OneSpan Inc. (OSPN): 5 FORCES Analysis [Nov-2025 Updated]

You're looking at OneSpan Inc.'s strategic pivot hard into a software-centric model, and honestly, the near-term risks to hitting that $\text{239 million}$ to $\text{241 million}$ revenue guidance for 2025 are mapped out clearly by Porter's Five Forces. We see high customer power from the world's biggest banks, intense rivalry against giants like DocuSign and Microsoft, and a moderate threat from new tech substitutes, all while the company tries to solidify its low supplier power thanks to the shift away from hardware. Still, understanding where the pressure points are-from customer leverage to competitive heat-is key to judging if this strategy pays off, so stick with me below for the full breakdown.

OneSpan Inc. (OSPN) - Porter's Five Forces: Bargaining power of suppliers

You're looking at OneSpan Inc.'s supplier power, and honestly, the story here is one of deliberate strategic migration, which is actively weakening supplier leverage. The biggest factor driving this down is the clear shift to a software-as-a-service (SaaS) model. For the full fiscal year 2025, OneSpan Inc. projects total revenue in the range of $239 million to $241 million. Crucially, the guidance shows Software and services revenue is expected to be $190 million to $192 million, representing a growth of 3% to 4%.

This software focus means that the portion of the business reliant on physical component suppliers is shrinking fast. The legacy hardware side, which includes the declining Digipass business, is guided to bring in only $49 million to $50 million for 2025, which is a projected 16% decline from 2024. This transition means software and services now make up over 80% of the business, naturally reducing the overall impact of hardware supply chain volatility on the consolidated financials. In Q3 2025, subscription revenue itself grew 12%, showing the stickier, less hardware-dependent revenue is accelerating.

When we look at the remaining hardware sourcing, OneSpan Inc. has historically managed this by multi-sourcing key components for its physical tokens. The company's 2025 10-K filing noted component costs and availability for the Digipass business as a risk factor, but the ongoing pivot minimizes the financial sting of any single supplier issue. The ability to shift away from physical goods to cloud infrastructure also provides significant leverage against traditional hardware suppliers.

For the software side, OneSpan Inc. uses major cloud providers, which inherently limits single-vendor lock-in. While the company hasn't publicly detailed its exact split, the market context shows robust competition among hyperscalers. In Q2 2025, Amazon Web Services (AWS) held 30% of the global cloud infrastructure share, while Microsoft Azure held 20%. This competitive landscape means OneSpan Inc. can negotiate favorable terms or easily shift workloads between these giants, keeping supplier power in check for its cloud-based delivery.

Also, OneSpan Inc. is strategically investing to bring capabilities in-house, which directly counters reliance on third-party intelligence vendors. On October 6, 2025, OneSpan Inc. announced a strategic investment in ThreatFabric. ThreatFabric is already trusted by financial institutions globally and protects over 60 million banking customers. This move allows OneSpan Inc. to integrate mobile threat intelligence and malware risk detection directly, reducing the need to purchase these specific services from external providers. Here's the quick math: by bringing this advanced capability closer, they are building a more self-sufficient fraud analytics stack, which is a clear action to suppress supplier power in that intelligence vertical.

Here is a summary of the key data points influencing supplier power:

The bargaining power of suppliers for OneSpan Inc. is decidedly low because the company is actively engineering its business away from high-risk physical supply chains and toward scalable, multi-sourced cloud platforms. You should watch the Cost of Revenue line in the next 10-K to see the tangible benefit of this pivot on gross margins, which were reported at 73.87% (LTM Q3 2025).

The key supplier dynamics can be summarized as follows:

• SaaS shift reduces reliance on physical component vendors.
• Cloud usage leverages competition between AWS and Azure.
• Strategic investment in ThreatFabric lessens third-party intelligence spend.
• Legacy hardware revenue is projected to fall by 16% in 2025.

Finance: draft the Q4 2025 COGS forecast incorporating the $49M-$50M hardware revenue guidance by next Tuesday.

OneSpan Inc. (OSPN) - Porter's Five Forces: Bargaining power of customers

You're looking at OneSpan Inc.'s customer power, and honestly, it's a classic case of a few very large, very smart buyers holding significant sway. When your client list includes the majority of the world's financial heavyweights, you have to respect their negotiating position.

The power here stems directly from the sophistication and volume of these anchor clients. These aren't small regional credit unions; we're talking about the global systemically important banks. They understand security protocols inside and out, and they buy in massive quantities, which naturally gives them leverage when discussing pricing or service level agreements. It's defintely a relationship built on deep trust, but also on constant price pressure.

Here's the quick math on where the revenue is coming from geographically as of the third quarter of 2025, which shows a relatively balanced, though Americas-heavy, exposure:

This geographic spread helps OneSpan Inc. diversify single-region customer risk, which is a mitigating factor against any one major bank's decision to switch or reduce spend. Still, the concentration risk remains high because the type of customer is so critical.

