LifeLock pulls Wallet app over PCI compliance fears

LifeLock has been forced to pull the mobile wallet it acquired for more than $40 million last year from app stores and delete all user data from its servers after deciding the technology might not be PCI compliant.

  11 8 comments

LifeLock pulls Wallet app over PCI compliance fears

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

Identity-theft specialist LifeLock bought mobile-wallet start-up Lemon for an initial consideration of $42.6 million in December and rebranded the app - which has been downloaded more than 3.6 million times - as LifeLock Wallet.

However, LifeLock CEO Todd Davis has now written a blog post revealing: "We have determined that certain aspects of the mobile app may not be fully compliant with payment card industry (PCI) security standards."

The app has been pulled from the App Store, Amazon Apps, and Google Play. When existing users open their virtual wallet, their information will be deleted, with all data wiped from LifeLock's servers.

"Even though we have no reason to believe the data has been compromised, we believe this is the right thing to do," writes Davis, who adds that the move does not affect LifeLock's subscription identity theft protection services.

The firm is now working to get the wallet back in app stores "with the highest level of PCI compliance" soon.

Sponsored [On-Demand Webinar] PREDICT 2025: The Future of AI in the US

Comments: (8)

Brett King

Brett King CEO & Founder at Moven

I hope Coin card is reading this...

Ketharaman Swaminathan

Ketharaman Swaminathan Founder and CEO at GTM360 Marketing Solutions

Are all other mobile wallets PCI DSS compliant or is LifeLock just the tip of the iceberg?

Brett King

Brett King CEO & Founder at Moven

Ketharaman,

Clearly we need to go back to passbooks and hard currency. Better yet, let's go back to clam shells and buck skin

BK

Ketharaman Swaminathan

Ketharaman Swaminathan Founder and CEO at GTM360 Marketing Solutions

@BrettK: I didn't know hard currency went away - post Target breach, I hear there's an uptick in the preference for cash in USA. You might be pleased to know that HDFC Bank in India just introduced passbooks. Maybe they'll take your advice and introduce clam shells and buck skin when they do their "next refresh"!

A Finextra member 

@Ketharman I think that is a great question...It also begs why wasnt Lemon (as it was then) found out to be non PCI compliant?

Not all wallets would need to be PCI compliant, only those that store card details would need to be. So, many wallets out there would be exempt and equally, many wallets should probably be looking into in more depth...I'm guessing Lemon was storing card information it shouldnt be holding in the cloud, or on the actual device.

Ketharaman Swaminathan

Ketharaman Swaminathan Founder and CEO at GTM360 Marketing Solutions

@AndrewS: I was born before PCI-DSS came into force and I still didn't know that the standard was applicable for mobile wallets. Therefore, I won't blame mobile wallets for non-compliance. Probably many of their founders belong to GenY and don't even know about PCI. I’ve heard it said that GenY is a generation that refuses to recognize anything older than itself, which PCI probably is. TY for clarifying the circumstances under which PCI compliance is mandatory for mobile wallets. Any idea if there're many mobile wallets that don't store card details and are hence PCI-exempt? 

Taron Mohan

Taron Mohan CEO at NextGen

i don't think any downloadable mobile wallet is PCI compliant. PCI compliance needs the hardware also to be PCI certified alongwith the application, which is not posisble as a downloadable client.

so the whole mobile wallet industry is compromised here...

A Finextra member 

@Taron a mobile wallet doesnt have to store card details on the device. You're right if they do, then the app would fail. A mobile wallet has lots of options that are PCI compliant when dealing with cards...

[Webinar] Trusted Transactions: The Future of Risk-Based AuthenticationFinextra Promoted[Webinar] Trusted Transactions: The Future of Risk-Based Authentication