Build38 brings new investors on board and gets three million euros funding in its Pre-Series A round

Build38 brings new investors on board and gets three million euros funding in its Pre-Series A round

Pushing the growth story further with fresh capital

Munich, Münster, Barcelona, January 12, 2021 – Two years after its foundation and many successfully implemented projects, Build38 is ready for the next growth step. The provider of mobile app security solutions has succeeded in closing its Pre-Series-A funding round with two new investors. This brings the number of Build38's institutional backers to three. In addition to G+D Ventures, which originally joined as a seed investor, Caixa Capital Risc and eCAPITAL ENTREPRENEURIAL PARTNERS are now also part of the team and co-led the round. With the capital received, the expansion into further markets is to be driven forward and the multi-layer security framework is to be further developed with AI functions.

In the first two years of its existence, Build38 has succeeded in concluding several long-term contracts worth several million euros from key industries like automotive, transit, e-identity, digital healthcare and financial services. Apps include digital car keys, mobile ticketing, SoftPOS and government-approved mobile IDs, which Build38 protects. To address even more markets and application scenarios in the future, the company has embarked on a search for funding partners.

eCAPITAL is a venture capital firm that provides early to growth stage funding to technology companies in the fields of software & information technology, cybersecurity, industry 4.0, new materials and cleantech. eCAPITAL joining as a shareholder validates Build38’s solution offering, value proposition and market. Caixa Capital Risc, being one of the leading VCs in Spain backs early-stage tech B2B SaaS companies, focus on deep tech theme, and predominantly invests in Spanish and Portuguese technology companies. Build38 has an office in the city of Barcelona where a significant part of their development and operations are hosted and Caixa Capital Risc will work closely with the team to help growing and bringing business in Southern European markets.

Investment in Product and Market Growth

The financial injection from the two new investors will be used in Europe and Asia to expand the capabilities of the Security Solution and Mobile Fraud Protection with additional AI functions. In this way, it should be possible in the future not only to protect apps from potential attacks and threats, but also to predict when they might occur. Furthermore, an expansion of the business development team in Europe and Asia is planned. In addition, new fields and channels will be developed in the currently existing regions to expand the partner network.

"We are happy to have two such experienced investors newly on our side, who trust in our solution and our chosen course," says Dr. Christian Schläger, CEO of Build38. "With their support, we are able to further advance our security framework, tackle new markets, and expand our team and network. Although 2020 has been full of challenges, we have taken the opportunity to explore our market and growth strategies, and have started to identify and build the appropriate sales channels. Following on from this, we have already succeeded in establishing long-term customer relationships and generating business. Giesecke+Devrient - our existing investor and important customer and reseller in Europe and Asia - has been a major support in this. This development gives us a positive start to 2021 with a clear focus on the growth of the Software-as-a-Service (SaaS) business."

Growth market “Mobile Security”

In the previous year, it was possible to observe how strongly companies expanded and increasingly used mobile channels. More and more consumers are interacting digitally with service providers - mainly via mobile apps. This general trend was accelerated by the pandemic situation. At the same time, however, attacks on Apps and mobile commerce increased at an above-average rate. This trend brings with it numerous challenges in terms of security and fraud. Build38 can help service providers and their solution providers bring innovative, fraud-proof services that comply with security and privacy regulations to market in the shortest possible time and with a optimal return on investment. With its SaaS offering, Build38 ensures that customers and partners always receive continuous customer service and benefit from enhancements and updates throughout the product lifecycle.

