Add Lifelock Wallet to the list of mobile wallet casualties this week.
For those of you out of the loop, Lifelock Wallet is the former Lemon Wallet.
LifeLock’s acquisition of Lemon Wallet in December 2013 for $42.6 million was supposed to launch the cyber-security company into the mobile payments space. Instead, citing security concerns, LifeLock (NYSE:LOCK) unexpectedly shut down its mobile wallet Friday, sending share prices crashing.
In December, LifeLock announced it had purchased Lemon in an all-cash deal and would be launching a new mobile wallet app using technology acquired from Lemon. Essentially, Lemon’s product was rebranded and grafted to Lifelock’s security features, such as fraud alerts, access to credit scores, and identity theft protection. The resulting app was a kind of “digital locker,” where users could store sensitive data – including policy numbers and payment cards – for digital safekeeping. Here’s what LifeLock CEO Todd Davis said about the Lemon acquisition in December:
“The acquisition of Lemon dramatically expands our mobile capabilities, enabling us to launch a robust consumer wallet app in the marketplace on day one. The innovation and expertise from a mobile-first company like Lemon gives us powerful new ways to engage with current and future members.”
Davis struck a different note today as he announced that LifeLock’s mobile wallet app has been preemptively taken off the Apple App Store, Google Play Store for Android devices, and the Amazon Appstore. In a prepared statement, Davis said that “certain aspects of the Lemon Wallet … are not fully compliant with applicable payment card industry (PCI) security standards.” Yes, that PCI.
While Davis said that the company has “no reason to believe the data has been compromised,” the app will erase all personal data users have entered if users attempt to open the LifeLock Wallet app. While this is most likely to prevent any potential security breach as the company works to fix the issue, users have expressed frustration at not being given the opportunity to back up their data before it gets deleted. One Reddit user was quite unhappy, writing, “Today they ‘deleted’ everyone’s data. Not just from their servers, but when you open the app its wiped. And yes, I had info in the wallet that was not written down elsewhere. So much for protecting my information…” (The Next Web informed users that turning on Airplane Mode before opening the app, should allow users to download information before Lifelock nukes it.)
Past Trouble
This isn’t the first time LifeLock has taken heat for security issues. Wired reported that LifeLock received a $12 million fine in 2010 from the Federal Trade Commission for “deceptive business practices and for failing to secure sensitive customer data.” Of the $12 million, $11 million would go to refunds for customers since LifeLock had misrepresented itself and its security to its customers. Friday’s announcement was likely an attempt to avoid a similar fine.
Davis himself said that it was not known whether or not there would be any fines from governing bodies this time around.
Shares have fallen precipitously since the announcement — more than 17% as of mid-afternoon Tuesday.
LifeLock is said to be working on an updated version of the LifeLock wallet that meets the “highest level of PCI compliance.” No release date was announced.