When it comes to any kind of transaction, safety and security are of the utmost concern. When a security breach occurs, it can lead to many having their information stolen. This seems to be the case with the OnePlus website, as it looks like credit card data is being intercepted when customers are purchasing smartphones or accessories.
The OnePlus forums can offer a wealth of knowledge for its users and it is here that the Fidus team noticed an interesting post about credit card fraud. The user purchased two handsets using two different credit cards and the cards were only used in the past six months on the OnePlus website. The user notes that after these transactions, the cards were hit with fraudulent charges. The post has a poll asking users to chime in on their experience and whether they have experienced issues with fraud after purchasing from the website.
Now there could be any number of reasons why this could happen but Fidus notes that OnePlus uses the Magento eCommerce platform, which has problems when it comes to security. The firm went through a mock purchase in order to uncover what exactly happens and found that:
"the payment page which requests the customer’s card details is hosted ON-SITE and is not an iFrame by a third-party payment processor. This means all payment details entered, albeit briefly, flow through the OnePlus website and can be intercepted by an attacker. Whilst the payment details are sent off to a third-party provider upon form submission, there is a window in which malicious code is able to siphon credit card details before the data is encrypted."
According to Fidus, obtaining data through the Magento eCommerce platform is not something that is new and has been a problem for a few years. While is uncertain how OnePlus will respond, it looks like there are ways that you can protect yourself in these types of situations. Fidus recommends using sites that utilize "an OFF-SITE payment processor, or a processor who offers iFrame integration with checkout pages". If this is enabled, payment data is secure and the chance of there being an issue is low.
23 Comments - Add comment