monitor the use of our systems regularly to detect potential incidents as soon as possible.

In the case of products that we have traditionally sold, we believe that the risk of a potential cyber incident is minimal. We offer our customers the ability to either create the secret numbers themselves or have us create the numbers on their behalf. When asked to create the numbers, we do so in a secure environment with limited physical access and store the numbers on a system that is not connected to any other network, including other VASCO networks, and similarly, is not connected to the internet.

In the case of our new products and services, which involve the active daily processing of the secret numbers on our servers or servers managed by others in a hosted environment, we believe a cyber incident could have a material impact on our future business. We also believe that these products may be more susceptible to cyber attacks than our traditional products since it involves the active processing of transactions using the secret numbers. While we do not have a significant amount of revenue from these products today, we believe that these products have the potential to provide substantial future growth. A cyber incident involving these products in the future could substantially impair our ability to grow the business and we could suffer significant monetary and other losses and significant reputational harm.

To minimize the risk, we review our security procedures on a regular basis. Our reviews include the processes and software programs we are currently using as well as new forms of cyber incidents and new or updated software programs that may be available in the market that would help mitigate the risk of incidents. While we do not have insurance of any kind against cyber incidents today, we would likely review insurance policies related to our new product offering in the future. Overall, we expect the cost of securing our networks will increase in future periods, whether through increased staff, systems or insurance coverage.

In July 2011, we experienced a cyber incident related to DigiNotar B.V. We expect that there are likely to be other hacking attempts intended to impede the performance of our products, disrupt our services and harm our reputation as a company, as the processes used by computer hackers to access or sabotage technology products, services and networks are rapidly evolving. As discussed above, our business could be subject to significant disruption, and we could suffer monetary and other losses and reputational harm, in the event of such incidents.

While we did not experience any cyber incident in 2013 or 2012 that had a significant impact on our business or receive any significant claims in 2013 or 2012 related to the bankruptcy of DigiNotar in 2011, it is possible that we could receive a claim or could experience an incident in 2014, which could result in unanticipated costs.

Our losses from discontinued operations resulting from the these events may be exceeded as a result of unanticipated costs associated with DigiNotar B.V.’s bankruptcy, potential claims that may arise in connection with the hacking incidents, further impairment of our investment in DigiNotar, the timeframe in which the impairment costs will be incurred or our inability to recover amounts held in escrow relating to our acquisition of DigiNotar.

See Note 3 to the financial statements for additional information associated with a cyber security incident involving DigiNotar B.V. that we experienced in July 2011. See also Part I, Item 3 - Legal Proceedings for a description of legal proceedings related to the cyber security incident in 2011.

Income Taxes: Our effective tax rate reflects our global structure related to the ownership of our intellectual property (“IP”). All our IP is owned by two subsidiaries, one in the U.S. and one in Switzerland. These two subsidiaries have entered into agreements with most of the other VASCO entities under which those

37

Table of Contents

other entities provide services to our U.S. and Swiss subsidiaries on either a percentage of revenue or on a cost plus basis or both. Under this structure, the earnings of our service provider subsidiaries are relatively constant. These service provider companies tend to be in jurisdictions with higher effective tax rates. Fluctuations in earnings tend to flow to the U.S. company and Swiss company. Earnings flowing to the U.S. company are expected to be taxed at a rate of 35% to 40%, while earnings flowing to the Swiss company are expected to be taxed at a rate ranging from 8% to 12%.

With the majority of our revenues being generated outside of the U.S., our consolidated effective tax rate is strongly influenced by the effective tax rate of our foreign operations. Changes in the effective rate related to foreign operations reflect changes in the geographic mix of where the earnings are realized and the tax rates in each of the countries in which it is earned. The statutory tax rate for the primary foreign tax jurisdictions ranges from 8% to 35%.

The geographic mix of earnings of our foreign subsidiaries will primarily depend on the level of our service provider subsidiaries’ pretax income, which is recorded as an expense by the U.S. and Swiss subsidiaries and the benefit that is realized in Switzerland through the sales of product. The level of pretax income in our service provider subsidiaries is expected to vary based on:

For items 1 and 2 above, there is a direct impact in the opposite direction on earnings of the U.S. and Swiss entities. Any change from item 3 is generally expected to result in a larger change in income in the U.S. and Swiss entities in the direction of the change (increased revenues expected to result in increased margins/pretax profits and conversely decreased revenues expected to result in decreased margins/pretax profits).

