Chinese smartphone brand OnePlus bans website credit card payments after fraud reports
Dozens of customers flooded the OnePlus forum claiming they encountered credit card fraud after purchasing phones from the website
OnePlus, a Chinese smartphone brand whose sales doubled last year on the back of strong overseas sales, is pulling credit card payment processing from its international online store after dozens of customers claimed to have suffered credit card fraud after making a purchase.
“As a precaution, we are temporarily disabling credit card payments at oneplus.net. PayPal is still available, and we are exploring alternative secure payment options with our service providers,” OnePlus said in a statement posted on its official online forum on Tuesday.
“This is a serious issue and we are investigating around the clock,” it added.
OnePlus is one of the few Chinese brands whose overseas smartphone sales outstrip those in the domestic market, though the company does not release specific sales data. Its official international website processes shipments to almost 40 global destinations, including the US where the leading Chinese smartphone brand Huawei Technologies recently suffered a setback after US carrier AT&T walked away from a deal due to US government pressure over security concerns.
Over the weekend a customer wrote in a post on the OnePlus forum that both of his credit cards were subject to fraudulent charges after making two separate transactions on the OnePlus online store in November 2017. The buyer claimed that the only place both credit cards had been used in the last six months was on the OnePlus website.
After the post, dozens of other customers flooded the OnePlus forum claiming they had encountered similar credit card fraud after purchasing mobile phones from the website.
According to a poll posted on the forum by a user, 241 customers indicated they “had fraudulent charges after a recent OnePlus transaction”, compared with 173 indicating no such problems. Among the 241 claiming fraudulent credit card transactions, nearly 90 per cent had bought the phones within the past two months.
Transactions through third-party payment methods such as PayPal are safe, according to posts on the forum. There was also no reported fraud cases on OnePlus’ official Chinese website.
The Shenzhen-based OnePlus denied the company stored any credit card information of its customers, saying that the card details are sent directly to its payment processing partner over an encrypted connection and processed on their secure servers.
OnePlus could not be immediately reached for comment.
Fidus, a cybersecurity firm, said the payments page on the OnePlus site, which requests customer card details, is hosted on the site. This means all payment details, albeit briefly, go through the OnePlus website and could be intercepted by an attacker.
“Whilst the payment details are sent to a third-party provider upon form submission, there is a window in which malicious code is able to siphon credit card details before the data is encrypted,” Fidus wrote in a post on its own website.
In an interview with the British newspaper Telegraph at CES in Las Vegas earlier this month, OnePlus chief executive Pete Lau said the company’s revenues in 2017 had doubled to more than US$1.4 billion. The company is also talking to mobile operators in the US and Europe to expand its exposure in these markets, Lau was quoted as saying.