Day: May 3, 2022

The flip side of having too much of what customers do not want is having too little of what they do want.

It looks to HPS as if there is an imbalance in current finished goods inventory. Even if the energy crisis drives gas prices up so high that it triggers another so called “bike boom,” and consumer demand for bicycles surges again, there does not appear to be sufficient balance to the inventory, up and down the product categories and price points, to meet that demand if it does materialize. I will add that HPS currently gives this possibility a low probability.

Nor is there a steady flow of product from the supply chain to reliably meet a return to lower pre-pandemic demand because of component availability, shifts in consumer preferences, and the inventory already in the hands of wholesalers, brands and retailers. HPS currently believes this has a high probability.

From what HPS has gleaned from the marketplace, wholesale bicycle and e-bike unit inventory has increased anywhere from 40 to 43-percent during the first four months of this year while consumer demand has declined.

CHART A

Chart A is from Bloomberg and shows overall U.S. companies increasing inventories in late 2021 to get around supply chain delays, and to be able to meet what was perceived as consumer demand during the holidays and going into 2022. Available NPD data generally-shows the same trend for the American bicycle and e-bike business.

This should not come as a surprise. We have been reporting this inventory build in the NBDA Supply Chain Nightmare webinars in October and December, and again in February and early April of this year. Recordings of these webinars are available from www.nbda.com.

We also have reported that as brands and retailers switched to just-in-case (JIC) inventory management, consumers held back, and consumer demand for bicycles and e-bikes began to recede. Again, available NPD data generally shows the same trends for regular bicycles, while dollar value shows an increase in e-bikes. We don’t disagree that dollars show an increase in e-bikes, but do advise that both units and dollars have to be analyzed, as well as the combined units and dollars for regular bicycles and e-bikes, to measure both inventory and retail sales to consumers.

We have also pointed out during the four NBDA Supply Chain Nightmare webinars that the supply of bicycles and e-bikes will increase even as demand weakens because of what is in transit.  

Today, some 60 ships with imports from Asia, including bicycles and e-bikes, are waiting to be unloaded at the ports of Los Angeles and Long Beach, according to the Marine Exchange of Southern California. This represents “floating inventory,” and while vessels are down from the January peak of 109, the current number of container ships waiting to get into the two ports are still about triple the pre-pandemic norm.

CHART B

Chart B, also from Bloomberg, shows the rapid decline in consumer sentiment as inflation rates increased during the last quarter of 2021 and the first four-months of this year, corresponding to the reports HPS has conveyed of declining bike shop consumer traffic during the four NBDA webinars previously referenced.

What the NBDA has recognized with its Bicycle Buying Consumer Research Study is that households also hold excess inventories. While shifting to shopping and buying online while staying at home during the pandemic, Americans bought lots of bicycles, e-bikes, exercise equipment, televisions, computer games, furniture and kitchen appliances. That pushed up spending on durable goods 18% last year. It will be years before those goods wear out, and the NBDA has asked consumers who bought bicycles and b-bikes during the pandemic what their purchasing intentions are in the future.

Meanwhile, the American bicycle and e-bike business needs to prepare and plan for the up-side and down-side of profit-killing markdowns as businesses work off excess inventories, as in turn the U.S. economy contracts in the face of inflationary pressure.

CHART C

Chart C, the final chart from Bloomberg, shows the reason for this article. On April 28 the U.S. economy contracted for the first time since the pandemic began during the first quarter of 2020.

Some economists attribute this “surprise shrinkage” in the economy, at least in part, to the beginning of liquidation of bloated inventories held by manufacturers, assemblers, wholesalers, and retailers in the U.S. They also predict that this inventory liquidation has only just begun.

And, the U.S. bicycle and e-bike business still has to deal with lead times for name brand components. I just looked at the latest lead times for Shimano, and their order book is sold out into 2023, as has been reported in the trade press. This has created a problem in the supply of up-market bicycles and e-bikes for the U.S. market, and is just one of the “imbalances” we are referencing that are creating shortage of some models of some brands in the face of “bloated” finished goods inventories in the supply chain.

It seems to boil down to that if demand surges for bicycles and e-bikes, there will not be enough of what consumers want. If there is no surge, but a return to lower pre-pandemic demand, there will be too much inventory, but still not enough of what consumers demand.

While the situation may change, it appears that the American bicycle business will be in a constant state of disruption and turmoil in 2022 and probably into 2023.

As always, feel free to contact me with your comments and questions: jay@jayhumanpoweredsolutions.com.

This past month has seen a flurry of articles in both trade and consumer publications about lithium-ion battery fires and standards for “bicycles” as defined by the U.S. Consumer Product Safety Commission (CPSC).

