08 December 2016
Visit aciworldwide.com

LifeLock pulls Wallet app over PCI compliance fears

20 May 2014  |  5862 views  |  8 Mobile phone turning to cash

LifeLock has been forced to pull the mobile wallet it acquired for more than $40 million last year from app stores and delete all user data from its servers after deciding the technology might not be PCI compliant.

Identity-theft specialist LifeLock bought mobile-wallet start-up Lemon for an initial consideration of $42.6 million in December and rebranded the app - which has been downloaded more than 3.6 million times - as LifeLock Wallet.

However, LifeLock CEO Todd Davis has now written a blog post revealing: "We have determined that certain aspects of the mobile app may not be fully compliant with payment card industry (PCI) security standards."

The app has been pulled from the App Store, Amazon Apps, and Google Play. When existing users open their virtual wallet, their information will be deleted, with all data wiped from LifeLock's servers.

"Even though we have no reason to believe the data has been compromised, we believe this is the right thing to do," writes Davis, who adds that the move does not affect LifeLock's subscription identity theft protection services.

The firm is now working to get the wallet back in app stores "with the highest level of PCI compliance" soon.

Comments: (8)

Brett King
Brett King - Moven - New York | 20 May, 2014, 12:23

I hope Coin card is reading this...

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune | 20 May, 2014, 17:36

Are all other mobile wallets PCI DSS compliant or is LifeLock just the tip of the iceberg?

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Brett King
Brett King - Moven - New York | 20 May, 2014, 19:07

Ketharaman,

Clearly we need to go back to passbooks and hard currency. Better yet, let's go back to clam shells and buck skin

BK

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune | 20 May, 2014, 19:51

@BrettK: I didn't know hard currency went away - post Target breach, I hear there's an uptick in the preference for cash in USA. You might be pleased to know that HDFC Bank in India just introduced passbooks. Maybe they'll take your advice and introduce clam shells and buck skin when they do their "next refresh"!

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Andrew Smith
Andrew Smith - CloudZync - London | 21 May, 2014, 08:39

@Ketharman I think that is a great question...It also begs why wasnt Lemon (as it was then) found out to be non PCI compliant?

Not all wallets would need to be PCI compliant, only those that store card details would need to be. So, many wallets out there would be exempt and equally, many wallets should probably be looking into in more depth...I'm guessing Lemon was storing card information it shouldnt be holding in the cloud, or on the actual device.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune | 21 May, 2014, 09:38

@AndrewS: I was born before PCI-DSS came into force and I still didn't know that the standard was applicable for mobile wallets. Therefore, I won't blame mobile wallets for non-compliance. Probably many of their founders belong to GenY and don't even know about PCI. I’ve heard it said that GenY is a generation that refuses to recognize anything older than itself, which PCI probably is. TY for clarifying the circumstances under which PCI compliance is mandatory for mobile wallets. Any idea if there're many mobile wallets that don't store card details and are hence PCI-exempt? 

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Taron Mohan
Taron Mohan - NextGen - Noida | 21 May, 2014, 11:18

i don't think any downloadable mobile wallet is PCI compliant. PCI compliance needs the hardware also to be PCI certified alongwith the application, which is not posisble as a downloadable client.

so the whole mobile wallet industry is compromised here...

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Andrew Smith
Andrew Smith - CloudZync - London | 21 May, 2014, 16:05

@Taron a mobile wallet doesnt have to store card details on the device. You're right if they do, then the app would fail. A mobile wallet has lots of options that are PCI compliant when dealing with cards...

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Lemon co-founder raises $20 million for bitcoin vault start-up

Lemon co-founder raises $20 million for bitcoin vault start-up

14 March 2014  |  4252 views  |  0 comments | 3 tweets | 2 linkedin
LifeLock buys mobile-wallet start-up Lemon

LifeLock buys mobile-wallet start-up Lemon

12 December 2013  |  3629 views  |  0 comments | 3 tweets | 3 linkedin
PCI security standards in the dock

PCI security standards in the dock

12 January 2012  |  11314 views  |  7 comments
Atlanta Fed staffer questions value of PCI guidelines

Atlanta Fed staffer questions value of PCI guidelines

01 June 2011  |  9346 views  |  2 comments
US organisations upbeat on PCI compliance

US organisations upbeat on PCI compliance

14 January 2011  |  8360 views  |  0 comments
Judge backs Experian over LifeLock's 'unfair business practices'

Judge backs Experian over LifeLock's 'unfair business practices'

28 May 2009  |  7941 views  |  1 comments

Related company news

 

Related blogs

Create a blog about this story (membership required)
http://www.financialcrimerisk.fiserv.com/aml?r=finextraVisit VocaLink.comVisit contisgroup.com

Top topics

Most viewed Most shared
Guesswork alone can crack Visa card security - Newcastle UniversityGuesswork alone can crack Visa card securi...
7743 views 12 comments | 15 tweets | 27 linkedin
OCC to offer fintech firms bank charter statusOCC to offer fintech firms bank charter st...
7655 views comments | 25 tweets | 15 linkedin
China tops world fintech rankingsChina tops world fintech rankings
7574 views comments | 36 tweets | 30 linkedin
EBA bends under weight of PSD2 mandatesEBA bends under weight of PSD2 mandates
7025 views comments | 34 tweets | 46 linkedin
Fed Governor sounds warning on alternative credit scoring dataFed Governor sounds warning on alternative...
6607 views comments | 20 tweets | 23 linkedin

Featured job

to Six-Figure Base, Bonus, Benefits
London, UK

Find your next job