SECURITY

Graduate from Magento 1 Open Source to Magento Commerce 2.3.3

Now is the time to graduate from Magento 1 Open Source to Magento Commerce 2.3.3. “But why? Open Source is free”. Believe me, we hear this all the time. Our Crimson Agility clients are no different and usually ask why they should build their site using Magento Commerce when Magento Open Source is free? We agree that Open Source is a great option. However, in the long run it is not the most cost-effective. Magento Commerce has additional features, the cloud infrastructure, and performance enhancements that are invaluable. With the Magento 1 end of life right around the corner (June 2020), now is the time to turn that tassel and graduate to Magento Commerce 2.

Let’s take a moment and look at the smaller picture here: not migrating from Magento 1.X to the most recent version of Magento 2. If you postpone the decision to make the leap to Magento 2, you are risking your business, reputation, customers data, and privacy not to mention their payment details.  Once Magento 1 is retired, your site becomes a target for those with nefarious intent. According to Magento, 83% of hacked sites were un-patched sites. When Magento 1 is retired, there will be no more patches available. It is like comparing the migration to not taking an Uber and risking the fines and life destruction from driving home from graduation only after a couple drinks. Yes, it can be that destructive.

When Magento 2 was released in 2015, it was not just a simple version upgrade. The new Magento 2 platform is a new improved platform built on state-of-the-art architecture. An outstanding 240,000 sites still utilize Magento 1 today. Mostly because of either the cost of migrating or procrastination. These store owners have also chosen in the past to stay on the comfortable older release to avoid breakage or revenue impacting downtime. But today, more and more educated store owners are realizing the benefits of investing in Magento Commerce 2 and are seeing the results of their investments. Here at Crimson Agility our 21 USA based certified developers have helped nearly 20 sites migrate while limiting downtime and not impacting revenue. Our customers are bringing in the new year stress free and will continue to grow their business safely.

What is New in Magento Commerce 2.3.3?

The new features in Magento Commerce 2.3.3 are amazing. There is so much to list but we encourage you to view Adobe’s Magento Commerce 2.3.3 Release Notes and read through all of the greatness for yourself. Below we have outlined some key points of Magento Commerce 2.3.3 enhancements announced November 7, 2019:

  • Over 100 security fixes reducing backend log significantly
    • Support for PSD2 compliance support
    • Supports PHP 7.3 (7.1 end of life is November 30, 2019)
  • Google Shopping Ads Channel is now part of the core code – cut ad spend by 50%!
  • Amazon Sales Channel in now part of core code
  • Progressive Web Application (PWA) Studio – fast page performance and increase SEO and conversion rates
  • Cloud enhancements
  • Product recommendations powered by Adobe Sensei
  • Superior Experiences – Deliver best-in-class B2B and B2C shopping experiences that accelerate sales
  • Omnichannel innovations – sell everywhere, deliver anywhere managing products, inventory, orders and fulfillments
  • Commerce Intelligence – enable intelligent experiences, uncover insights, and employ better measurement

How Can Crimson Agility Help you?

We have migration options! We offer three MAGENTO QUICK START PACKAGES that are fixed-cost implementation solutions. Our packages offer great price points whether you are a small business or large enterprise wanting to move to Magento Commerce. Making the move doesn’t have to be hard and will result in improved security & performance, seamless shopping everywhere with PWA, increased conversion rates, more streamlined operations, and a better overall end-user experience.

Contact us today and learn more, we are here to help and love what we do.

About Crimson Agility: We are a full service Magento services firm with an in-depth knowledge of the Magento platform and e-Commerce, a broad set of design, development, integration and marketing skills, as well as years of industry experience and successful implementations.

Until next time, let’s get social!  Like us on Facebookfollow us on TwitterInstagram and on LinkedIn.

header image for blog post

Why Use Two-Factor Authentication?

Why Use Two-Factor Authentication?

