Credit card users of OnePlus reported fraud transactions, Company is investigating

January 15, 2018 0 Comments;

Many OnePlus customers have reported that their credit cards used to buy handsets from their official website have been used for fraudulent transactions. On the OnePlus forum, a thread committed to the credit card fraud problem has over 70 affected consumers over the previous four months reporting instances of attempts to make transactions on cards used on the OnePlus website. In a blog post, OnePlus stated it is investigating the matter, and says it is nevertheless trying to decide the cause behind this apparent hack.


The first post in the OnePlus discussion board thread regarding the fraudulent credit card charge was posted last week. Soon after this, multiple buyers posted cases of attempts of fraud transaction on their cards as well.

In their blog, posted Monday evening, OnePlus said it started out the investigations “as a matter of urgency,” and at least acknowledge the affected customers “made credit card payments directly on (without involving a third party such as PayPal).”


OnePlus has put the financial burden of the whole trouble squarely on its shoppers and their banks. In its post, the company says, “If you suspect that your credit card info has been compromised, please test your card statement and contact your bank to resolve any suspicious charges. They will help you initiate a chargeback and prevent any financial loss.” This certainly means the Chinese corporation will not bear any financial losses regardless of the apparent gaps in its very own security system.


As for the investigation, OnePlus has purely stated it is still “working with our third-party providers, and will update you on our findings as they surface.”

Cyber security consulting association Fidus Information Security in a blog post that two problems “stand out” in the matter: one is the website apparently not being PCI compliant, and the other that OnePlus has incorrectly stated that it does not handle card payments. The organization also used Magento e-commerce platform, which Fidus says is “a common platform in which credit card hacking takes place.”


But, the organization has shirked these concerns off, saying the credit card records is sent to its PCI-DSS-compliant payment processing partner over an encrypted connection, and the fee processing is executed on the partner’s invulnerable servers. However, it has not addressed the reality its website is not PCI-compliant.


While it acknowledges the official website was built on the Magento platform, it says it has been rebuilding the internet site with a custom code. In fact, it says the credit card repayments were no longer applied on Magento’s payment module. However, it only says “we shouldn’t be affected”, instead of giving a more reassuring announcement on the security front.


Leave a Reply