It seems like there is nothing good going on with OnePlus as the company is now facing another issue with their official website which has costed its users way more than what they signed up for.
Several OnePlus users have complained that since buying products from the smartphone manufacturer’s official website (oneplus.net), there have been a couple of unusual credit card transactions. While some of the users registered their complaints on OnePlus’ official forums, others are venting out their anger on Reddit.
For the unknown, OnePlus is already in hot water after acknowledging that a handful its smartphones beamed data to Alibaba without even the user’s knowledge or consent. Last year the company admitted that detailed data usage was being sent back to the company, which was a breach of basic data protection law in Europe.
Coming back to the fraudulent credit card transactions, over 70 people have posted so far in OnePlus ‘credit card fraud’ thread, which was started about a week ago and one of the users said he used two business credit cards to place two different orders, one of which was used for fraudulent purchase of Euros 50. While these orders were placed on 9th and 10th January, another user reported an attempted of a fraudulent transaction with his credit card worth 900 Euros.
Let it be known that reports of unusual credit card activity post-purchase from the OnePlus website is coming from those who added their credit/debit card directly to the site rather than making the payment through PayPal.
As for processing of payments, Credit card information is first sent to OnePlus’s unnamed payment processor via an encrypted connection instead of being saved on the company’s website itself. Even if buyers used the site’s “save this card for future transactions” option, they shouldn’t have that much to worry about.
In this process, a handful of digits of your card’s number are saved along with a random set of symbols (“token”) to OnePlus’s payment processor, and the company has no way to decrypt this information in order to access your full card info.
Since there is no way that one can explain these fraudulent activities, OnePlus was quick on issuing a statement saying that the company is investigating the situation and the affected group of people are those who didn’t use PayPal for making the payments.
Here is Official Statement Issued By OnePlus On One Of The Threads.
“At OnePlus, we take information privacy very seriously. Over the weekend, members of our OnePlus community reported some cases of unknown credit card transactions through their credit cards post making purchases from oneplus.net. We immediately began to investigate the issue as a matter of urgency, and will keep you updated. This FAQ document will be updated regularly to address questions raised.”
In the post, OnePlus also assured customers that the fraud issues had nothing to do with the hacking fiasco of the Magento eCommerce platform which was initially used to build Oneplus.net. The website has been going through a modification since 2014 and the payment service wasn’t even used for card payments, ever.
Since the OnePlus website is HTTPS encrypted it is indeed a hard nut to crack for hackers, however, the Chinese company has promised to soon come up with an answer.
In the meantime, we recommend all affected customers to contact their credit card companies to get the payments canceled or reversed for a chargeback.