Over the weekend, reports began to surface online that few customers who purchased OnePlus mobiles from the website started seeing unauthorized transactions on their credit cards. The issue started when a user created a thread on the OnePlus forums about the issue he experienced after his OnePlus purchase. More than 100 respondents replied that they too have discovered the fraudulent transactions after making the purchase from OnePlus.
According to the findings of a security firm Fidus, the payment process on the OnePlus website is hosted ON-SITE and it could be the gateway to all the payment details entered by a customer. While the payment details are submitted to a third party, “there is a window in which malicious code is able to siphon credit card details before the data is encrypted”.
After the following the credit card fraud reports, OnePlus has temporarily shut down the credit payments “as a precaution”. The company says it will be accepting purchases through PayPal and is looking for other alternative secure payment options. Also, it will be shifting away from the current Magento eCommerce platform and is redesigning the website with custom code.
The Chinese smartphone maker is currently investigating the issue to look for the potential flaws. It said, “This is an ongoing investigation. We are working with our third-party providers and will update you on our findings as they surface.”
The customers who are affected by the fraud are advised to contact their bank immediately to initiate a chargeback else observe your credit card transactions carefully.