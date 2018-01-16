CHINESE PHONE MAKER OnePlus has said its investigating reports of customers' credit card details being stolen after they made a purchase on its official website.

According to a poll and discussion on OnePlus forums, at least 68 people are reporting incidences of credit card fraud they have experienced after OnePlus transactions running from very recent to more than four months ago.

A handful of forum commentators described how after using the site to buy OnePlus phones, their banks notified them of fraudulent activity on their credit cards, and the fraud was traced back to the OnePlus website.

"I purchased two phones with two different credit cards, first on 11-26-17 and second on 11-28-17. Yesterday I was notified on one of the credit cards of suspected fraudulent activity, I logged onto credit card site and verified that there were several transactions that I did not make. I went through the process and switched accounts... no big deal," said forum user 'superdutynick'.

"Today same thing with the other credit card. I do not use either of those credit cards frequently. The only place that both of those credit cards had been used in the last 6 months was on the Oneplus website. I am not too worried about it, I have fraud protection on all of my cards."

So while OnePlus makes admirably solid smartphones, it would appear that its website or the platform supporting the transactions are not so robust and capable.

OnePlus has since responded, saying in a blog post: "Over the weekend, members of the OnePlus community reported cases of unknown credit card transactions occurring on their credit cards post-purchase from oneplus.net. We immediately began to investigate as a matter of urgency."

The company says that it uses various protocols to safeguard users' payment information, including sharing data over encrypted connections. However, as reported by The Verge, an analysis of the site's payment processing by security firm Fidus suggests there is a window "in which malicious code is able to syphon credit card details before the data is encrypted."

OnePlus adds: "Payment fraud is a perennial concern with all online payments. If you notice suspicious charges in your card statement, contact your bank immediately so they can reverse the payment.

"Our website is HTTPS encrypted, so it's very difficult to intercept traffic and inject malicious code, however we are conducting a complete audit." µ