The leverage these customers wield is cemented by the sheer depth of integration. OneSpan Inc. processes billions of multi-factor authentication transactions and millions of digital agreements annually for these clients. Their security and e-signature solutions aren't just bolted on; they're woven into the core operational fabric of these banks. If a major institution decided to walk away, the cost and operational risk of ripping out and replacing those deeply embedded security and workflow systems would be enormous, which is the definition of high switching costs for the buyer.

Consider the revenue model shift. By the end of Q3 2025, OneSpan Inc. was projecting its full-year software and services revenue to land between $190 million and $192 million, with hardware now representing less than 20% of the total business. This move to a subscription (ARR) model, which hit $180.2 million at the end of Q3 2025, means the customer relationship is long-term and mission-critical, but it also means the initial implementation and integration-the high switching cost barrier-is the key lock-in mechanism.

The power dynamic is characterized by a few key realities for OneSpan Inc.:

• Trusted by over 60% of the world's 100 largest banks.
• Solutions are deeply integrated into core banking processes.
• High volume of transactions processed annually (billions of MFA transactions).
• Net Retention Rate (NRR) was 103% in Q3 2025, suggesting existing customers are expanding, but this doesn't negate initial pricing power.
• Q3 2025 total revenue was $57.1 million, meaning a single large client represents a material portion of that figure.

OneSpan Inc. (OSPN) - Porter's Five Forces: Competitive rivalry

You're looking at a market where OneSpan Inc. (OSPN) is fighting for every dollar against established giants and focused pure-plays. The competitive rivalry here is defintely at the highest level across both of its core business areas: advanced authentication and digital agreements.

In the authentication space, the pressure comes from massive technology players and specialized security firms. For instance, in the Multi-Factor Authentication (MFA) space, alternatives to OneSpan Inc.'s mobile authenticator include platforms like Microsoft Entra ID, alongside others such as Cisco Duo and Google Authenticator. OneSpan Inc. is pushing its high-assurance angle hard; its Digipass® FX1 was named Multifactor Solution of the Year in the 2025 CyberSecurity Breakthrough Awards Program, which speaks directly to its focus on phishing-resistant, passwordless security. Still, competing against the scale of a firm like Microsoft is a constant headwind.

The Digital Agreements segment faces a similarly fierce rivalry. Market leaders like DocuSign eSignature and Adobe Sign (Acrobat Sign) command significant mindshare and market presence. To illustrate the segment dynamics, OneSpan Inc.'s Digital Agreements revenue for Q3 2025 was $16.7 million, showing a 9% year-over-year increase. This growth is happening while the Security Solutions revenue, which includes authentication, was $40.3 million, a 1% year-over-year decrease. The company is clearly leaning into software, with Annual Recurring Revenue (ARR) growing 10% year-over-year to $180.2 million as of Q3 2025, showing that the software-focused part of the business-now over 80% of the overall business-is where the momentum is.

Here's a quick look at how OneSpan Inc. stacks up against key rivals in its two main battlegrounds:

The company's primary differentiator against broader competitors is its unwavering focus on high-assurance, financial-grade security. This specialization allows OneSpan Inc. to target regulated industries where compliance and tamper-sealing documents after signing are non-negotiable requirements. Despite this intense competitive pressure, the company managed to post a GAAP Net income for Q3 2025 of $6.5 million, compared to $8.3 million in the prior year period. Also, the Non-GAAP net income was $12.9 million, or $0.33 per diluted share, beating analyst expectations of $0.29 per share. Honestly, maintaining profitability while transitioning the business model and fighting giants is a significant operational feat.

You can see the competitive intensity reflected in the financial results:

• Total Revenue for Q3 2025 was $57.1 million, a modest 1% increase YoY.
• Operating income decreased 27% YoY to $8.2 million.
• Annual Recurring Revenue (ARR) growth was strong at 10% YoY, reaching $180.2 million.
• Net Retention Rate (NRR) stood at 103%.

Finance: draft 13-week cash view by Friday.

OneSpan Inc. (OSPN) - Porter's Five Forces: Threat of substitutes

The threat of substitutes for OneSpan Inc. (OSPN) is assessed as Moderate to High, driven by the rapid technological shifts occurring within the digital identity and authentication space. You see this pressure from multiple angles, from basic, low-cost options to entirely new architectural standards.

Basic, less secure substitutes like SMS-based multi-factor authentication (MFA) remain a significant, cheaper alternative for some use cases. Data from late 2025 shows that SMS-based time-based one-time passwords (TOTPs) are still widely used, with 55.96% of surveyed respondents relying on them. Email TOTPs are also common at 51.38%. This reliance on telephony-based methods presents a substitution risk because they are vulnerable to attacks like SIM-swapping, which OneSpan Inc. (OSPN) customers, especially large banks, are actively trying to mitigate.