Using the web can be rewarding, but with those rewards come some risks. We’re all connected on the internet, and with that connectivity we are at risk from malicious actions and attempts to gain access to our sensitive information. In E-Commerce we apply best practices to protect companies and individual buyers from these potential security risks. Magento Two-Factor Authentication (TFA) allows for all users to secure their information from cyber attacks.  This authentication method works by attaching specific accounts to a users personal device which adds an additional layer of confirmation for the online service, and peace of mind for the individual logging in. Protecting users from fraud protection is only one of the benefits to using this method. It also provides a way for technology novices and experts to better safeguard their account information. Here are some of the best Magento extensions and tips that can protect your website and your customers from potential attacks.

Improved Security

Strong passwords are a great place to start, but hackers still have methods to crack even the most creative of passwords. Two-Factor Authentication adds a physical action to logging in by incorporating a device, such as a smartphone, tablet, or token. A one time code is generated and delivered to the user in the form of an SMS or automated call that cannot be hacked. 

Lower Customer Service Cost

Using a Two-Factor Authentication can help curb the cost of customer service issues. Auth0 states from an HDI study that 35-40% of service calls are related to password resets. By implementing TFA you can effectively eliminate password reset calls from getting to customer service. TFA can save the company money and resources by reducing low tier issue calls and keeping customer service focused on other, more important, issues.

Reduce Online Fraud

There have been a recent slew of data breaches recently. Large companies like  Facebook, Yahoo, and Target have suffered from successful cyber attacks exposing hundreds of millions of customers personal information.  It becomes apparent that data breaches could happen to any company. This is why companies like Gmail, Apple Pay, PayPal, Evernote, Dropbox, and LinkedIn have moved to Two-Factor Authentication. It prevents sensitive information from falling into the wrong hands. However, the protection of data can be left in the right hands, every company should be proactive and take it upon themselves to protect their customers from potential threats online.

How to Better Protect Your Users?

You can start taking action by using Magento Two-Factor Authentication extensions on your E-Commerce store. Some extensions that are already in use: Google Authenticator, U2F Devices, Duo Security, and Authy. Become proactive and don’t wait to react to cyber threats. Empower yourself and your customers to bring cyber security into the physical world by using TFA.

Security and staying updated is essential for any eCommerce experience. Let us here at Crimson Agility handle your Magento and eCommerce questions. Contact Crimson Agility today to see what would work for your security needs.

Until next time, let’s get social!  Like us on Facebookfollow us on TwitterInstagram and on Linked In.

Thanks for stopping by!

Crimson Agility Team

Why You Should Upgrade to Magento 2.3

Magento has announced that as of January 2020, Magento 2.2 will no longer be supported. This means new versions will no longer be released for any Magento 2.2 instance, whether it’s security updates or bug fixes. With this news, you should be looking to upgrade to Magento 2.3 in the near future. In this post, I will explain the major differences between 2.2 and 2.3, and why you should be upgrading. There are many minor bug fixes and security updates that have happened in the changelogs for 2.3, but I will be mainly focused on the major changes: new functionality and major security improvements.

Magento Open Source

Magento Open Source 2.3 comes with quite a few new features, such as Multi Source Inventory, PWI, declarative schema, GraphQL, and many others. In this section we will go in-depth for each one.

Multi-Source Inventory

Multi Source Inventory (MSI) allows merchants to have multiple different warehouses, brick and mortar stores, or distribution centers, and ship from each one depending on which location has the product ordered in stock and even which warehouse is closest to the shipping address on the order. This can help decrease not only shipping times, but also shipping costs.

PWA Studio

Progressive Web Apps (PWA) Studio allows for developers to create a much more intuitive mobile application and can increase performance on mobile devices immensely. In 2018, over 52% of all web traffic came from mobile devices, so having a performative, intuitive, and attractive mobile website is vital in today’s day and age.

GraphQL

This is more of a developer’s tool, however it’s incredibly useful. This allows much quicker and easier manipulation of databases. When used correctly, it can send and receive database information much more efficiently than the standard MySQL system that Magento 2.2 uses 

Declarative Schema

This is another developer tool but is also really helpful for Magento when releasing new security patches. Declarative schema allows developers to declare how they want the database to be structured without having to maintain an upgrade or install script in the module. This means that Magento can make database schema changes in patches, which wasn’t previously possible. 