Roma Jelinskaite, Principal at Caixa Capital Risc and member of the Build38 Advisory Board, says about the investment: “Cybersecurity is the present and the future of mobile application development. We are incredibly excited to back the entire Build38 team as they take on this hard-to-solve problem. Build38 develops cybersecurity services that bring the magic of complete mobile application protection solution with full visibility to security teams. Moreover, as they are constantly under immense pressure of cyberattacks becoming more sophisticated and volume grows exponentially.“

Dirk Seewald, Partner at eCAPITAL and member of the Build38 Advisory Board, adds: „Mobile-first is a wave that comes with tremendous challenges securing the mobile itself, the app, digital valuables and personal data in the app as well as the backend processing infrastructure. There is no easier way than integrating the Build38 solution into mobile developers‘ and providers‘ systems to integrate a powerful cyber security architecture with just a few keystrokes. We very much look forward to becoming part of the Build38 success story and to work with a highly experienced team building the next mobile security category leader.“





MineSec and Build38 enter a partnership to bring SoftPOS to the masses

MineSec and Build38 enter a partnership to bring SoftPOS to the masses

The collaboration is focused in contributing to increase the acceptance of Contactless Payments through the use of standard mobile phones, enabling small retailers and independent providers of services to accept contactless payments without additional hardware costs. 

Accepting contactless payments from a standard phone at retail shops is becoming essential as social-distancing measures are enforced

Singapore, 22nd December 2020. MineSec, the Asian provider of the white-label SoftPOS solutions MineHades and MineZeus that allow Payment Services Providers and Acquirers to personalize and brand their own SoftPOS offering, is entering an agreement with Build38 to use its leading Mobile App Security Protection and Monitoring offering to secure their SoftPOS solution. In a nutshell, SoftPOS solutions are Apps that are downloaded from an App Store, e.g. Google Play, into a COTS (Commercially off-the-Shelf, that is, a regular phone as most end-users have) and, once activated and enrolled it can be used for accepting Contactless Payments through the NFC interface of the phone. Naturally, there are some requirements that the device has to meet, like supporting NFC, and some of those requirements are related to the security environment present on the device. As the devices process the payment transaction locally, there must be enough protections to guarantee that the transaction can not be compromised.

There are several specifications for the SoftPOS (sometimes known as well as mPOS, for Mobile POS, or Tap-to-Phone) but the one that will define the future of the industry is the PCI CPoC Specification. In its first release, it already defines the security and functional requirements for a solution to be compliant and accept contactless payments from a COTS Phone performed by a customer using a Contactless Credit Card or Mobile Pay on phone, e.g. Apple Pay. The joint effort by MineSec and Build38 will streamline the development and roll-out of CPoC compliant SoftPOS services by Payment Service Providers, Acquirers and, in general, any Fintech or retailer, in the shortest time-to-market and with the widest support possible.

Though the specifics of the agreement remain confidential, the collaboration comprises technical and commercial terms that will enable both companies to become lead players in this space. In particular for Build38, this further validates the mechanisms for mobile App Protection and Monitoring, like re-packaging protection, device attestation, root, emulator and hooking detection as well as the continuous monitoring of the installed base from their cloud service. Now, the SoftPOS use-case is an additional step forward in the broadening of the use-cases enabled by its solution and services, that already cover Transit Ticketing, Digital Identity and mID, Automotive and Mobile Banking. The ultimate goal for Build38 is to facilitate Service Providers of critical mobility solutions, like MineSec, to meet all the regulatory and industry security requirements in the shortest time-to-market and keeping them updated continuously through the lifetime of the Service. In this sense, keeping the solution and service updated to the latest security threats as well as the latest developments in mobile OS capabilities and device updates, is a critical part of the value provided.

Stay tuned for upcoming news in this space and, if you want to know more about Build38 and MineSec and how we can help you streamline the launch SoftPOS services, contact us here.

Shift Left Security

Shift Left Security – Learn about this critical trend that will remain

Shift Left Security – a trend that will remain

Traditionally, organizations focus their security efforts near the end of a development and release cycle. While this can ensure that the rest of the software achieves a certain level of stability, high risks and vulnerabilities remain.
Shift Left Security is a remedy to this problem: Implement security as early as possible in your software development cycle (hence called “left”) and do it right from start. It spares you the headache and saves a lot of often unconsidered cost after the app has been released. It is the most important cornerstone of your solution for the digital world.