The industry-wide move to phishing-resistant, passwordless authentication, specifically FIDO/passkeys, represents a major substitution threat to older MFA models. OneSpan Inc. (OSPN) addressed this directly by acquiring Nok Nok Labs in June 2025, integrating their FIDO expertise to offer a comprehensive, standards-based platform. The momentum is clear: the 2025 FIDO Alliance Report indicated that 48% of the top 100 websites offered passkeys as a login method.

Here's a quick look at how the adoption of older and newer authentication factors stack up based on recent surveys:

The emergence of Decentralized Identity (DID) and Continuous Authorization standards poses a longer-term, high-impact substitution risk to centralized identity models. The DID market is expanding rapidly, valued at USD 4.89 billion in 2025 and projected to hit USD 41.73 billion by 2030. This growth is fueled by regulatory mandates and enterprise digitization. Large enterprises, which are key OneSpan Inc. (OSPN) customers, already controlled a significant portion of this market, with figures around 67.88% in 2024. Furthermore, over 60% of large businesses are expected to use at least one Privacy-Enhancing Technology (PET) solution by the end of 2025.

The threat is also present from large, sophisticated buyers developing their own solutions. You must consider that large banks, which represent a core customer base for OneSpan Inc. (OSPN) (serving over 60% of the top 100 globally), possess the capital and technical staff to develop proprietary, in-house digital agreement and authentication platforms. This insourcing risk is always present when a vendor's solution becomes commoditized or when a client needs deep, unique integration.

The substitution landscape is characterized by several key trends you need to track:

• Passkeys are reportedly four times faster than OTP-based logins.
• The DID market is forecast to grow at a 53.48% CAGR through 2030.
• OneSpan Inc. (OSPN) processes billions of MFA transactions annually across 100+ countries.
• The technology industry leads MFA adoption at 87%.
• The acquisition of Nok Nok Labs immediately bolstered OneSpan Inc. (OSPN)'s FIDO capabilities.

OneSpan Inc. (OSPN) - Porter's Five Forces: Threat of new entrants

You're looking at the barriers to entry for OneSpan Inc. (OSPN), and honestly, the threat from brand-new competitors is generally kept in the low to moderate range. This isn't because the market is small; the global Fintech industry was valued at $226.71 billion in 2024. Instead, the threat is muted by significant, almost insurmountable, hurdles specific to high-security financial enterprise software.

The regulatory and compliance landscape acts as a massive gatekeeper. For any new entrant targeting US government or highly regulated financial institutions, achieving certifications like FedRAMP (Federal Risk and Authorization Management Program) is a major deterrent. The initial professional services costs alone can run between $250,000 to $750,000. If you factor in the initial Third-Party Assessment Organization (3PAO) fees, which can be $100,000 to $300,000, a startup could easily spend between $500,000 to $1,000,000 just to get through the door. Plus, maintaining that status isn't cheap, with ongoing annual costs for continuous monitoring potentially hitting $100,000 to $400,000.

Also, building the necessary trust and brand reputation with global blue-chip banks isn't something you can buy with a big funding round; it takes decades. Banks, which are among the most trusted financial institutions globally, are inherently cautious. They are increasingly reliant on third parties, but 83% of global banks report difficulties aligning their security measures with new technology adoption. A single breach can cause 62% of customers to lose confidence. New entrants must overcome this deep-seated skepticism, which is compounded by the fact that 47% of US consumers still worry about data security when using Fintech apps.

The required investment in research and development (R&D) is substantial, signaling a high capital barrier. OneSpan Inc. itself spent $61.7 million on R&D in 2022 [cite: provided in prompt]. To give you a more recent snapshot of ongoing investment, the Digital Agreements segment alone recorded $3.6 million in R&D expenses over the first six months of 2025. You can't compete in advanced security without continuous, heavy spending on innovation, especially with threats like AI-generated fraud surging.

The capital required to scale a global sales and support network for enterprise software is a defintely high barrier, especially when combined with the compliance costs mentioned above. Selling complex, mission-critical security software requires a highly specialized, global enterprise sales force and 24/7 support infrastructure. This capital intensity means a new entrant needs deep pockets just to build the necessary operational footprint to serve multinational clients, long before they see meaningful returns. Here's a quick look at some of the financial commitments that deter new players:

The complexity of the security landscape itself creates operational barriers that new firms struggle to meet quickly. New entrants must demonstrate capability against sophisticated attacks:

• Biometric verification is the most attacked stage for three in ten financial institutions.
• Fraud prevention is a top priority for 71% of banks.
• Banks report 140% higher investment in cybersecurity over the last two years on average.

Finance: draft a sensitivity analysis on the impact of a $1 million compliance cost on a Series A startup's runway by Monday.