Magento Commerce

Magento Commerce has all of the Magento Open Source changes, along with a few extras. In this section we will go over a few of the improvements that aren’t included in the Magento Open Source Version.

Page Builder

One of the most impressive improvements in Magento 2.3 thus far is the page builder. This has vastly improved the CMS content development and makes it extremely easy for merchants to set up their static content without the need of a developer.

CMS Improvements

In situations where you use the WYSIWYG editor but the page builder isn’t available, the WYSIWYG editor has also had some great improvements. If you’ve used the Magento 2.2 WYSIWYG editor, you have probably noticed a plethora of icons, many of which are hard to understand. In 2.3 they streamlined the WYSIWYG editor to look much more simplistic and easier to understand.

 

There’s a multitude of reasons to upgrade to Magento 2.3. Due to a SQL injection vulnerability found in 2.3.0, we highly recommend skipping 2.3.0 and upgrading straight to 2.3.1. If you are already on 2.3.0 and haven’t applied the patch to fix the vulnerability or upgraded to 2.3.1, upgrade immediately. For those of you currently on 2.2, due to Magento dropping support of 2.2 as of January 2020, it’s best to upgrade soon. We can help you upgrade to 2.3.1 as well! Just contact us here so we can get started. 

Have you heard about our new webinar happening on June 20th? We are going to be discussing about B2B commerce and using Magento 2.3 It will begin at 9:00 AM

Until next time, let’s get social!  Like us on Facebookfollow us on TwitterInstagram and on Linked In.

Thanks for stopping by!

Crimson Agility Team

Magento Authorize.net Direct Post End-Of-Life Demystified

Authorize.Net alerted customers recently that it was phasing out MD5 based hashes. These are used for transaction response verification from Magento’s Direct Post payment method. Magento has announced a patch to address this issue. The first step is currently in effect, merchants are no longer able to configure or update their MD5 Hash settings in the Merchant Interface. On June 28, 2019, Authorize.Net will stop populating the MD5 Hash Value altogether. This will in effect make it impossible to process payments for merchants who use Authorize.Net Direct Post method in Magento.

For all Magento versions prior to Magento 2.3.1 (including Magento 1.9 and 1.14 and below) Authorize.net Direct Post was a native payment application within Magento’s platform. This payment method will no longer be valid after June 28, 2019. This could result in lost revenue and downtime for merchants.

In order to continue processing these payments, Magento has provided a solution in the form of patches which can be applied for both Magento 1.X and Magento 2.X.  These patches for Magento must be applied within the code base and deployed to the merchant’s production server before June 28th to ensure continuity of service. Additionally, the merchant must generate a signature key within their authorize.net portal, and insert this into the admin configuration.

If any of this sounds technical, its because it is. The patch provided requires updating your Magento code. After the patch is applied, it is important to verify that any customizations dependent on the Authorize.net module are not impacted by the patch and appropriate configurations within the payment portal are properly tested.

Crimson Agility is well-versed in this process and has already completed the necessary changes for all their clients. If you are concerned your site might be at risk, please contact us for Magento Support through our contact form or call us directly for assistance.

For more information on this issue see the following:

Why are Poor Search Results Killing your Sales?

What is the first thing you do when you are online shopping or looking for a particular product?  If you are like 60% of consumers, you start your research on a search engine before heading to a specific website. On average, those same consumers visit at least 3 online stores before making their purchase. That means that by the time consumers come to your site, they have already done their research and they are ready to make the purchase.  At this point, it becomes increasingly important for the consumer to find what they are looking for, at the right price, with low/no shipping costs, and within an environment they can trust. All of these factors contribute to the success of your business, however, searchability is becoming increasingly important if you are to secure a sale. After all, customers can’t buy what they can’t find. So if you haven’t already thought about it, it is time to look under the hood and find out just how good your site search is. Here are some things to consider:

Time is of the essence

On average, 30% of the visitors on your site will use the search box. Once they arrive at your site, they are in “buying mode”. They have completed their research and all they need is a final view at the product details such as the price, availability, and delivery costs.  You can help customers find what they’re looking for by offering a user-friendly site search experience. Make sure that the search box is visible and results are fast. It is all about encouraging them to make that purchase.