Shift Right: Dealing with security near the end of the development is not an option anymore

As a mobile app (or solution) moves through the different steps of conception, design, development, build, test and finally upload to the app store, adding security was often merely considered as last step. On top of that, additional development time and costs occur. Sad to say, sometimes security has just been put aside to meet time to market requirements.
There are plenty of examples where security has been introduced at the last stage of a project, means keeping security rather to the right. This has a tremendous negative impact on your project: Immediately with the release of the app also the risks and vulnerabilities are published. They are found by security researchers or hackers. In best case feedback is given to the developers and in the worst-case the knowledge is misused. In the latter case compliance violations and reputational damage may happen instantaneously – no pre-warning will be given!

Shift Left Security Economics – the importance of it!

Shift Left Security is economically driven by analysis of the software development processes and maintenance phase afterwards. Fixing issues after releasing the mobile app is about 20 times more expensive as if the problem would have been recognized and solved already during the definition phase of the project. That is merely the development side of costs as a study (Japers Jones, A short history of the cost per defect metric, 2013) shows.
Often unconsidered, forgotten or excluded from those cost discussions is financial impact of a security breach: consequential damages, cyber-attack (and recovery) costs and litigation costs. When considering those costs as well, a later study (Capers Jones, Achieving Software Excellence, v7, 2016) shows that poor quality software may be up to 2000 times more expensive than investing in high quality software right from the beginning. In this example cyber-attack costs contribute to around 45% of negligence in software quality.
The essence of all this: We need to focus on good software and on building good solutions, rather than finding fraud afterwards and spending money on mitigation measures. Shift-Left Security means: the earlier you do it right, the less cost you have afterwards.

Security winners focus on best practices

Shift Left Security is such a best practice. In your software development life cycle (SDLC), you must think about architecture and a secure design already at a very early stage. Secure design should include doing threat modeling, which helps you defining the base line and assessing the required security controls.
“Security can be achieved only when it has been designed in. Applying security measures as an afterthought is a recipe for disaster” („The Six Pillars of DevSecOps: Automation”, 2020), said the CSA (Cloud Security Alliance) about securing design. A very valid comment for any software development project.
As Build38 CEO Christian Schläger put it in a recent PwC interview: “So rather than mopping up the floor afterwards and spending SOC resources and plenty of analysts’ hours on forensics, I would like to see more quality software and solutions that can’t be hacked that easily anymore.”
In a nutshell: finding out what happened to a mobile app after it has already been released is simply too late: More money is spent on fixing, re-testing, and releasing the app again!

Shift Left Security – do it right, from start!

Shift Left Security is the new paradigm and your best investment protection scheme you can have. It helps you to save money throughout the whole lifecycle of a mobile app. It also supports you to reconsider how, where, and when security should be embedded into your app project.
Shift Left Security is also a crucial part of your considerations to become compliant: to eIDAS regulation, to the upcoming Medical Device Regulation (MDR) in 2021, to DiGA regulation, to PSD2, etc. It is about putting security controls into action.
Build38 gives you all the means to start with Shift Left Security now: We deliver you the most comprehensive security suite for Android and iOS, and give you the solution which is fastest to integrate on the market. Additionally, we support you in identifying the security relevant topics, give advice how to design security controls the right way and what to consider.


Curious now? Then contact Us and be part of the “Shift Left Security” movement!

Build38 wins the PwC Award for the “Best Cybersecurity Solution of the Year 2020"

T.A.K Client prevails against 25 cybersecurity solutions

Munich, November 5th – Build38 wins the PwC-Award for the best cybersecurity solution of the year. As part of the digital event, the German provider was able to prevail against 25 international security start-ups with its Mobile App and Fraud Protection solution T.A.K Client.

This year's PwC Luxembourg Cybersecurity DayS (October 26-29, 2020), which was attended by experts from all over Europe, focused on the topics IT security and digital trust. The main focus was on the importance of cybersecurity as an integral part of business strategies.

