Tag: creditcard

OnePlus says up to 40,000 customers affected in credit card breach

After learning that fraudulent charges were appearing on its customers' credit cards, smartphone maker OnePlus disabled support for credit card payments and launched an on-going investigation. The preliminary results are in, however, and they're definitely concerning. In a statement released today, OnePlus said credit card information belonging to up to 40,000 customers was captured by a malicious (and currently unknown) actor between November 2017 and mid-January 2018.

OnePlus hasn't confirmed the number of customers whose captured payment information has been used for fraudulent purchases, noting instead that the number of affected users represented a "small portion" of its customer base. While it's true that millions of OnePlus smartphones have been sold since the Oppo spin-off set up shop in 2014, that's likely little consolation for the people directly involved. As a result of the breach, OnePlus says it's continuing to work with law enforcement, and will offer a year of free credit monitoring to all affected users.

But how did all this happen in the first place? According to a company spokesperson, a malicious actor gained access to one of its servers and injected a script that captured people's credit card information as it was typed into the site's payment form. While some originally suspected OnePlus' payment processor was to blame for the issue, it appears that the credit card payment process worked exactly as it was supposed to. Once entered, the payment data was subsequently encrypted and transmitted to the company's payment processor as usual — the script seized on a window of opportunity and captured the information before it could be encrypted in the first place.

That means customers who paid via PayPal aren't affected by the breach, and people who paid with previously saved credit card details should not be impacted because they didn't manually input the information.

While OnePlus' statement sheds much-needed light on the situation, some of the most crucial details either haven't been unearthed or have not yet been revealed. An investigation into potential culprits is still ongoing, and while a spokesperson insists only one server was affected, he was unable to confirm whether the vulnerability existed in other company-owned servers as well. That same spokesperson said the company is trying to be "as transparent as possible" with its customers, but would not say if the full results of the investigation would be released once the process has been concluded.

OnePlus has said in the past that its strategy for growth in a highly competitive market is simply to build great products. While it's true we — and quite a few others — have been fond of OnePlus hardware, multiple gaffes in the past year have given the company's fans reason to be concerned. This past November, an app called EngineerMode allowed root-level access to anyone who had physical access to your OnePlus phone, and the month before that, concerns about OnePlus devices phoning home with usage data made the rounds. Throw in a bug that forced some OnePlus 5s to reboot while on emergency calls from this past summer and it seems that the company is suffering from a serious — and troubling — lack of attention to detail.


OnePlus halts credit card payments on its site after fraud reports

This weekend, reports began to surface that some people who had made purchases on OnePlus' website were seeing unauthorized transactions pop up on their credit cards. OnePlus released a statement on its website saying that it was looking into the issue and today in an update, the company said it's shutting down credit card payments on its site. "This is a serious issue and we are investigating around the clock. As a precaution, we are temporarily disabling credit card payments at oneplus.net," it said. "PayPal is still available, and we are exploring alternative secure payment options with our service providers."

So for now, if you want to buy something on OnePlus' website, you're currently limited to paying through PayPal. And if you've made any recent purchases on the site with your credit card directly, you might want to keep an eye on your transaction history. OnePlus says it's doing a complete audit of its system.

Via: Gizmodo

Source: OnePlus


Visa will make signatures optional for chipped credit cards

It's been about a month since American Express and Mastercard decided to stop requiring signatures for EMV chip credit cards. Now Visa is joining their ranks, making signatures optional for chipped transactions in North America.

"Visa is committed to delivering secure, fast and convenient payments at the point of sale," said VIsa's Dan Sanford in a statement. "Our focus is on continually evolving the market towards dynamic authentication methods such as EMV chip, as well as investing in emerging capabilities that leverage advanced analytics and biometrics. We believe making the signature requirement optional for EMV chip-enabled merchants is the responsible next step to enhance security and convenience at the point of sale."

Contact and contactless chip-enabled points of sale are taking over, of course, for their enhanced security and convenience for retail transactions. Visa notes that it has deployed more than 460 million EMV chip cards and readers at over 2.5 million locations.

Source: Visa


Forever 21 breach exposed customer credit card info for months

If you shopped at a Forever 21 store this year, there's a chance your credit card information may have been stolen, CNET reports. The retail store confirmed this week that between April 3rd and November 18th of this year, a number of point of sale terminals at stores across the US were breached. While it hasn't provided any numbers on how many customers were affected, Forever 21 did say that in most cases, card numbers, expiration dates and verification codes, but not cardholder names, were obtained by hackers. However, in some cases names were also obtained.

Encryption is usually used by the store to protect its payment processing system, but in some stores, the encryption was sometimes off, opening up their point of sale terminals to malware. Not every terminal in every affected store was infected with the malware and not every store was impacted during the full time period of the breach. In some cases, credit card data stored in certain system logs prior to April 3rd were also exposed.

Forever 21 said payment processing systems outside of the US work differently but that it was investigating whether non-US stores were affected as well. Purchases made through its website weren't impacted by the breach.

Chipotle and GameStop suffered similar breaches this year while hotel giant HEI announced it was hit with the same type of data breach last year.

In a statement, Forever 21 said, "In addition to addressing encryption, Forever 21 is continuing to work with security firms to enhance its security measures. We also continue to work with the payment card networks so that the banks that issue payment cards can be made aware of this incident. Lastly, we will continue to support law enforcement's investigation of this incident."