50% higher conversion rate

A user-friendly site search experiences can lead to conversion rates up to 50% higher than the average. When searching for a product, the expected result is a direct link to the product’s detail page. Good search results can yield higher sales because customers who find what they are looking for easily are more likely to buy it on the spot. Customers who can’t find the information they’re looking for leave your site within minutes, only to make a purchase at someone else’s site that can yield the expected results.

Offer Suggestions

Offering related products as part of a search result can encourage visitors to view more products. About one fourth of site visitors will click on a search suggestion. These suggestions can be cross-sell or up-sell items that complement the product they searched for. If several models or options are available they can also be displayed as suggestions.

Allow flexibility of display results

Allow for results to be displayed in grid or list views. Consumers enjoy having the flexibility to decide in how results are displayed. Having these options can improve their experience on your site and potentially increase the chances of customer retention and loyalty.

Auto-complete can boost conversion rates

Using an auto-complete tool that begins to search as the customer is typing, offers a number of advantages: it speeds up the search process for users, it helps to avoid misspellings, and it can also ensure searches return a product result. If it is well implemented, auto-complete can save customers a lot of effort, in addition to speeding up the search process. More intuitive search and navigation means higher conversion rates.

Zero results page

If customers have searched for a product that you don’t stock, it doesn’t have to end with a ‘no results found’ page. You can provide a list of alternate products that may be related to the searched item. In addition, zero results pages can be a valuable source of information for you as an online retailer. Use the zero results page to discover new trends and then stock what is needed. Keep an eye on your site’s keyword search results. Tracking this data can inform you of products customers are looking for that you don’t currently stock.

Too many search results

Another definition of a poor  search result is returning hundreds or even thousands of results. Too many results coupled with poor filtered navigation options is detrimental to your sales. Any decent site search tool will cater for synonyms, such as with synonym lists. By mining older search data to understand the specific terms the audience are using to find products, adjustments can be made to drive better results.

With that said, how can you improve searchability on your site?

If your store is built on Magento 2.x Enterprise Edition, you get ElasticSearch for searching your catalog. ElasticSearch performs quick and advanced searches on products in the catalog, supports multiple languages, supports synonyms, and returns results based on the last generated index. ElasticSearch is accurate and scalable and it allows you to customize reuslts by tracking terms that consumers type into the search box to direct customers toward a particular product or result. By improving the site search results, you can directly impact the experience for users and increase conversions.

Even with all of the features mentioned above, the native Magento search functionality can be lacking. To bridge the gap, we recommend to our clients that they invest in a third party search solution. We recommend using Klevu, which is a market-leading search solution that uses natural langauge processing (NLP) and machine learning to provide more accurate results and allows for far more complex merchandising. Klevu is a very robust and cost effective solution and in our experience has yielded very positive results.  Some of the features we (as well as our customers) like:

  • Advanced product boosting (either at SKU level or based on attribute rules)
  • Comprehensive reporting (which products are performing best)
  • Natural language processing (deeper understanding around queries)
  • Machine learned results (self-learning based on what users are searching)
  • Ability to index more content
  • Quick search (fast search results
  • Awesome UX (results in a user-friendly layout)

We have seen improved search results and increased conversions with the implementations we have completed for our customers. If you are interested to find out more, stay tuned as we dig deeper into the topic of site/product searching in our March series of social posts, blog posts and our new upcoming newsletter. We will be exploring features around Klevu and a client success story later this month.

In the mean time, please add your comments below and let’s get social!  Like us on Facebookfollow us on TwitterInstagram and on Linked In.

Thanks for stopping by!

Crimson Agility Team

IS YOUR MAGENTO SITE SECURE?

Let’s face it, hackers are out there. They are a fact of life in cyberspace. Magento is diligent about making sure that they plug vulnerability holes wherever they exist in the infrastructure of your Magento e-commerce site.  Let Crimson Agility update your Magento platform to keep it secure. Your Magento platform is there, to supercharge your e-Commerce site. Just like with any computer system, maintenance is an important factor. Magento and Crimson Agility take security very serious and the newly released critical security updates are important to keep hackers at bay.