Feedback about last month’s article discussing the definition of a bicycle was well received, with some concern expressed about the status of electric bicycles with performance specifications that are not within the language of the CPSC’s 16 CFR Part 1512.2.

We recommend that any questions about the definition of a bicycle be directed to the CPSC Office of Compliance and Field Operations: https://www.cpsc.gov/About-CPSC/Division-of-Field-Operations or you can call 1-301-504-7520.

The May 2022 print issue of Bicycle Retailer and Industry News (BRAIN) contains a cover story with the headline: “E-bike regulation discussion captures industry’s attention” that jumps to page 21 and a whole page with this quote: “That was a rather sobering discussion for probably 50% of the people in that room,” attributed to an industry attorney who sat in on the session, which was the closing presentation of the March 21-23 PeopleForBikes Bicycle Leadership Conference.

The author of the article, Steve Frothingham writes that it was “…not the flashiest or the best attended” but “…was the most sobering 60 minutes of the two-day conference.”

On April 26, several days before I received the May issue of BRAIN, an article titled: “Approximately none of the recent ‘e-bike fires’ in New York involved an e-bike” was posted on the BRAIN website.

I personally believe this headline is an example of poor journalism, and while I hold both the editor and managing editors of BRAIN in high regard, I don’t think this is an example of either their normal or best work.

With that said, this article does give clear and immediate direction to American bike shops. Larry Pizzi is the co-chair of the PeopleForBikes Electric Bicycle Subcommittee and chief commercial officer of Alta Cycling Group. He is quoted throughout the article including this: “Pizzi suggests that retailers and consumers only buy e-bikes that have been certified by third-party testing labs, to the UL standard or other relevant standards, followed by “All they (retailers) have to do is ask the brand to provide proof of the testing.”

There are two standards applicable to e-bikes as defined in Section 1512.2, covered in detail in last month’s article that you will find posted on the HPS website: https://humanpoweredsolutions.com/2022/04/11/what-is-the-definition-of-a-bicyclewhy-does-it-matter/

The first is the mandatory CPSC Requirements for Bicycles. The required third-party testing must be done by a CPSC-approved laboratory. The details of this mandatory testing are well established, and the brands, importers and domestic manufacturers and assemblers are aware they:

1. Must produce a General Certificate of Conformity (GCC), or if the bicycle is designed and intended for use by a child 12 years of age or younger, a Children’s Certificate of Conformity (CPC), and

2. The GCC or CPC must accompany the product or product shipment and be furnished to each distributor or retailer.
These requirements can be satisfied by either providing an actual hard copy or provided electronically.

While the frequency of mandatory testing is subject to interpretation by CPSC, it is generally accepted by the brands we have talked to as being annual, or with each model year, and is for each model type, again subject to interpretation by CPSC.

The point is that brands doing business with American bike shops have established third party testing and certification in place as standard operating procedure for all bicycles including the non-electric systems of e-bikes, as defined by Section 1512.2.

The second is the voluntary Underwriter Laboratory UL 2849 which PeopleForBikes helped develop through the participation of Trek, Bosch and SRAM, and promoted through a YouTube video in May 2020. This voluntary standard covers both Canada and the United States, and was promulgated to the global industry in January 2020.

UL 2849 – Standard for electrical systems for e-bikes, covers safety requirements of e-bikes powered by lithium or other rechargeable battery. It provides requirements with respect to the following:

• The electrical drive train system
• The battery system
• The charger system combination
• Interconnecting wiring
• E-bike power inlet

Third party testing and certification is conducted according to UL protocols by UL or accredited UL testing laboratories, most of which are also approved by the CPSC. Many brands we have talked to are having their e-bike products third party tested and certified by the same CPSC-UL approved lab located in China or Taiwan.

We are confident that the brands listed as having joined the PeopleForBikes lithium-ion battery recycling program are aware of the above, and have  been since 2020.

HPS has a link to the YouTube video of the PeopleForBikes May 2020 webinar introducing and explaining UL 2849, and you can access it here: https://www.youtube.com/watch?v=yVicfT4X1Dk

Accordingly, bike shops should take immediate action to follow the direction given in the April 26 BRAIN article: “…that retailers and consumers only buy e-bikes that have been certified by third-party testing labs, to the UL standard or other relevant standards,” and that bike shops also take immediate action to ask the brands they do business with to provide proof of the third party testing of all “bicycles.”

If you have questions or comments, please contact me: jay@humanpoweredsolutions.com.

The initial article in this series dealt with systems used by your business and who should have what kind of access. In most cases, access is granted by the system administrator and conferred by a password. This makes password discipline an important component of your data security.

This discussion on password discipline does not mean your company won’t have a systems breach or that data will not be exposed. However, password security and protocol is a good first-line defense and hopefully you will find some best practices in this article you can incorporate in your business.

