21 October 2017

LifeLock pulls Wallet app over PCI compliance fears

20 May 2014  |  6202 views  |  8 Mobile phone turning to cash

LifeLock has been forced to pull the mobile wallet it acquired for more than $40 million last year from app stores and delete all user data from its servers after deciding the technology might not be PCI compliant.

Identity-theft specialist LifeLock bought mobile-wallet start-up Lemon for an initial consideration of $42.6 million in December and rebranded the app - which has been downloaded more than 3.6 million times - as LifeLock Wallet.

However, LifeLock CEO Todd Davis has now written a blog post revealing: "We have determined that certain aspects of the mobile app may not be fully compliant with payment card industry (PCI) security standards."

The app has been pulled from the App Store, Amazon Apps, and Google Play. When existing users open their virtual wallet, their information will be deleted, with all data wiped from LifeLock's servers.

"Even though we have no reason to believe the data has been compromised, we believe this is the right thing to do," writes Davis, who adds that the move does not affect LifeLock's subscription identity theft protection services.

The firm is now working to get the wallet back in app stores "with the highest level of PCI compliance" soon.

Comments: (8)

Brett King
Brett King - Moven - New York | 20 May, 2014, 12:23

I hope Coin card is reading this...

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune | 20 May, 2014, 17:36

Are all other mobile wallets PCI DSS compliant or is LifeLock just the tip of the iceberg?

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Brett King
Brett King - Moven - New York | 20 May, 2014, 19:07

Ketharaman,

Clearly we need to go back to passbooks and hard currency. Better yet, let's go back to clam shells and buck skin

BK

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune | 20 May, 2014, 19:51

@BrettK: I didn't know hard currency went away - post Target breach, I hear there's an uptick in the preference for cash in USA. You might be pleased to know that HDFC Bank in India just introduced passbooks. Maybe they'll take your advice and introduce clam shells and buck skin when they do their "next refresh"!

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Andrew Smith
Andrew Smith - CB Infrastructure - London | 21 May, 2014, 08:39

@Ketharman I think that is a great question...It also begs why wasnt Lemon (as it was then) found out to be non PCI compliant?

Not all wallets would need to be PCI compliant, only those that store card details would need to be. So, many wallets out there would be exempt and equally, many wallets should probably be looking into in more depth...I'm guessing Lemon was storing card information it shouldnt be holding in the cloud, or on the actual device.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune | 21 May, 2014, 09:38

@AndrewS: I was born before PCI-DSS came into force and I still didn't know that the standard was applicable for mobile wallets. Therefore, I won't blame mobile wallets for non-compliance. Probably many of their founders belong to GenY and don't even know about PCI. I’ve heard it said that GenY is a generation that refuses to recognize anything older than itself, which PCI probably is. TY for clarifying the circumstances under which PCI compliance is mandatory for mobile wallets. Any idea if there're many mobile wallets that don't store card details and are hence PCI-exempt? 

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Taron Mohan
Taron Mohan - NextGen - Noida | 21 May, 2014, 11:18

i don't think any downloadable mobile wallet is PCI compliant. PCI compliance needs the hardware also to be PCI certified alongwith the application, which is not posisble as a downloadable client.

so the whole mobile wallet industry is compromised here...

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Andrew Smith
Andrew Smith - CB Infrastructure - London | 21 May, 2014, 16:05

@Taron a mobile wallet doesnt have to store card details on the device. You're right if they do, then the app would fail. A mobile wallet has lots of options that are PCI compliant when dealing with cards...

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Lemon co-founder raises $20 million for bitcoin vault start-up

Lemon co-founder raises $20 million for bitcoin vault start-up

14 March 2014  |  4739 views  |  0 comments | 3 tweets | 2 linkedin
LifeLock buys mobile-wallet start-up Lemon

LifeLock buys mobile-wallet start-up Lemon

12 December 2013  |  3931 views  |  0 comments | 3 tweets | 3 linkedin
PCI security standards in the dock

PCI security standards in the dock

12 January 2012  |  11732 views  |  7 comments
Atlanta Fed staffer questions value of PCI guidelines

Atlanta Fed staffer questions value of PCI guidelines

01 June 2011  |  9638 views  |  2 comments
US organisations upbeat on PCI compliance

US organisations upbeat on PCI compliance

14 January 2011  |  8579 views  |  0 comments
Judge backs Experian over LifeLock's 'unfair business practices'

Judge backs Experian over LifeLock's 'unfair business practices'

28 May 2009  |  8161 views  |  1 comments

Related company news

 

Related blogs

Create a blog about this story (membership required)
visit www.vasco.comvisit www.atos.netvisit www.niceactimize.com

Top topics

Most viewed Most shared
HSBC partners Bud for open banking trialHSBC partners Bud for open banking trial
8890 views comments | 22 tweets | 26 linkedin
satelliteGates Foundation backs Ripple collaboratio...
8657 views comments | 13 tweets | 10 linkedin
IBM uses blockchain to improve cross-border payments processingIBM uses blockchain to improve cross-borde...
7718 views comments | 9 tweets | 17 linkedin
Sibos 2017: API or the highwaySibos 2017: API or the highway
7201 views comments | 10 tweets | 22 linkedin
Eight banks form joint venture to launch blockchain trade platformEight banks form joint venture to launch b...
6809 views comments | 14 tweets | 23 linkedin

Featured job

to £70K base, £105K ote, benefits
London, UK

Find your next job