Here are some of the things we can help you with:

SUPEE-10266 Security Patch
For Magento 1.x and 2.x versions, the Security Update SUPEE-10266 was created to address recently identified vulnerabilities. You can check your site at MageReport.com for an assessment of your site’s health and security before and after applying the security update.

Update to the latest version of Magento
In addition to security patches, updating your version of Magento to the latest version will also help keep your site in tip top shape.

For Magento Commerce the latest version is 1.14.6 and Open Source to 1.9.3.6.  The latest versions contain multiple security enhancements that help close cross-site request forgery (CSRF), unauthorized data leak, and authenticated Admin user remote code execution vulnerabilities.

For Magento 2.x, update to Magento 2.0.10 for Community Edition and Magento 2.1.2 for Enterprise Edition for the latest security updates. The Magento 2.0 Upgrade Guide and Magento Security Best Practices are great resources for keeping your Magento site safe and secure.

Keeping your Magento E-commerce site up to date and secure can be a daunting task, but it doesn’t have to be. Just call Crimson Agility today we can get your upgrade scheduled and done in no time at all! Contact us and we’ll answer your questions.

Until next time, let’s get social!  Like us on Facebookfollow us on TwitterInstagram and on Linked In.

Thanks for stopping by!

Crimson Agility Team

NEW MAGENTO SECURITY UPDATE – SUPEE-8788

Let’s keep your Magento platform up-to-date and secure.  Your Magento platform is there to supercharge your e-Commerce. Just like with any computer system, maintenance is an important factor. Magento and Crimson Agility take security very seriously and the newly released critical security updates are important to your Magento site’s security and performance.

 

For Magento 1.0, the Security Update, SUPEE-8788, was created to address recently identified vulnerabilities.  If you need assistance with this update or any update, contact Crimson Agility to get this scheduled and to keep your Magento platform secure.  You can check MageReport.com for an assessment of your sites health and security before and after applying the security update.

In addition, Magento released upgrades to Magento Community Edition and Enterprise Edition, versions 1.9.3 and 1.14.3 respectively.  With these new releases Magento had added support for PHP 5.6 which has some significant performance benefits.  Check the Magento 1.9.3 and 1.14.3 release notes for more fixes and new features.

For Magento 2.0, download Magento 2.0.10 for Community Edition and Magento 2.1.2 for Enterprise Edition for the latest security updates.  The Magento 2.0 Upgrade Guide and Magento Security Best Practices are great resources for keeping your Magento site safe and secure.  For the less technical, call Crimson Agility today to get your upgrade scheduled.

If you have any questions on these security updates or upgrades, contact us and we’ll answer your questions.  We have already updated over 40 sites for our current clients.

HOW DOES SITE SECURITY BUILD TRUST WITH CUSTOMERS?

For all of the things that are great about the internet, there’s still one thing that makes many people hesitant to use it for sensitive transactions. Not having the ability to directly monitor where their information goes and who sees it along the way can leave people hesitant to provide financial information and other sensitive data. This can be a major hurdle that many small online retailers have to face when they are just starting out.

Demonstrating trust and security doesn’t only apply to small online retailers, but it also impacts large retailers like Target, whose information got hacked and resulted in compromised credit card information for over 40 million consumers. Here are some common questions consumers have for online retailers when it comes to the security of their sites:

  • Are there common consumer online fraud scenarios to be aware of?
  • Is your site secure for credit card transactions?
  • Will my data get hacked and will my personal information be in the hands of criminals?
  • What does your company do to protect my information?
  • What can I do if I suspect fraud or if I’m a victim of fraud?

Crimson Agility understands these concerns and has recently partnered with Norton Shopping Guarantee to provide customers with both the mental and financial peace of mind that Norton Shopping Guarantee can provide.