Via: CNET

Source: Forever 21


American Express will stop requiring signatures for purchases

Mastercard and Discover both announced in recent months that, starting next year, they would no longer require signatures for credit card transactions. Now, the Verge reports, American Express has announced it's also moving away from signatures. As of April 2018, American Express signature requirements will be no more and the company says it's because technology advances have made them obsolete. "Our fraud capabilities have advanced so that signatures are no longer necessary to fight fraud," American Express Executive VP Jaromir Divilek said in a statement.

Mastercard and Discover both pointed to similar reasoning and they'll also be discontinuing signature requirements in April of next year. However, while Discover is eliminating signature requirements in the US, Canada, Mexico and the Caribbean and Mastercard is ending them in the US and Canada, American Express is ceasing signature requirements globally.

However, though these companies will no long require merchants to collect signatures, those merchants may still choose to do so, and they'll have to if it's required by law in any region. But fewer and fewer transactions require signatures anyway, so for the diminishing number of purchases that still demand them, this move could make checkout times just a tad bit quicker.

Via: The Verge

Source: American Express


Uber’s new credit card could be a tough sell (updated)

Uber isn't exactly known for protecting the privacy of its drivers or riders. Tim Cook reportedly had to threaten to remove the Uber app from iPhones after he discovered the app was "fingerprinting" iPhones with a permanent ID. The ride sharing company had to stop gathering location data from passengers, even after a ride ended, and it settled with the FTC over abuse of customer data. Now Uber is offering a new credit card, available November 2nd, which might seem a bit counter-intuitive.

The Uber Visa has no annual fee, and users earn $100 after they spend $500 in the first 90 days of owning the card. You'll get rewards for using the card, and they'll accrue even faster for buying food in a restaurant, booking a trip, taking an Uber (obviously) or shopping online. You'll be able to redeem the rewards for Uber credits on rides and UberEats delivery, as well as cash back or gift cards. It will even grant you an annual $50 "subscription credit" you can use towards Netflix, Spotify or Amazon Prime. Uber also says that cardholders can get coverage for theft or damage of their mobile devices, and invites to secret shows and dining experiences. All subject to "terms," of course. Still, given the company's track record, it might be a tough sell to ask customers to sign up.

Update: Uber clarified to Engadget that it would not get any information on individual spending, as that will stay with the issuing bank, Barclays. The only thing Uber will know is the amount of spending that occurs on their cards in aggregate. The company says it will have access to how many Uber credits that rider has earned through the percent back on an individual level. This post has been edited in light of those details.

Via: TechCrunch

Source: Uber


Affirm’s app lends you money to buy things online

Paypal co-founder Max Levchin launched Affirm back in 2012 to extend credit for folks to buy things online. Today, his company has extended that feature to a mobile app, functionally creating a virtual credit card for anyone who wants to trust a tech company instead of banks.

The service's signature feature (aside from real financial functionality on a mobile app) is up-front and clear disclosure regarding how much a purchase will end up costing you. Affirm gives you a flat percentage interest rate ranging from 10 to 30 percent depending on what you're buying. Lines of credit are extended for each individual purchase, tied to a one-time-use credit card number and three-digit pin that disappear after, and the repayment is dealt with in the app.

Essentially, Affirm is betting that customers will feel better paying off each purchase instead of hacking away at a collective balance. The company aims to be a more honest lender instead of setting up credit lines for customers who cannot afford them. Affirm evaluates each loan based on user credit and perceived ability to pay it back. To apply, users need to provide proof of identity and the apps can be downloaded for iOS here and Android here.

Via: The Verge

Source: Affirm


Discover card users can redeem their points on Apple Pay

Apple Pay gives you many ways to pay for your purchases -- and now Discover's cashback bonus is one of them. Discover and Apple have teamed up to give you the ability to redeem your cashback points through the mobile payment app, so long as you can fulfill a set of requirements. You'll obviously have to add your Discover card to Apple Pay, download the Discover app, have a rewards balance higher than the amount of the item you want to purchase and, most importantly, you have to be using an iPhone 6 or later.

To redeem your cashback rewards, simply choose Discover on Apple Pay, select "Tap for Details" when you get the redemption message and then tap to redeem your bonus. There's just one important thing to take note of: you can't redeem your rewards if you're on T-Mobile's network. Unfortunately, it could make redemption harder while you're on the go if you're a T-Mo customer, since you'll have to disconnect your mobile internet and find a WiFi connection instead.

Source: Discover


PlayStation credit card gives extra money back for gaming purchases

If you're a PlayStation fan, you probably use your credit card for a lot: games, add-ons, the virtually obligatory Plus subscription and the occasional accessory. Wouldn't it be good if you could at least get some compensation for pouring so much money into Sony's coffers? If you live in the US, you can. Sony has launched a Visa-based PlayStation credit card from Capital One that gives you discounts and redeemable points if you shop for Sony gear or PlayStation services.

You always get Sony Rewards points whatever you buy (including three times as many for paying phone bills), but you'll get five times the usual points if you shop at the PlayStation Store, and a similar amount for Sony products if you fill out a Bonus Points form. You'll also get 10 percent off subscriptions to PlayStation Music, Now and Vue (in the form of credit), and half off a Plus subscription if you spend at least $3,000 with the card in the span of a year.

Catches? There's no annual fee, but it will take a while to rack up enough points to actually buy something. You get the equivalent of $1 for every 100 points -- that free PS4 Pro will have to wait. The requirement for that bonus form doesn't help, either. And of course, you won't get as many benefits if you aren't a fan of most Sony products outside of the PlayStation itself. Still, if your existing card doesn't give you perks you tend to use, it might not hurt to give this a look.

Source: PlayStation Blog