OnePlus customer credit cards used for fraud transactions, the Chinese tech-giant confirms investigation but isn't ready to claim responsibility for losses.
Several OnePlus customers have come across that their credit cards are in use to purchase handsets from the official website. Users complain about violation of privacy and engagement in fraudulent transactions.
On the OnePlus forum, a thread dedicated to the credit card fraud issue has over 70 affected buyers over the past four months reporting instances of attempts to make transactions on cards used on the OnePlus website.
In a blog post, OnePlus said it is investigating the matter and says it is still trying to determine the cause of this apparent hack.
The first post in the OnePlus forum thread regarding the fraudulent credit card saw the light last week. Soon after this, multiple buyers posted cases of attempts of fraud transaction on their cards as well.
In its blog, posted Monday evening, OnePlus said it began the investigations “as a matter of urgency”. And at least acknowledge the affected users “made credit card payments directly to oneplus.net. (Without involving a third party such as PayPal).”
OnePlus has put the financial burden of the whole issue squarely on its buyers and their banks. In its post, the company says, “If you suspect that your credit card info is compromised, please check your card statement. And contact your bank to resolve any suspicious charges. They will help you initiate a chargeback and prevent any financial loss.”. This clearly means the Chinese company will not bear any financial losses despite the apparent gaps in its own security system.
As for the investigation, OnePlus has merely said it is still “working with our third-party providers, and will update you on our findings as they surface.”
Cybersecurity consulting firm Fidus Information Security in a blog post that two issues “stand out” in the matter. One is the website seemingly not being P.C.I. Compliant, and the other that OnePlus has incorrectly stated that it does not handle card payments. The company also used Magento e-commerce platform, which Fidus says is “a common platform in which credit card hacking takes place.”
But, the company has shirked these concerns off. Surely by saying the credit card data is forwarded to its PCI-DSS-compliant payment processing partner over an encrypted connection. Meanwhile, the execution of the payment processing is on the partner’s secure servers. However, it has not clear about the fact its website is not PCI-compliant.
While it acknowledges the official website is on the Magento platform. Oneplus confirms the news of rebuilding the website with a custom code. In fact, it confirms the non-implementation of the credit card payments on Magento’s payment module. However, it only says “we shouldn’t be affected”, instead of giving a more reassuring statement on the security front.
Some of the popular Oneplus products:
OnePlus 5T (Star Wars Limited Edition)
PRICE: Rs. 38,999.00
OnePlus 5T (Lava Red Edition)
PRICE: Rs. 38,999.00
PRICE: Rs. 37,999.00