In addition to the provision of services, the intercompany agreements transfer the majority of the business risk to our U.S. and Swiss subsidiaries. As a result, the contracting subsidiaries’ pretax income is reasonably assured while the pretax income of the U.S. and Swiss subsidiaries varies directly with our overall success in the market.

Currency Fluctuations. In 2013, approximately 93% of our revenue and approximately 82% of our operating expenses were generated/incurred outside of the U.S. In 2012, approximately 93% of our revenue and approximately 81% of our operating expenses were generated/incurred outside of the U.S. As a result, changes in currency exchange rates, especially the Euro to U.S. Dollar, can have a significant impact on revenue and expenses. To minimize the net impact of currency on operating earnings, we attempt to denominate an amount of billings in a currency such that it would provide a hedge against the operating expenses being incurred in that currency. If our revenue in Europe continues as it is now, where Euro-based operating expenses exceed Euro-denominated revenues, we do not expect that we will be able to balance fully the exposures of currency exchange rates on revenue and operating expenses. In periods in which the U.S. Dollar is weakening, we expect that our operating income will increase as a result of the change in currency exchange rates. Conversely, in periods in which the U.S. Dollar is strengthening, we expect that our operating income will decrease as a result of the change in currency exchange rates.

In 2013 compared to 2012, the U.S. Dollar, on average, weakened approximately 3% against the Euro and strengthened approximately 7% against the Australian Dollar. In 2012 compared to 2011, on average, the U.S. Dollar strengthened approximately 9% against the Euro, but was essentially flat against the Australian Dollar. We estimate that the net impact of the change in currency rates in 2013 compared to 2012 resulted in an increase in revenue of approximately $708 and an increase in operating expenses of $1,280. We also estimate that the change in currency rates in 2012 compared to 2011 resulted in a decrease in revenue of approximately $4,005 and a decrease in operating expenses of $4,553.

38

Table of Contents

The financial position and the results of operations of most of our foreign subsidiaries, with the exception of our subsidiaries in Switzerland and Singapore, are measured using the local currency as the functional currency. Accordingly, assets and liabilities are translated into U.S. Dollars using current exchange rates as of the balance sheet date. Revenues and expenses are translated at average exchange rates prevailing during the year. Translation adjustments arising from differences in exchange rates generated other comprehensive income of $1,906 and $1,677 in 2013 and 2012, respectively, and a loss of $2,120 in 2011. These amounts are included as a separate component of stockholders’ equity. The functional currency for both our subsidiaries in Switzerland and Singapore is the U.S. Dollar.

Gains and losses resulting from foreign currency transactions are included in the consolidated statements of operations as other non-operating income/expense. In 2013, 2012 and 2011, we reported foreign exchange transaction losses of $624, $410 and $760, respectively.

Revenue

Revenue by Geographic Regions: We classify our sales by customers’ location in four geographic regions: 1) EMEA, which includes Europe, the Middle East and Africa; 2) the United States, which for our purposes includes sales in Canada; 3) Asia Pacific Rim; and 4) Other Countries, including Australia, Latin America and India. The breakdown of revenue in each of our major geographic areas was as follows:

2013 Compared to 2012

Total revenue in 2013 increased $1,018 (or 1%) from 2012. The increase in total revenue was primarily attributable to an increase in non-hardware products sold to the Banking market and the strengthening of the Euro as compared to the U.S. Dollar, as noted above, partially offset by a decrease in hardware products sold to the both the Banking and Enterprise and Application Security markets. Please see the discussion below under “Revenue by Target Market” for additional information regarding the changes in revenue from the Banking market and the Enterprise and Application Security market.

Revenue generated in EMEA for the full-year 2013 was $802 (or 1%) higher in 2013 than in 2012. The increase reflected an increase of approximately 2% in revenue from the Banking market partially offset by a decrease of 3% in revenue from the Enterprise and Application Security market. We estimate that the change in currency rates increased revenues in EMEA by $1,080 compared to 2012. Had currency exchange rates in 2013 remained unchanged from 2012, revenues in EMEA would have been less than 1% lower than in full-year 2012.

