OnePlus has temporarily shut down credit card payments on its website following reports that customers’ payment details were stolen after they bought goods through its online store. The company says it’s disabling credit card payments “as a precaution,” but will still be accepting purchases through PayPal. OnePlus also says it’s looking for “alternative secure payment” options.
The investigation began after a poll posted by users on OnePlus’ forums found that many customers had experienced the same problem. In the poll, 174 respondents said they had discovered fraudulent transactions on their cards after making a purchase from OnePlus. One customer who bought a OnePlus 5T wrote that he was alerted by the bank as someone tried to make an unauthorized purchase at Walmart worth $790.
In its response, OnePlus outlines various protocols the company uses to safeguard users’ payment information, including sharing data over encrypted connections. However, an analysis of the site’s payment processing by security firm Fidus suggests there is a brief window “in which malicious code is able to siphon credit card details before the data is encrypted.”
OnePlus says the site is undergoing a complete audit in order to look for such potential faults. “Information security is a very serious topic, and it has always been one of our top priorities,” said the company. The smartphone maker says customers who are affected by fraud should contact their bank immediately to initiate a chargeback.
Updated January 16th, 12:06PM ET: Updated to say OnePlus has shut down credit card payments on its site.