Mobile payment app withdrawn over security fears

LifeLock digital wallet withdrawn and all customer data deleted after security flaws were uncovered

A mobile payment app has been withdrawn and all customer information deleted after concerns were raised over its security.

The LifeLock electronic wallet had been available to download from a number of mobile stores, including Google Play, since December last year.

However, it has since been found that the technology is not properly compliant with payment industry standards - the Payment Card Industry Data Security Standards (PCI DSS) - and the company has withdrawn it as a result.

"We have determined that certain aspects of the [LifeLock Wallet] mobile app may not be fully compliant with PCI security standards," wrote LifeLock CEO Todd Davis in a company blog.

"For that reason, we are removing the LifeLock Wallet application from the App Store, Amazon Apps and Google Play, and when users open the LifeLock Wallet, their information will be deleted in the app.

"We have taken steps to delete all stored information for the mobile app from our servers. Even though we have no reason to believe the data has been compromised, we believe this is the right thing to do.

"As a company dedicated to online security and safety, we are committed to doing everything we can to ensure those who trust us with their personal information can do so without question."

PCI DSS has been criticised by payment professionals for being expensive and ineffective.

However, in the UK, according to lawyers at Pinsent Masons, the Information Commissioner's Office has warned that retailers that fail to store payment data in accordance with PCI DSS "or provide equivalent protection when processing customers' credit card details" could be held to be in breach of the Data Protection Act, opening them up to fines of up to £500,000.