Revenue generated in the United States for the full-year 2013 was $638 (or 6%) higher in 2013 than in 2012. Revenue was approximately 9% higher in the Banking market, but flat in the Enterprise and Application Security market when compared to the revenue for full-year 2012. In 2013, the U.S. market continued to defer the adoption of two factor authentication for retail internet banking applications. The results in the U.S. also reflected strong competition, especially in the Enterprise and Application Security market.

39

Table of Contents

Revenue generated in Asia Pacific for the full-year 2013 was $5,427 (or 17%) lower in 2013 than in 2012. Revenue was approximately 22% lower in the Banking market and 55% higher in the Enterprise and Application Security market when compared to the revenue for full-year 2012. We believe the region offers substantial opportunities for future growth as our sales offices in Japan and Beijing mature and the two-factor authentication market expands.

Revenue generated in other countries for the full-year 2013 was $5,005 (or 33%) higher in 2013 than in 2012. Revenue in other countries was approximately 53% higher in the Banking market and 58% lower in the Enterprise and Application Security market when compared to the revenue for full-year 2012. We estimate that the change in currency rates decreased revenues in other countries by $301 compared to 2012 due in large part to the strengthening of the U.S. Dollar compared to the Australian Dollar. Had currency exchange rates in 2013 remained unchanged from 2012, revenues in other countries would have been approximately 35% higher than in full-year 2012. We expect that revenue from other countries will be more volatile than our other regions given the earlier stage of development of the authentication market in those countries. VASCO, however, plans to continue to invest in new markets based on our estimates of the market’s demand for strong user authentication.

Given the relatively small size of the revenue in regions other than EMEA, the results may vary substantially year-to-year on both an absolute and on a percentage basis depending upon the timing of the receipt and delivery of a large new order or the completion of a large rollout. We believe that the variability in results will lessen as we develop a larger base of Banking customers and further develop our distribution channel and direct touch sales model for the Enterprise and Application Security market.

2012 Compared to 2011

Total revenue in 2012 decreased $14,053 or 8% from 2011. The decrease in total revenue was primarily attributable to a decrease in hardware products sold to both the Banking and Enterprise and Application Security markets and the strengthening of the U.S. Dollar as compared to the Euro, as noted above, partially offset by an increase in non-hardware products sold to the both the Banking and Enterprise and Application Security markets.

Revenue generated in EMEA for the full-year 2012 was $16,583 (or 15%) lower in 2012 than in 2011. The decrease reflected a decrease of approximately 18% in revenue from the Banking market and a decrease of 3% in revenue from the Enterprise and Application Security markets. We estimate that the change in currency rates decreased revenues in EMEA by $3,983 compared to 2011. Had currency exchange rates in 2012 remained unchanged from 2011, revenues in EMEA would have been approximately 11% lower than in full-year 2011.

Revenue generated in the United States for the full-year 2012 was $4,882 (or 30%) lower in 2012 than in 2011. Revenue was approximately 33% lower in the Banking market and 27% lower in the Enterprise and Application Security markets than in full-year 2011.

Revenue generated in Asia Pacific for the full-year 2012 was $18,045 (or 122%) higher in 2012 than in 2011. Revenue was approximately 153% higher in the Banking market and 19% lower in the Enterprise and Application Security markets than in full-year 2011.

Revenue generated in other countries for the full-year 2012 was $10,633 (or 41%) lower in 2012 than in 2011. Revenue in other countries was approximately 48% lower in the Banking market and 61% higher in the Enterprise and Application Security markets.

Revenue by Target Market: Revenue is generated currently from two primary markets, (1) Banking and (2) Enterprise and Application Security, through the use of both direct and indirect sales channels. The Enterprise and Application Security market includes products used by employees of corporations to secure their internal networks (the Enterprise Security market) and business-to-business, business-to-consumer, e-commerce,

40

Table of Contents

e-government, e-gaming and other vertical applications (the Application Security market) that are not related to banking or finance. In addition, revenues from services-related activities, such as maintenance and support are included in the Enterprise and Application Security market. Management currently views the Enterprise and Application Security market as one market because the same products are sold using the same methods to both groups (i.e., a direct touch model and channel distribution model). Sales to the Enterprise and Application Security market are generally for smaller quantities and higher prices than sales made to the Banking market. The breakdown of revenue between the two primary markets is as follows:

2013 Compared to 2012

Revenue for the full year 2013 from the Banking market increased $2,105 (or 2%) from 2012 and revenue from the Enterprise and Application Security market decreased $1,087 or 4% in the same period.

