Magento 1 End-Of-Life

The Impact of the Magento 1 End-Of-Life on PCI Compliance

What it means to be PCI Compliant and why it is important.

PCI Compliance is an essential component of any credit card companies security protocol. Being PCI compliant means consistently adhering to a set of guidelines set forth by the PCI Standards Council, an organization formed in 2006 for the purpose of managing the security of credit cards for online and offline transactions.

All companies that process credit card information are required to maintain PCI compliance as directed by their card processing agreements. PCI compliance is an industry-standard and requirement. Businesses that do not adhere to these standards can be held accountable for agreement violations and negligence.

Magento 1 EOL and the impact to PCI Compliance

As of June 30, 2020, Magento is ending support for all versions of its Magento 1 e-commerce platform. This means that Magento/Adobe will no longer be providing bug fixes, upgrades, and most importantly security patches. It is assumed that without Magento/Adobe’s oversight of Magento 1’s security, that no one will be monitoring or detecting any future vulnerabilities.  Actually, malicious characters will continue to look for vulnerabilities and exploits to attack.  The versions of Magento 1 that are impacted include Magento Commerce 1 (formerly known as Enterprise Edition) and Magento Open Source 1 (formerly known as Community Edition).

PCI Non-ComplianceGlobal PCI DSS standards require each entity to “develop and maintain secure systems and applications by installing applicable vendor-supplied security patches.” If you continue to use Magento 1 after June 30, 2020, your Magento instance is at risk for being out of compliance with Payment Card Industry Data Security Standards (PCI DSS). Your payment processors and merchant banks may view your Magento instance as no longer being secure and consequently non-compliant. Here are a few announcements from major payment processors related to Magento 1 end-of-life and PCI compliance. 

PayPal is indicating that you have one month after June 30, 2020 to get PCI Compliant.  They also indicate that all payment processors have the same obligations and requirements under PCI DSS.

What are your options?

Magento 1 merchants must take immediate action and should be actively planning and pursuing migration to Magento 2 or a modern actively-maintained e-commerce platform. Simply put, the risk and opportunity cost of maintaining a Magento 1 instance will increase over time the technology becomes more obsolete, and nefarious characters look for opportunities to exploit Magento 1.

  • Migrate to the Magento 2 Platform or migrate to another vendor-supported platform as soon as possible.  
  • PayPal and Crimson Agility are partnering to provide loans to help small businesses to help with the migration costs of migrating to Magento 2.
  • Companies like Webscale Networks and Nexcess also offer a safe harbor hosting for your Magento 1 sites if you are unable to migrate off of Magento 1 before the end-of-life.  This is a short-term solution, but Crimson Agility can help you understand these options and migrate to these experienced Magento hosting partners.  These options are short-term solutions and it is unlikely they address PCI compliance concerns fully.

We can help! 

Crimson Agility’s MAGENTO RAPID DEPLOYMENT PACKAGES are fixed-cost implementation solutions. Our packages are great for small to large businesses wanting to move to Magento Commerce® or Magento Cloud Edition®. Crimson Agility’s MAGENTO EXPRESS PACKAGES are available for merchants migrating from Magento 1 or any other e-commerce platform.

At Crimson Agility, we value trust, accountability, best practices, being responsive, and high-quality work. Our ability to provide rapid high-quality implementations of Magento 2 is grounded in our experience, methodology, commit to training, and by our US-based staff of certified Magento professionals.

We are ready to provide a free estimate to upgrade your site