EN
Start your free Trial!

Data Security - the data vault at DATEV

At wealthpilot, your data security is our top priority!

All your client’s assets data is stored in a high-security data centre at DATEV. 
The sovereignty over the data always remains with them - end user.

Security and Trust pave the way for a higher acceptance level and usability of the wealthpilot platform - and so maximum benefit for your advisory service. 

We host at DATEV

Data Security Expert

Our data security expert Christof Dallermassl ensures that security is maintained at all times.

He is one of the world's most sought-after experts, working to prevent cybercrime for many years now, and also giving lectures at several European institutions on this topic.

In an interview below, he explains how wealthpilot sets its standards in data security.

Read more >

Security and Trust through modern Technology and Transparency

  • Security Client Financial Advisor
    • Sensitive data is transmitted encrypted and stored
    • Unauthorized use of customer data excluded
  • Security Database Data vault at DATEV
    • ISO-27001 certified banking data center
    • Your data is encrypted and secured by certificate pinning
  • Security Smartphone End User's Data Sovereignty
    • The data sovereignty lies exclusively with you as an end user
    • Make assets visible to your advisor via one-click
  • Server

    Hosting at DATEV

    ISO-27001 certified high security data center

    Data is encrypted and "salted" on server

  • Interfaces

    All data transfers takes place exclusively in encrypted form - HTTPS (data in transfer)

    Additionally secured by certificate pinning

  • Client

    State-of-the-art client technology secures your data during transfer

    Sensitive (Access-) data is never sent to the client 

  • Data Sovereignty

    All data authorization remains with the end user

    No unauthorized use of user data by wealthpilot

  • Hacker Protection

    Key to decrypt the database is in a separate system

    Modular software architecture and security frameworks guarantee a very high security standard, against hackers' attacks

Data security is particularly important in the financial service sector, as its highly sensitive data and misuse can lead to financial loss. At wealthpilot, data security is a top priority and is ensured by a variety of mechanisms. 


The Chief Security Officer responsible for this is Christof Dallermassl.
In the following interview, he addresses some questions about the security of our software.

* * *

Mr. Dallermassl, you are giving a lecture in Belarus on behalf of the European Security and Defense College (ESDC), a key player in the civil and military fields of training under the European Security and Defense Policy. What is the content of your presentation?

Christof Dallermassl: Yes, I hold international awareness training courses on behalf of the European Security and Defense College (ESDC). This means that I share knowledge with civil and military decision-makers about how hackers think and act, and thus creating bigger awareness of threats posed by cybercrime. My goal is to strengthen the community against all kinds of cyberattacks by imparting knowledge and raising awareness.


Data Security has not only been an issue since the recent scandals. How long have you been involved in information security?

I have always been interested in cyber security. In over ten years of professional practice, I have gained a lot of experience in the field of data security. At my last employer, I was responsible for the software product used to manage the intellectual property of multiple large enterprises. If you imagine that this data represents the "Holy Grail" of a company and that a security gap could mean a worst-case scenario, you have an idea on how high the requirements for data security were.


"Even NSA can’t access our data."

In relation to wealthpilot: How do you ensure data security here?

We rely on encryption! Every data transfer is encrypted by us. In such a way that nobody can read it, not even NSA. The assets themselves are also coded. No hacker can see who has what or how much. By the way, not just only hackers, but also all our employees - they cannot read the information either. In addition to encryption, we use many other security systems. For example, we "salt" passwords, meaning that we extend them so that they cannot be cracked even if a password database is used. Or we use the so-called Certificate Pinning, a system that always clarifies in advance whether the person requesting the data is really who they claim to be, and not a hacker.

Another point is that we assign completely anonymous usernames - consisting of letters and numbers, when registering someone to the wealthpilot software. This may be a bit annoying for some advisors and their clients because it’s not as easy to remember as your own email address, but in this way we ensure that no one can draw any conclusions about the owner of the data. But we don’t publish all our security-related methods on the website. After all, we don’t want to give hackers anything to work with…



But what if someone, for example from a relevant department of a financial institution, wants more information??

Then, of course, we will be happy to provide more detailed information. We have drawn up an internal document that describes our internal security processes in more detail for interested parties or security experts in banks and savings banks. This document is available on request. If there are still open questions or concerns, I am available to meet our customers personally.


Could a hacker, who gains access to wealthpilot's data, use it to withdraw money from clients' accounts?

No! We have read-only functionality for the accounts and deposits. No write functionality. In addition, since PSD2 you always need a two-factor-authorization of transactions and only the client has access here.


"Our security standard is rated A+ and therefore absolutely top class."

How is the security standard at wealthpilot determined? Are you certified externally?

As a company, we have been registered with BaFin as an account information service (KID - Kontoinformationsdienstleister) since last year. As already mentioned, no transactions can be executed technically via our interfaces. This is also part of the KID registration, as otherwise registration for the payment initiation service would be required. We host the data at DATEV, which has been managing sensitive data for over 40,000 members since 1966, mainly from the tax and auditing sectors. DATEV's data center also complies with ISO-27001 standard - a globally recognized IT security standard and has an up-to-date data protection seal of approval. Our clients' data is stored there, in our so-called "data vault".

There are also independent providers who check the security standards of software and award grades according to a rating system. We achieved a rating of A+ there. That is absolutely top class!


(Laughs) That reminds me of the rating for government bonds. Are there any other parallels with the financial sector? Emotions play a significant role in the markets.

Yes. Security has a lot to do with trust. We create this trust by adhering to the latest security standards and continuously developing them. But also, through good communication with the clients, for example in the form of more detailed information, which we can provide, as just mentioned.


How can someone contact you if they have any questions?

If you have any questions about how wealthpilot can help you to manage your data securely, our Support Team is the first point of contact. Simply send an email to support@wealthpilot.de and we will answer all your questions, within a maximum of four hours. For more detailed data security questions, I’m available to answer them personally - my email address is c.dallermassl@wealthpilot.de.



* * *

Want to know more?

In our blog article Data Security Tips for Your Home Office by our data security expert Christof Dallermassl, you can learn how you can protect yourself effectively with a few simple measures, while working remotely.

Did we catch your interest?
Call us on +49 89-80911920
or

Start Free Trial
  • Logo – Bayerisches Staatsministerium für Wirtschaft, Landesentwicklung und Energie
  • Logo – Bundesministerium für Wirtschaft und Energie
  • Logo – exist
  • Logo – ESF
  • Logo – EU
  • Logo – Zusammen. Zukunft. Gestalten.