The increase in the Banking market reflects an increase in non-hardware revenue and the benefit of currency exchange rates partially offset by a decline in revenue from hardware products. The decline in revenue from the Enterprise and Application Security market reflects a decrease in both hardware and non-hardware products sold partially offset by the benefit of currency exchange rates.

The changes in revenue in both markets reflects the transaction nature of our business where the absolute amount of revenue reported in any given period is a reflection of transactions closed in that period. Also, given the sustainable, repeatable nature of our revenue model, we believe that the growth over a longer period of time reflects the growth in our customer base, which we expect will lead to continued increases in revenues in future years, albeit with uneven growth reported annually. We expect that customers that have purchased our products in prior years will replace those products in future years for several reasons, including but not limited to;

2012 Compared to 2011

Revenue for the full year 2012 from the Banking market decreased $12,299 (or 9%) from 2011 and revenue from the Enterprise and Application Security market decreased $1,754 or 6% in the same period.

41

Table of Contents

The decrease in both the Banking and Enterprise and Application Security markets reflects a decrease in hardware products sold and a decrease in revenue resulting from the strengthening of the U.S. Dollar as compared to the Euro, as previously noted, partially offset by an increase in non-hardware related revenues in both the Banking and Enterprise and Application Security markets.

Gross Profit

2013 Compared to 2012

Consolidated gross profit for 2013 was $99,871, an increase of $306, or less than 1%, from the $99,565 reported for 2012. Gross profit as a percentage of revenue (“gross profit margin”) was 64% in 2013 compared to 65% in 2012. The decrease in the gross profit margin was primarily attributable to the following factors:

partially offset by

Gross margin on product sold reflects the specific mix of product and quantities sold in each period. As the size of deals increase, the gross margin generally declines. For 2013, gross margin from product sold in the Banking market was approximately 2.1 percentage points lower than in 2012. Gross margins from product sold in the Enterprise and Application Security market was approximately 0.2 percentage points higher in 2013 compared to 2012.

42

Table of Contents

We experienced an increase in the gross profit margin in 2013 due to an increase in non-hardware related revenues. Non-hardware revenue as a percentage of total revenue was approximately 28% in 2013 compared to 24% in 2012. The amount of non-hardware revenue increased by approximately 15% in 2013 compared to 2012. Non-hardware revenue can have a gross profit margin that is approximately 20 to 30 percentage points higher than hardware-related revenue, depending on the model and quantity of the hardware units sold.

We monitor our inventory levels on a regular basis and write down the value of selected inventory items to their expected net realizable value when it appears that the value of the item may not be realized through the ultimate sale of a finished product. The total amount of the inventory write down was approximately $1,095 for the full-year 2013 compared to $2,176 for full-year 2012. Going forward, we believe that similar adjustments may be needed reflecting the risk associated with making estimates of future demand and buying inventory to meet that demand on a recurring basis.

The cost of shipping our products to customers was lower in 2013 than in 2012. We continue to work with our customers to plan deliveries in such a way that we can minimize our freight costs, typically by using a non-expedited shipment process such as by sea rather than by air. We estimate that the reduction in shipping costs increased our gross margin as a percent of revenue by approximately 0.4 percentage points.

Changes in currency exchange rates had a positive impact on our gross profit margins in 2013. The majority of our inventory purchases are denominated in U.S. Dollars. As previously noted, our sales are denominated in various currencies, including the Euro and Australian Dollar. As the U.S. Dollar strengthened in 2013 when compared to the Euro in 2012, revenue as measured in U.S. Dollars increased from sales made in Euros, without a corresponding decrease in cost of goods sold. The impact from changes in currency rates, as noted above, is estimated to have increased revenue and gross margin by approximately $708 for the full year 2013. Had the currency rates in 2013 been equal to the rates in 2012, the gross profit margin would have been approximately 0.2 percentage points lower for the year ended December 31, 2013.