Is password security a big deal? Yes, it is. How passwords are created is a key to greater systems security. In a major systems hack in 2020, over 32 million passwords were compromised.  Around 1% (320,000) of the passwords were “123456.” The next most commonly used password was “12345” followed by “11111”, “qwerty” and “abc123.”

In 2021 there were 1,862 data breaches, according to CNET. There were also 2,690 ransomware attacks. Both of these numbers represent double digit percentage increases from the previous year. They also represent only the attacks that were reported. It is not unusual for companies to not publicly report a hack or ransomware attack to lessen any panic or embarrassment.

When you or your employees create passwords, there should be a format so you don’t end up with the type of passwords shown above. Passwords should never use personal information such as the user’s name, age, birth date, pet’s name or anything else that might be found on-line.

Passwords should include a combination of letters, upper and lower case, numbers and characters. That may seem like common sense, but people don’t want to have to remember complex passwords or forget them if they don’t use them every day. Strong passwords can be easy to remember but hard to guess. A couple of examples; Iam:)2b29 (I am happy to be 29) and 2B-or-Not_2b (to be or not to be).

Another security protocol is passwords should not be reused. Users, in an attempt to remember passwords for multiple systems, will use the same password for each system, e-mail, social media, payroll, accounting, POS and more. Two recent breaches revealed a password reuse rate of 31% among victims. Reusing passwords is bad enough when someone outside your business is trying to get access to your data, but also presents a significant and often overlooked risk internally.

Passwords should not only be system specific, but individual specific too. Being able to see who logs into systems used by your business allows for audit if data goes missing or is compromised. Like so many other threats to your business, bad actors are not always external, so being able to track internal data access is important.

How often should passwords be changed? The thinking on that is evolving. It was originally recommended changing a password every three months. That recommendation made sense initially, but thinking has changed somewhat. A cyber security consultant at intrust IT told Business Insider, “Unless you become aware of a password breach, there is no need to change your passwords regularly if each is a strong, unique password” (emphasis mine). So should you regularly force password changes or not?

The emphasis above about a strong and unique password cannot be overstated. Let’s start with some best practices for strong passwords.

Never reveal your password to others. This may seem logical, but many times employees share a password in an attempt to simplify system use and in a misguided sense of efficiency. Employees may feel they have been denied access to some systems to which they should have access to do their job, or that management made a “wrong” decision. A way to do that is using a password from someone who does have access.

Use different passwords for different accounts/systems. This may also seem logical, but as noted above employees will move towards what is easier for them. Many times that manifests itself by using one password for all systems.  

Length trumps complexity. The longer the password, the more difficult it is to crack. Is the extra digit a capital letter? Lower case letter? Number? Special character? A brute force attack against a 6-digit password would take around 22 hours, an 8-digit password 46 hours, and for a 10-digit password an average 2 years.

Complexity still counts. Use a combination of upper and lower case letters, numbers and characters. A gibberish (y_?\E4Dj) password is better than one actually made up of words. Note the sample here and the two examples given earlier.
  
The question remains, should you change your passwords regularly? The answer comes back to how strong and unique are the passwords being used. Obviously you can police your own passwords, establishing protocols for your employees, and inspection. This will insure they too will create strong passwords.   

If you think one of your systems has been compromised, you should change your passwords immediately. When an employee leaves, you should change your passwords. While it may seem the parting was on good terms, things change. Just because you think an employee leaving was to go back to school, a better job or a relocation, doesn’t automatically make it so.

Something could change and that “friendly” parting might change, so why take the risk. The former employee may end up working at a competitor and decide getting a list of your customers, your inventory or profit margins would make them more valuable. Of course, something more sinister might happen,  so protecting your data is always the best thing.

Earlier this article mentioned hacks and ransomware attacks. Both are targeted at your business data, but with slightly different purposes. If your systems get hacked, it may be to get a look at and/or copy some of your business data. Hackers could look at your customer credit card numbers, phone numbers, addresses and more. They could look at the financial information about your business like bank account numbers and personal information on your employees. This information may be sold and/or used to steal identities and cause significant problems for you, your customers and employees.   

A ransomware attack also targets your business data. Instead of just looking at the business data, a ransomware attack will encrypt your data or make it unusable to you. The endgame is to get your business to pay a ransom for a key to unlock your data. Most ransoms are requested in a crypto-currency in return for an electronic key.

Either of these attacks should be reported to the authorities to allow tracking and hopefully keep this from happening to someone else. It also allows the opportunity to alert customers their information has been compromised and to quickly make changes and look for fraudulent charges.

As mentioned earlier, password security is a big deal. I’ve touched on two external threats but there are others both external and internal.  In a future article, I’ll address those and how and where you can back-up your data to minimize those threats. 

Thoughts? Contact Steve Bina: steve@humanpoweredsolutions.com.