comscore
News

OnePlus disables credit card payments on its website after reports of credit card fraud

OnePlus says this is a serious issue and it is investigating the credit card fraud reported by its customers.

  • Published: January 17, 2018 8:35 PM IST

OnePlus has disabled credit card payments on its website after customers reported credit card fraud on Monday. The Chinese smartphone maker says it is still investigating and looking for alternative payment options but will only support payments via PayPal for now.

OnePlus is now well known for offering quality smartphones at price significantly lower than that of premium smartphone brands like Samsung and Apple. The Chinese smartphone maker cuts a lot of its own cost by removing middlemen and selling devices online through its own website. Those shopping on OnePlus’ website believe that the website is secure and consumers can safely share their private details like card number and home address.

However, some customers who shopped on the company’s official site between October and December 2017, started reporting credit card fraud on Monday. These customers claimed they received notifications of fraudulent transactions on their credit card. The issue was widely discussed on Reddit and an informal poll suggested that only around 25 percent of shoppers were affected by this issue.

OnePlus confirmed that it is investigating the issue and it does not store credit card data on its servers. It even confirmed that all transactions are carried out via PCI-DSS-compliant payment processing partner.

However, security experts at Fidus Information Security have weighed in with their thoughts that OnePlus does not store or read customers’ card details but the information still goes through its servers for a brief period of time before making it to the third party payment company’s database. The researchers described a bug called Magento which allows attackers to insert a malicious JavaScript code to steal information. OnePlus confirmed that its website is not affected by Magento bug and promised to offer more updates on its investigation at a later stage.

“At OnePlus, we take information privacy extremely seriously. Over the weekend, members of the OnePlus community reported cases of unknown credit card transactions occurring on their credit cards post purchase from oneplus.net. We immediately began to investigate as a matter of urgency, and will keep you updated,” Mingyu from OnePlus wrote in a forum post.

However, the company has now temporarily disabled credit card payments and Mingyu added that “This is a serious issue and we are investigating around the clock.” If you have carried out transactions on OnePlus’ website then it is advisable to keep an eye on your payment history and statements.

  • Published Date: January 17, 2018 8:35 PM IST