2012 Compared to 2011

Consolidated gross profit for 2012 was $99,565, a decrease of $8,547, or 8%, from the $108,112 reported for 2011. Gross profit as a percentage of revenue (“gross profit margin”) was 65% in 2012 compared to 64% in 2011. The increase in the gross profit margin was primarily attributable to the following factors:

partially offset by

We experienced an increase in the gross profit margin from non-hardware related revenues generated in both the Banking and the Enterprise and Application Security markets. Non-hardware revenue as a percentage of total revenue was approximately 24% in 2012 compared to 21% in 2011. The amount of non-hardware revenue increased by approximately 4% in 2012 compared to 2011. Non-hardware revenue can have a gross profit margin that is approximately 20 to 30 percentage points higher than hardware-related revenue, depending on the model and quantity of the hardware units sold.

43

Table of Contents

Card readers represented 14% of our total revenue in 2012 as compared to 19% of our total revenue in 2011. Card readers generally have a gross profit margin that is approximately 25 to 35 percentage points lower than other hardware-related margins, due to competitive pricing pressures. There are a number of competitors in the EMV market that produce card reader products with fewer features at a lower cost than our products.

The cost of shipping our products to customers was lower in 2012 than in 2011. In the first half of 2011, we incurred increased costs associated with shipping our products on an expedited basis to ensure that we met our delivery commitments to customers. As we worked through 2011, we reduced the number of expedited shipments to a more normalized level and maintained that program throughout 2012. We estimate that the reduction in shipping costs increased our gross margin as a percent of revenue by approximately 1.9 percentage points.

We monitor our inventory levels on a quarterly basis and write down the value of selected inventory items to their expected net realizable value when it appears that the value of the item may not be realized through the ultimate sale of a finished product. The total amount of the inventory write down was approximately $2,176 for the full-year 2012 compared to $1,558 for full-year 2011. Going forward, we believe that similar adjustments may be needed reflecting the risk associated with making estimates of future demand and buying inventory to meet that demand on a recurring basis.

Changes in currency exchange rates had a negative impact on our gross profit margins in 2012. The majority of our inventory purchases are denominated in U.S. Dollars. As previously noted, our sales are denominated in various currencies, including the Euro and Australian Dollar. As the U.S. Dollar strengthened in 2012 when compared to the Euro in 2011, revenue as measured in U.S. Dollars decreased from sales made in Euros, without a corresponding decrease in cost of goods sold. The impact from changes in currency rates, as noted above, is estimated to have decreased revenue by approximately $4,405 for the full year 2012. Had the currency rates in 2012 been equal to the rates in 2011, the gross profit margin would have been approximately 0.9 percentage points higher for the year ended December 31, 2012.

Operating Expenses

Our operating expenses are generally based on anticipated revenue levels and the majority of such expenses are fixed over short periods of time. As a result, small variations in the amount of revenue recognized in any given period could cause significant variations in the period-to-period comparisons of either the absolute amounts of operating income or operating income as a percentage of revenue. There are three primary factors that impact our operating expenses: our headcount levels, our stock-based incentive plan compensation expenses and the impact of changes in foreign exchange rates.

Generally, the most significant factor driving our operating expenses is our headcount. Direct compensation and benefit plan expenses generally represent between 55% and 65% of our operating expenses. In addition, a number of other expense categories are directly related to headcount. We attempt to manage our headcount within the context of the economic environments in which we operate and the investments that we believe we need to make to help ensure that our infrastructure is able to support future growth and ensure that our products are competitive. The headcount from continuing operations for 2010 through 2013 is recapped in the following table:

44

Table of Contents

In 2013, we increased our headcount, primarily in Sales and Marketing (“S&M”) in large part to focus on sales to into the Enterprise and Application Security market with a particular emphasis on our services platform. In addition, we announced the closure of our research and development facility in Brisbane, Australia as part of our effort to consolidate our research and development resources and improve efficiency. For 2014, we have made some additional staff reductions and, while we do not have plans to make any significant changes in our headcount, we plan to monitor our staffing levels in relation to our performance.

The comparison of operating expenses in both 2013 to 2012 and 2012 to 2011 were impacted by adjustments to our stock-based incentive plan compensation expenses. Stock-based incentive plan compensation expenses generally relate to stock-based, long-term performance incentives. For the full year of 2013, operating expenses included $2,587 of expense related to long-term incentive plans compared to expense of $3,726 in 2012 and expense of $6,117 in 2011.

