23 August 2014

LifeLock pulls Wallet app over PCI compliance fears

20 May 2014  |  4112 views  |  8 Mobile phone turning to cash

LifeLock has been forced to pull the mobile wallet it acquired for more than $40 million last year from app stores and delete all user data from its servers after deciding the technology might not be PCI compliant.

Identity-theft specialist LifeLock bought mobile-wallet start-up Lemon for an initial consideration of $42.6 million in December and rebranded the app - which has been downloaded more than 3.6 million times - as LifeLock Wallet.

However, LifeLock CEO Todd Davis has now written a blog post revealing: "We have determined that certain aspects of the mobile app may not be fully compliant with payment card industry (PCI) security standards."

The app has been pulled from the App Store, Amazon Apps, and Google Play. When existing users open their virtual wallet, their information will be deleted, with all data wiped from LifeLock's servers.

"Even though we have no reason to believe the data has been compromised, we believe this is the right thing to do," writes Davis, who adds that the move does not affect LifeLock's subscription identity theft protection services.

The firm is now working to get the wallet back in app stores "with the highest level of PCI compliance" soon.

Comments: (8)

Brett King - Moven - New York | 20 May, 2014, 12:23

I hope Coin card is reading this...

Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune | 20 May, 2014, 17:36

Are all other mobile wallets PCI DSS compliant or is LifeLock just the tip of the iceberg?

Brett King - Moven - New York | 20 May, 2014, 19:07

Ketharaman,

Clearly we need to go back to passbooks and hard currency. Better yet, let's go back to clam shells and buck skin

BK

Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune | 20 May, 2014, 19:51

@BrettK: I didn't know hard currency went away - post Target breach, I hear there's an uptick in the preference for cash in USA. You might be pleased to know that HDFC Bank in India just introduced passbooks. Maybe they'll take your advice and introduce clam shells and buck skin when they do their "next refresh"!

Andrew Smith - CloudZync - London | 21 May, 2014, 08:39

@Ketharman I think that is a great question...It also begs why wasnt Lemon (as it was then) found out to be non PCI compliant?

Not all wallets would need to be PCI compliant, only those that store card details would need to be. So, many wallets out there would be exempt and equally, many wallets should probably be looking into in more depth...I'm guessing Lemon was storing card information it shouldnt be holding in the cloud, or on the actual device.

Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune | 21 May, 2014, 09:38

@AndrewS: I was born before PCI-DSS came into force and I still didn't know that the standard was applicable for mobile wallets. Therefore, I won't blame mobile wallets for non-compliance. Probably many of their founders belong to GenY and don't even know about PCI. I’ve heard it said that GenY is a generation that refuses to recognize anything older than itself, which PCI probably is. TY for clarifying the circumstances under which PCI compliance is mandatory for mobile wallets. Any idea if there're many mobile wallets that don't store card details and are hence PCI-exempt? 

Taron Mohan - NextGen - Noida | 21 May, 2014, 11:18

i don't think any downloadable mobile wallet is PCI compliant. PCI compliance needs the hardware also to be PCI certified alongwith the application, which is not posisble as a downloadable client.

so the whole mobile wallet industry is compromised here...

Andrew Smith - CloudZync - London | 21 May, 2014, 16:05

@Taron a mobile wallet doesnt have to store card details on the device. You're right if they do, then the app would fail. A mobile wallet has lots of options that are PCI compliant when dealing with cards...

Comment on this story (membership required)
Log in to receive notifications when someone posts a comment

Related blogs

Create a blog about this story (membership required)

Related stories

14 March, 2014
12 December, 2013
12 January, 2012
01 June, 2011
14 January, 2011
28 May, 2009

Related company news

 

Featured job

Commensurate with the status and importance of thi...
London based with substantial international travel

Find your next job