Various awards were provided during the event, including for the best cybersecurity solution of the year. In this category, 25 international start-ups received a nomination, of which only five companies – especially from the Mobile and Endpoint Security sectors - were shortlisted. These five companies were invited to an on-site pitching contest.

Munich start-up Build38 takes the lead

The jury consisted of venture capitalists, incubators and security experts. Build38 finally convinced in the live pitch with its Mobile App and Fraud Protection solution T.A.K (Trusted Application Kit). Various aspects contributed to the decision:

  • mature product with an established customer base,
  • particularly resource-saving support of mobile business processes,
  • variety of functions,
  • advanced development status of the solution.

„Despite the difficulties caused by Covid-19, the organizer mastered the challenge of creating an interesting and well-organized digital event“, says Christoph Brecht, VP Sales at Build38. „We are grateful for the award, which once again confirms that security for mobile apps is becoming increasingly important."

With its security solution Build38 prevents the manipulation of customer data in apps, ensures their integrity and thus reliably protects companies and their customers from cyber criminals.

PwC-Award Cybersecurity-Solution of the Year
Christoph Brecht, VP Sales at Build38, & Koen Maris,
Cybersecurity Leader, PwC Luxembourg

Contactless Payment, Part 2: Drives business and requires the right security!

In the first part of this blog series, we have already informed you that there is a strong trend towards cashless and especially contactless payment. Payment via smartphone is also becoming increasingly important. The SPoC and CPoC standards provided by the PCI play an important role here.

PCI SPoC and CPoC – what is this all about?

SPoC (Software-based PIN Entry on COTS) is – simply spoken – the software-based PIN Entry standard from PCI for mobile devices, in combination with a Secure Card Reader for PIN which is an extra piece of hardware, connected to the mobile device, e.g. by Bluetooth.

CPoC (Contactless Payments on COTS) is the second and more recent standard which makes accepting contactless payments even simpler. The NFC capability transforms mobile devices into a contactless payment reader.

Common to both standards are the mobile card reader app, the attestation and monitoring services. All of it just for upholding a high level of security and trust. Of course, besides that typical payment related services are part of the backend.

What role does Build38 play in this?

Build38 fulfills the strictest security requirements mandated by PCI:

  • Ensuring the app is running in a secure environment (and only there)
  • Obfuscation
  • Anti-repackaging technology
  • Secure PIN entry
  • Mitigation of detected threats already on the mobile device, etc.

On top of that Build38 provides the required attestation component which acts as verifier to determine the current security state of the app. It delivers additional security signals into the monitoring system which detects, alerts, and mitigates suspected or actual threats and attacks.

PCI security requirements can be overwhelming with all its complexities, yet there is nothing to be afraid of!

You understand payments at your best, and Build38 masters your mobile security!

At Build38 we believe that in a changing digital landscape, the app security is not a luxury. It is a necessity. Your developers should focus on what they are best at: delivering business value and world-class payment apps, while Build38 provides mobile app security. Build38’s Trusted Application Kit (T.A.K) is a highly secure, holistic and easy to integrate mobile app security framework.

It all starts with better understanding your mobile risks.

Get to know where you stand today!
Strengthen your policies and compliance posture!
Explore your options and get the right solution!


Contact us and launch your own CPoC or SPoC solution faster in the market!

Contactless Payment, Part 1: The smartphone and App replace the card reader

Cashless payments are more popular than ever. This trend was also accelerated in particular by Covid-19. In Germany, for example, an increase of 20 % was recorded in the first half of 2020. Every second payment was even made contactless.[1] Nevertheless, there is still some catching up to do in Germany compared to other countries that already have a higher rate of cashless payments.

In addition to the “classic” variant of cashless payment via bank card, contactless payment via smartphone is also becoming increasingly popular across Europe. As a recent survey shows, around 12 % of the Europeans surveyed already prefer paying by smartphone.[2]

Contactless payments will gain further momentum

With contactless payment, the card is held against a card reader at checkout and does not need to be inserted anymore. For small amounts it is even not necessary to enter the PIN. In view of the pandemic retailers have been encouraging customers to pay in this way to avoid contact and a possible infection.