In 2013, 2012 and 2011, we recorded adjustments to the accrual each year for such plans based on management’s determination of whether it was probable that the performance criteria for each plan outstanding at the end of each period would be met. With the shortfall to our performance targets in both 2013 and 2012, we did not record any costs associated with long-term, performance-based incentives awards in either year. With our strong performance in 2011, we achieved the performance targets that had been set in the 2009 plan awards for which management had determined in the fourth quarter of 2010, and maintained such determination through the end of the third quarter 2011, that it was improbable that we would meet the targets. As a result of achieving the targets, expense increased by $2,493 in the fourth quarter of 2011.

Sales and Marketing Expenses

2013 Compared to 2012

Consolidated sales and marketing expenses for the year ended December 31, 2013 were $40,323, an increase of $2,555, or 7%, from $37,768 reported for 2012. This increase in sales and marketing expenses primarily relates to:

partially offset by

We estimate that the sales and marketing expenses increased approximately $738 in 2013 primarily as a result of the strengthening of the Euro to the U.S. Dollar.

Our average full year headcount increased 9% in 2013 compared to 2012. The average full-time sales, marketing and operations employee headcount was 187 in 2013 compared to 171 in 2012. At year-end 2013, 2012 and 2011, the company employed 193, 172 and 167 sales, marketing and operations employees, respectively.

2012 Compared to 2011

Consolidated sales and marketing expenses for the year ended December 31, 2012 were $37,768, a decrease of $2,526, or 6%, from $40,294 reported for 2011. This decrease in sales and marketing expenses primarily relates to:

45

Table of Contents

Our average full year headcount was essentially flat in 2012 compared to 2011.

Research and Development Expenses

2013 Compared to 2012

Consolidated research and development costs for the year ended December 31, 2013 were $21,315, an increase of $2,521, or 13%, from the $18,794 reported for 2012. The increase in research and development was primarily attributable to:

partially offset by

We estimate that the research and development expenses increased approximately $264 in 2013 primarily as a result of the strengthening of the Euro to the U.S. Dollar.

The average research and development headcount increased approximately 4% to 145 in 2013 from 140 in 2012. At year-end 2013, 2012 and 2011, the company employed 143, 143 and 136 research and development employees, respectively. The reduction in headcount related to the closure of the Brisbane, Australia research and development facility offset by increases in staff in other locations and research and development staff at Cronto, acquired in May 2013.

2012 Compared to 2011

Consolidated research and development costs for the year ended December 31, 2012 were $18,794, an increase of $158, or 1%, from the $18,636 reported for 2011. The increase in research and development was primarily attributable to:

partially offset by

The average research and development headcount increased approximately 10% to 140 in 2012 from 128 in 2011.

General and Administrative Expenses

2013 Compared to 2012

Consolidated general and administrative expenses for the year ended December 31, 2013 were $21,196, an increase of $1,125 or 6%, from the $20,071 reported for 2012. The increase in general and administrative expense was primarily attributable to:

46

Table of Contents

partially offset by

We estimate that the research and development expenses increased approximately $278 in 2013 primarily as a result of the strengthening of the Euro to the U.S. Dollar.

The average full-time general and administrative employee headcount increased approximately 5% to 59 persons in 2013 from 56 persons in 2012. At year-end 2013, 2012 and 2011, the company employed 60, 59 and 55 general and administrative employees, respectively.

2012 Compared to 2011

Consolidated general and administrative expenses for the year ended December 31, 2012 were $20,071, a decrease of $2,379 or 11%, from the $22,450 reported for 2011. The decrease in general and administrative expense was primarily attributable to:

The average full-time general and administrative employee headcount was flat with 56 persons in 2012 and 2011.

Amortization Expense

2013 Compared to 2012

Amortization expense for 2013 was $3,325, an increase of $1,420 or 75% from $1,905 reported for 2012. The increase was primarily related to the amortization of intangible assets associated with our acquisition of Cronto. in May 2013.

2012 Compared to 2011

Amortization expense for 2012 was $1,905, a decrease of $62 or 3% from $1,967 reported for 2011. The decrease was primarily due to the impact of changes in foreign exchange rates.

