E-bike leasing test: Whoever leases a bicycle or e-bike inevitably discloses sensitive data - and it is not entirely unlikely that this will be tapped and misused. Velomotion asked how the big leasing providers deal with data security.
Facebook, Google, Instagram, WhatsApp, Telekom - sooner or later almost every large and small tech company has to deal with a data leak or even a data scandal. Associated with this: enormous loss of customer confidence, loss of sales and, as a rule, official penalties.
To get straight to the point: No company in the world is absolutely safe from an attack involving data theft, but modern companies can effectively arm themselves. Above all, however, they should be realistic enough to recognize their own shortcomings and to protect themselves against them.
E-bike leasing providers collect sensitive personal data
What does all this have to do with the ideal world of bicycles? In connection with the recent boom in e-bikes and high-quality bicycles, the number of leased bicycles and e-bikes in Germany has also exploded. Leasing providers collect consumer data. In addition to the personal standard data, this is also sensitive information, because the leasing usually runs through the employer and his human resources department. So it quickly comes down to such personal things as salary, health insurance, creditworthiness, etc.
Installing a virus scanner or setting up a firewall around company computers is by no means sufficient to minimize risks. Perpetrators and motives are as varied as they are diverse: both external perpetrators and the company's own employees are responsible for espionage, vandalism, sabotage or extortion. Whereby the latter usually do not do this intentionally - mostly they act out of negligence or ignorance, or they are tricked. In order to prevent such attacks, the administrators of sensitive customer data - and that means all leasing providers - have to protect themselves systematically. In addition to security functions firmly anchored in IT, this also includes internal rules of conduct for handling customer data.
Strict rules of conduct apply to handling customer data
Internet companies, especially those that collect sensitive customer data, therefore regularly subject their platforms to so-called stress or penetration tests. Of course, these tests themselves are some of the most sensitive internal data for each company, and we don't expect trade secrets to be leaked to us. Nevertheless, we wanted to know from the leading leasing providers whether - and if so, to what extent - they are active in protecting customer data and being able to guarantee its security as best as possible.
We asked the bike leasing providers who are also represented in our comparative overview from spring. (Link to the article) A new addition is the provider Companybike, whose offer will also be included in the updated leasing comparison in spring 2021.
Eurorad passes the toughest, certified stress test
We were allowed to look behind the scenes at Eurorad-Leasing – an insider's view that is not so common, and which also showed a touch of pride. The Eurorad portal passed a new, DAkkS-certified penetration test in July 2020. To our knowledge, this is the highest award for data security that a web portal can receive. DAkkS is the national accreditation body of the Federal Republic of Germany, which is exclusively subject to federal supervision.
At Eurorad, the protection of customer-related data is the top priority, which is why we consciously decided to use the most stringent, Dakks-certified penetration test - as far as we know - in order to be able to react immediately to possible security gaps".
Franz Tepe, Managing Director of Eurorad
As part of this penetration test, which is available to the Velomotion editorial team, attacks on Eurorad's so-called company bike tool and customer data were simulated and repelled.
As mentioned above, even global mega-corporations are not immune to successful data theft and hacker attacks. With this research, we want to sensitize our readers as well as employees and employers to handle their data carefully. Regardless of whether this is with the leasing order in the bike shop or with the administration of the data in a leasing portal. If in doubt, it is better to rely on a provider such as Eurorad (or one of the other widespread providers in our overview), which is known to put great emphasis on data security.
According to their own statements, the providers Lease A Bike, BusinessBike, Bikeleasing-Service and Company Bike carry out stress and penetration tests that are intended to reveal security gaps. The sensitive handling of personal data in accordance with the GDPR is also guaranteed.
Delayed statement from Jobrad on the subject of data security for e-bike leasing
Unfortunately, we received a late answer on the subject of data security (after the original version of this article was published) at our request from Jobrad. We didn't want to imagine that what is probably the largest leasing provider could falter in this task. The biggest players in their industry are often a preferred target, as the history of the most spectacular data scandals teaches us again and again.
This is how Jobrad Managing Director Holger Tumat comments on our request: “We work successfully with some of the largest corporations. Since customers of this size place the highest demands on data security standards, we have been conducting penetration tests and data protection audits for years; this also includes the strict regulations of the Federal Financial Supervisory Authority (BAFIN).”