Welcome to Finextra. We use cookies to help us to deliver our services. We'll assume you're ok with this, but you may change your preferences at our Cookie Centre.
Please read our Privacy Policy.

Accept
Channels
News
See Headlines »

Related Companies

LifeLock

Channels

Retail banking Security Payments

Keywords

Mobile & online banking
LifeLock pulls Wallet app over PCI compliance fears

LifeLock pulls Wallet app over PCI compliance fears

LifeLock has been forced to pull the mobile wallet it acquired for more than $40 million last year from app stores and delete all user data from its servers after deciding the technology might not be PCI compliant.

Identity-theft specialist LifeLock bought mobile-wallet start-up Lemon for an initial consideration of $42.6 million in December and rebranded the app - which has been downloaded more than 3.6 million times - as LifeLock Wallet.

However, LifeLock CEO Todd Davis has now written a blog post revealing: "We have determined that certain aspects of the mobile app may not be fully compliant with payment card industry (PCI) security standards."

The app has been pulled from the App Store, Amazon Apps, and Google Play. When existing users open their virtual wallet, their information will be deleted, with all data wiped from LifeLock's servers.

"Even though we have no reason to believe the data has been compromised, we believe this is the right thing to do," writes Davis, who adds that the move does not affect LifeLock's subscription identity theft protection services.

The firm is now working to get the wallet back in app stores "with the highest level of PCI compliance" soon.

Related Companies

LifeLock

Channels

Retail banking Security Payments

Keywords

Mobile & online banking

Sponsored: Join us at Money20/20 Europe 2024 - 4-6 June, Amsterdam | Use code FEX200 to save €200 on your ticket

Comments: (8)

Brett King
Brett King - Moven - New York 20 May, 2014, 12:23Be the first to give this comment the thumbs up 0 likes

I hope Coin card is reading this...

Report abuse
Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 20 May, 2014, 17:36Be the first to give this comment the thumbs up 0 likes

Are all other mobile wallets PCI DSS compliant or is LifeLock just the tip of the iceberg?

Report abuse
Brett King
Brett King - Moven - New York 20 May, 2014, 19:07Be the first to give this comment the thumbs up 0 likes

Ketharaman,

Clearly we need to go back to passbooks and hard currency. Better yet, let's go back to clam shells and buck skin

BK

Report abuse
Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 20 May, 2014, 19:51Be the first to give this comment the thumbs up 0 likes

@BrettK: I didn't know hard currency went away - post Target breach, I hear there's an uptick in the preference for cash in USA. You might be pleased to know that HDFC Bank in India just introduced passbooks. Maybe they'll take your advice and introduce clam shells and buck skin when they do their "next refresh"!

Report abuse
A Finextra member
A Finextra member 21 May, 2014, 08:39Be the first to give this comment the thumbs up 0 likes

@Ketharman I think that is a great question...It also begs why wasnt Lemon (as it was then) found out to be non PCI compliant?

Not all wallets would need to be PCI compliant, only those that store card details would need to be. So, many wallets out there would be exempt and equally, many wallets should probably be looking into in more depth...I'm guessing Lemon was storing card information it shouldnt be holding in the cloud, or on the actual device.

Report abuse
Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 21 May, 2014, 09:38Be the first to give this comment the thumbs up 0 likes

@AndrewS: I was born before PCI-DSS came into force and I still didn't know that the standard was applicable for mobile wallets. Therefore, I won't blame mobile wallets for non-compliance. Probably many of their founders belong to GenY and don't even know about PCI. I’ve heard it said that GenY is a generation that refuses to recognize anything older than itself, which PCI probably is. TY for clarifying the circumstances under which PCI compliance is mandatory for mobile wallets. Any idea if there're many mobile wallets that don't store card details and are hence PCI-exempt? 

Report abuse
Taron Mohan
Taron Mohan - NextGen - Noida 21 May, 2014, 11:18Be the first to give this comment the thumbs up 0 likes

i don't think any downloadable mobile wallet is PCI compliant. PCI compliance needs the hardware also to be PCI certified alongwith the application, which is not posisble as a downloadable client.

so the whole mobile wallet industry is compromised here...

Report abuse
A Finextra member
A Finextra member 21 May, 2014, 16:05Be the first to give this comment the thumbs up 0 likes

@Taron a mobile wallet doesnt have to store card details on the device. You're right if they do, then the app would fail. A mobile wallet has lots of options that are PCI compliant when dealing with cards...

Report abuse
Join the discussion

Write a blog post about this story (membership required)

[Upcoming Webinar] Instant Payments and their impact on the fraud landscape[Upcoming Webinar] Instant Payments and their impact on the fraud landscape

Trending

Related News
Lemon co-founder raises $20 million for bitcoin vault start-up

Lemon co-founder raises $20 million for bitcoin vault start-up

LifeLock buys mobile-wallet start-up Lemon

LifeLock buys mobile-wallet start-up Lemon

PCI security standards in the dock

12 Jan 2012

Atlanta Fed staffer questions value of PCI guidelines

01 Jun 2011

US organisations upbeat on PCI compliance

14 Jan 2011

Judge backs Experian over LifeLock's 'unfair business practices'

28 May 2009

Trending

  1. TOP-5 use cases for GenAI implementation in Banks or Fintech companies

  2. UK government announces open finance task force

  3. Lloyds warns against fraudsters on Booking.com and Airbnb

  4. Canada's real-time payment system won't launch before 2026

  5. Temenos rejects Hindenburg claims after probe completed

Research
See all reports »
The Future of UK Fintech - 2015-2035

The Future of UK Fintech - 2015-2035

Definitive Differentiators - Forging a future-proof payments model

Definitive Differentiators - Forging a future-proof payments model

APP Fraud Liability: A Guide for Banks

APP Fraud Liability: A Guide for Banks