Interest Income, Net

2013 Compared to 2012

Consolidated net interest income was $162 in 2013 compared to $261 in 2012. The decrease in net interest income reflected a decrease in the average return on invested balances partially offset by an increase in the average net cash balance. Our return on average net cash balances was 0.2% in 2013 compared to 0.3% in 2012. Average net cash balances were $97,327 in 2013, an increase of $4,586 or 5% from $92,741 in 2012. We expect that the rates of return on invested cash will continue to be minimal in 2014.

2012 Compared to 2011

Consolidated net interest income was $261 in 2012 compared to $543 in 2011. The decrease in net interest income reflected a decrease in the average return on invested balances partially offset by an increase in the average net cash balance. Our return on average net cash balances was 0.3% in 2012 compared to 0.7% in 2011. Average net cash balances were $92,741 in 2012, an increase of $10,366 or 13% from $82,375 in 2011.

47

Table of Contents

Other Income (Expense), net

2013 Compared to 2012

Other income (expense), net in 2013 primarily included exchange gains (losses) on transactions that are denominated in currencies other than a subsidiary’s functional currency and subsidies received from foreign governments related to increasing trade in other countries or increasing spending on research and development. Other income was $240 in 2013 compared to $409 in 2012. The decrease in other income primarily reflects an increase in exchange losses. Exchange losses were $624 in 2013 compared to exchange losses of $410 in 2012.

2012 Compared to 2011

Other income (expense), net in 2012 primarily included exchange gains (losses) on transactions that are denominated in currencies other than a subsidiary’s functional currency and subsidies received from foreign governments related to increasing trade in other countries or increasing spending on research and development. Other income was $409 in 2012 compared to $500 in 2011. The decrease in other income primarily reflects a decline in government subsidies partially offset by a decrease in exchange losses. Exchange losses were $410 in 2012 compared to exchange losses of $760 in 2011.

Income Taxes

2013 Compared to 2012

Income tax expense for 2013 was $3,147, compared to $5,468 in 2012. The effective tax rate in 2013 was 22%, a decrease of 3 percentage points from 25% in 2012. The decrease in the rate in 2013 is primarily attributable to the fact that final payments were made by our Swiss and U.S. companies to purchase intellectual property from our other subsidiaries in 2012. As a result, income in higher tax foreign countries was lower in 2013 than in 2012.

2012 Compared to 2011

Income tax expense for 2012 was $5,468, compared to $1,557 in 2011. The effective tax rate in 2012 was 25%, an increase of 19 percentage points from 6% in 2011. The increase in the rate in 2012 is primarily attributable to the fact that 2011 included a significant benefit from the use of net operating loss carryforwards in the U.S., including the reversal of a valuation allowance related to the use of remaining U.S. net operating loss carryforwards in future years. The effective tax rate also increased slightly in 2012 as a result of having a higher percentage of our earnings subject to tax at the U.S. rate, which increases our overall effective tax rate.

Foreign Tax Credit and Loss Carryforwards Available

At December 31, 2013, we had foreign tax credit carryforwards of $5,058. Foreign tax credits of $944 expire in 2015 and the remaining $4,114 expire in 2023. We have not provided a valuation reserve for the foreign tax credits because we believe that it is more likely than not that they will be realized.

At December 31, 2013, we also had foreign NOL carryforwards of $5,093 and other foreign deductible carryforwards of $3,898. The foreign NOL carryforwards have no expiration dates and the other deductible carryforwards expire from 2016 to 2020. At December 31, 2013, we had a valuation allowance of $2,399 for certain foreign deferred tax assets. The reduction in the valuation allowance would decrease income tax expense in the period it is reduced. See Note 7 to the consolidated financial statements for more information on tax loss carryforwards.

48

Table of Contents

Income/Loss from Discontinued Operations

We had income from discontinued operations of $180 in 2013 compared to a loss of $630 for the full-year 2012. The income reported in 2013 reflected a change in the estimated cost to settle certain liabilities accrued in previous periods. Losses in 2012 primarily reflect the ongoing legal and other third party costs associated with the bankruptcy of DigiNotar in 2011.

Note 3 of the consolidated financial statements contains additional information about the discontinued operations. See Part 1, Item 1A – Risk Factors and Part 1, Item 3 - Legal Proceedings for additional information related to DigiNotar B.V.