Magento 1 – End of Life Payment Compliance (PCI DSS)
Support for Magento 1 will end on 30th June 2020, raising concerns over the security of websites that use it. PayPal and Visa have warned that those sites must migrate to Magento 2, or ultimately, they will risk failing to comply with Payment Card Industry Data Security Standards (PCI DSS).
With the deadline fast approaching, businesses have been left in a difficult situation, as upgrading to the new version is both hugely expensive and time-consuming. This has created a worrying situation for anyone still running the old version of the ecommerce platform.
© ra2 studio / Adobe Stock
What is happening and why does it matter?
From the end of June, Magento 1 will reach its sell by date, meaning it will no longer receive updates from its developers. Currently, they regularly look for security flaws in the platform and patch them, so all a user has to do is keep on top of the updates, and their site will remain secure.
After June, that process will stop for Magento 1, which is still being used by more than 100,000 sites. This means any security flaws found in the platform from then on would not be automatically fixed, leaving the sites and their customer data vulnerable to hackers.
If no action is taken to address this, and such a breach occurs with card details being stolen, then the business would have violated PCI DSS and other data protection laws. This could result in larges fines and can cause long term damage to its reputation.
Will my site get hacked if I do not act?
The risk will certainly be much higher after Magento 1’s end of life. It is easy to be complacent and think it will never happen to your website, but many companies have fallen into that trap. British Airways and Adobe are among the companies who have had customer card information stolen in the past, demonstrating that these security breaches can happen to anyone.
Small companies are just as likely to be targeted, as they still store valuable customer data, and are especially vulnerable in this current situation, as they are less likely to be able to move to Magento 2.
What should I do about it?
In an ideal world, everyone should migrate to Magento 2 or another platform. This will not be possible for everyone, however, and doing so before 30th June is nearly impossible due to the high costs and time required.
Despite the alarming message that PayPal and Visa sent out, there are alternative options that would keep your site secure, and this is where we can help.
If you are still using the outdated version of Magento, we can improve your site’s security and ensure that you remain PCI DSS compliant, using methods that are much quicker and cheaper to implement than migrating to Magento 2.
Contact us and we will work with you to find the best solution for your website – we can help keep your customers’ data secure beyond the end of June.