LifeLock Pulls Mobile Wallet App Over PCI Concerns

Register now

LifeLock Inc. has temporarily pulled its LifeLock Wallet app off the market to address security issues.

LifeLock, an identity theft protection provider, purchased Lemon in December of 2013 for $42.6 million with the intention of converting its Lemon Wallet app into the LifeLock Wallet.

But LifeLock has decided to pull the app to address concerns that it was not compliant with the Payment Card Industry data security standard, which describes how companies must protect payment card data, as LifeLock chairman and CEO Todd Davis explained in a May 16 blog post.

The company has since begun emailing LifeLock Wallet users directly. "We're working to return a fully PCI compliant LifeLock Wallet to you soon," the email says.

The wallet app has been pulled from the Apple App Store, Amazon Apps and Google Play. Consumers who have already downloaded the LifeLock Wallet will have their information deleted the next time they launch the app, Davis says.

"This is a very complex issue and we have engaged multiple third-parties to determine all the facts accurately, so that we make the best decisions on any changes and on additional investments in our compliance operations," LifeLock said in an emailed statement.

The company "has no reason to believe that information associated with the mobile app or consumer credit cards uploaded into the mobile app has been compromised" expects "an updated app to be reinstated soon," it says.

The app lets users store card details and includes an account-monitoring service through BillGuard. At the time LifeLock acquired Lemon, the companies said the app had 3.6 million downloads.

That figure should be cause for concern for LifeLock, says Julie Conroy, senior analyst and fraud expert with Boston-based Aite Group.

"For those who have gotten into the habit of using the wallet, this is going to break a habit, and consumer habits are hard to make and break," Conroy says. "LifeLock will probably have a few challenges along those lines."

By the same token, LifeLock was "caught between a rock and a hard place" because it had discovered a potential security issue, Conroy adds. "They couldn't leave it there, because the liability consequences could have been pretty huge."

Because the wallet app came through an acquisition, it is difficult to determine how long it might take LifeLock to remedy the situation, Conroy says.

"You are talking about systems that are entirely different from your own internal system," Conroy adds.

LifeLock is also deleting all stored information from the company's servers.

The LifeLock app disappeared shortly after Square removed its Square Wallet app, which it said did not resonate with consumers. In its place, Square released Square Order, an app that lets consumers order purchases ahead of visits to Square merchants.

For reprint and licensing requests for this article, click here.