With contactless payment by smartphone, the app on the smartphone replaces the bank card. For further strong growth two requirements will play an important role:

  • Retailers, small merchants, market, and street vendors must be enabled to accept mobile payments, without the need to invest in traditional card readers.
  • Mobile payment for small sums must be supported, as demanded by customers.

At this point the question arises as to how the first requirement can be implemented in an affordable and simple way.

PCI standards are paving the way

The PCI Security Standards Council (PCI SSC), founded 2006 by American Express, Visa, MasterCard, among others, is a “global forum that brings together payments industry stakeholders to develop and drive adoption of data security standards and resources for safe payments worldwide”. They are the governing body for payment standardization, technical requirements, and certification of payment solutions.

PCI has already recognized that contactless payment must be available for everyone, means by using the smartphone or tablet, which PCI calls in their own language a COTS (commercial off-the-shelf) device. Therefore, two standards are available now: the SPoC (Software-based PIN Entry on COTS) and the CPoC (Contactless Payments on COTS) standard.


Learn more about these standards and how Build38 can ensure the security of payment apps in our next blog post.




Participation at the Black Hat Asia 2020 conference by our APAC Managing Director

During the Black Hat Asia 2020 event, held between September 29th and October 2nd and that happened virtually this year due to the global COVID19 situation, there was a session where a panel of Singapore entrepreneurs discussed about the challenges that start-ups in the Cyber Security space have to face these days. Titled "Hunting Cheese in Pandemic Pandemonium" the discussion versed around the changes that different founders had to introduce in their companies and go-to-market in order to navigate the situation as best as possible. Inspired by the 90s’ business classic “Who Moved My Cheese?”, ICE71 partnered with Black Hat Asia to bring this live panel – where Cyber Security start-up leaders will come together to discuss how agile start-ups can strengthen or reposition themselves to add value during these times of change.

Build38 Managing Director in Asia-Pacific, Pedro Hernandez, was invited to take part as a member of ICE71 Scale Programme. He shared several perspectives on how Build38 has gone through the Pandemic situation and highlighting three different levels:

A first operation level where we had to adapt to the work-from-home policy, as it has become the norm, and the practical impossibility to travel for business in the South-East Asia region for several months. A second tactical level where marketing has been moved from physical events and trade shows to the digital space, through webinars and digital marketing campaigns. A third one, at the strategic level, where the overall plans and go-to-market had to be fine-tuned for the new situation that impacts some of the growth planning decisions.

Particularly,  Pedro shared his view how Build38 has shifted the client communication from achieving strategic goals (like preserving brand reputation and avoiding long term risks), to more tactical and short-term goals (like quicker time to market, reduced investment, and optimised resources).

More information can be found at this post from ICE71.

Build38 is selected for the participation in the Swiss KICKSTART program 2020 edition

Build38 was selected after various rounds of pitching and presenting to be part of the 2020 cohort of the renowned Swiss accelerator program KICKSTART. This is for me a great honor but even more a great opportunity to conquer the Swiss market and show industry leaders like AXA, Mobiliar, Swisscom, PostFinance and others what Build38 and its Application Kit and Threat Insights can do.

Having worked for years in Switzerland I know that the entry barrier in such a mature market that values privacy and security tremendously high is hard. Your solution must be groomed to the needs of the Financial Service Industry of the country and then is ready to scale externally as well.

KICKSTART is different to other accelerators as it values PoCs and Co-Development above anything else. For us having a leading technology already a great way to extend services and build the envisioned platform for secure and easy-to-use app development further.

Needless to say, we are going to Zurich fully motivated and teaming tech and business development to get the most out of the program for us and the partners.

While myself and Joaquin did the pitching and started the program, Christoph and Marc will also take part and extend the local / virtual team.

Bear with us for news on features and use cases coming out of these labs!

Build38 a CyberTech100 Company: The most innovative Cyber companies for Financial Services

Build38 is proud to be part of the #CyberTech100 for 2020, the 100 innovative companies that every financial institution needs to know about when they consider and develop their information security and financial crime fighting strategies. We were chosen by a panel of industry experts and analysts who reviewed a study of over 1,000 CyberTech companies undertaken by FinTech Global, a data and research firm.

We feel pretty honoured and look forward to continue working with Financial Institutions, Fintechs and other Financial Services providers so they can #buildonBuild38 and deliver the best in class mobile services with total peace of mind.

As explained in the Press Release by FinTech Global, the world’s most innovative providers of digital solutions helping financial services firms fight off cyber attacks and protect their data were named today on the CyberTech100 list.

CyberTech is one of the fastest growing sectors within the FinTech industry, with FinTech Global data showing investment in the space has grown 14x since 2014 to reach $3.4bn last year.

That surge in activity comes as financial services firms are increasingly moving towards digital operations and expanding their security budgets. According to a study by, finance and insurance firms increased their spending on cybersecurity by 23% YoY in 2019.

Given the huge rise in appetite for the sector, the CyberTech100 was produced to identify the 100 innovative companies that every financial institution needs to know about when they consider and develop their information security and financial crime fighting strategies.

The solution providers making the final list were recognized for their innovative use of technology to solve a significant industry problem, or to generate cost savings or efficiency improvements across the security value chain

FinTech Global director Richard Sachar said, "Established financial institutions need to be aware of the latest security technology in the market to protect their organizations from data leaks and cyber attacks.

"The CyberTech100 list helps senior management filter through all the vendors in the market by highlighting the leading companies in sectors such as Threat Management, Data Governance, Cloud Security, Employee Risk and Fraud Prevention,” he added.

A full list of the CyberTech100 can be found at More detailed information about the companies is available to download for free on the website.


Risk-free Healthcare Mobility: Understand mobile risks, enhance security, and master it

Healthcare providers, healthcare delivery organizations (HDO) and healthcare professionals (HCP) increasingly use mobile applications (“apps”). Mobile apps empower them to effectively optimize communication among patients, healthcare providers and their care givers. They also deliver better outcomes: Allow the monitoring of patient’s conditions around the clock, the personalization of their healthcare and improve the accuracy of diagnostics and treatments. Furthermore, organizations using apps are incentivized with lower costs in workflow management.
Providers leverage mobile apps to achieve those goals, but ultimately, they are also fully responsible to manage access to vital healthcare data without compromising data security.

38% already suffered a mobile security compromise

According to Verizon’s Mobile Security Index (MSI) 2020 report, mobile security compromises are at an all-time high now in the healthcare industry. 38% of those surveyed suffered a mobile security compromise. That is a staggering year-over-year increase of 52% (MSI 2019: “only” 25% were compromised)!

The same study also says that healthcare organizations are worried:

  • 88% said that they are concerned that the highly confidential nature of patient data makes them a target for cybercriminals.
  • 85% said they feared that a security compromise could seriously compromise patient care.

Indeed, that fear of personal or medical data being compromised is not unfounded. The Verizon’s Data Breach Investigations Report 2020 states that in case of an attack

  • 77% of personal data and
  • 67% of medical data

are compromised.

Your call for action:
Understand mobile risks, enhance security, and master healthcare mobility

At Build38 we believe that in a changing digital landscape, app security is not a luxury. It is a necessity. Your developers should focus on what they are best at: delivering business value and world-class Healthcare apps, while Build38 provides mobile app security. Build38’s Trusted Application Kit (T.A.K) is a highly secure, holistic and easy to integrate mobile app security framework.

It all starts with better understanding your mobile risks. Get to know where you stand today. Strengthen your policies and compliance posture. Explore your options and get the right solution.

Contact us! Simply write us an email or visit our website