Norton Shopping Guarantee is an industry-leading software for antivirus, malware prevention, threat identification and transaction security. After years of experience in online threats and data breach prevention, Norton Shopping Guarantee is confident enough in its ability to protect customers from such threats that it’s prepared to stand by its promise with financial reimbursement. When you sign up with Crimson Agility as a Magento service client, your customers automatically receive the protection that comes with Norton Shopping Guarantee. This includes:

  • Identity theft protection up to $10,000: If you suffer a data breach that leads to identity theft and all that can entail, the guarantee will cover up to $10,000 in costs related to fixing the problem. This includes things like attorney fees and credit disputes.
  • $1,000 Purchase guarantee: This covers the resolution of purchases that don’t meet the buyer’s expectations. Norton will work with both parties to resolve the conflict and will provide reimbursement of up to $1,000 if the conflict isn’t resolved and Norton rules in the customer’s favor.
  • Lowest price guarantee: The online shopping world moves fast, and finding the lowest price is important to shoppers. If an item is offered by another merchant at a lower price within 30 days, Norton will cover the price difference up to $100.

Show Your Customers That You’re Serious About Security

To be successful in online retail, it’s essential that your customers have faith in your ability to protect them and offer them the best and safest shopping experience possible. With Norton Shopping Guarantee, you can reassure your customers that you’re doing everything possible to protect them as well as offering them insurance in the event that something does happen. With a Crimson Agility and Norton Shopping Guarantee partnership, you can enjoy peace of mind knowing that you’re offering your customers the protection they expect and deserve.

If you’re looking to update the security of your e-commerce site and make it secure and reliable for your customers, we invite you to schedule a complimentary consultation with one of our Certified Magento Professionals.

4 WAYS TO INCREASE THE ONLINE SECURITY OF YOUR E-COMMERCE SITE

Online security is one of the most important features of any e-commerce site.  Users want to be able to trust your web site, regardless of how it looks or performs, before using it.

With modern hacker techniques, even the most harmless user information can be leveraged into an attack on your customers, so it is critical that your e-commerce site be secure and reliable. Here are four ways to help improve the online security of your e-commerce site:

  1. Use a secure connection for checkoutSSL certificates are fundamental to your customers’ online security. They encrypt the information during the checkout process to make certain that even if the data is intercepted it is useless to anyone other than the intended destination.  Additionally, more and more customers are looking for the https, where the “s” stands for “secure”, when shopping online. Update your site to use SSL (https) on the entire site – not just during checkout. Make sure your site reassures your customers and protects their personal information.
  2. Only store the customer information you need: Hackers are very sophisticated when it comes to victimizing users. The best way to protect your customers is store only the information you need.  Avoid storing information that might be useful later, or that was used but is no longer necessary. Also, make certain you have verification procedures in place. If your customers have membership accounts, insist on strong passwords, and train your employees on the proper ways to handle this data.
  3. Conform to the PCI DSS – The PCI (Payment Card Industry) Security Standards Council is a global body led by the five main credit card companies.  The Council exists to help businesses meet the stringent requirements they require when using credit card information.  They publish the PCI DSS which is a security self assessment tool, and is designed to help companies be as secure as possible.  Whether or not your business uses credit card information directly, being able to successfully conform to the PCI DSS means your site is as secure as some of the best on the web.
  4. Remain Up-to-date with Security UpdatesAvoid becoming comfortable with your security.  Your security personnel should always be updating their knowledge.  Security should be performing tests on a regular bases, including attempting to compromise the site’s security. Work with certified Magento professionals, like Crimson Agility, to ensure your site remains secure and up-to-date with all the latest security updates. Request a security audit of your site to ensure you are following all Magento security “best practices”.

Online security is an ongoing journey with no end point.  As long as there is data to be stolen, hackers will try to steal it. If you’re looking to update the security of your e-commerce site and make it secure and reliable for your customers, we invite you to schedule a complimentary consultation with one of our Certified Magento Professionals.

NEW MAGENTO SECURITY PATCH UPDATE: SUPEE-7405 AND SUPEE-7616

Last week, Magento released a security update patch, which includes Security Patch Bundle SUPEE-7405 and USPS Patch SUPEE-7616. The update is intended to improve both the security and functionality of Magento sites for all editions.

The SUPEE-7405 patch resolves several security related issues, and also contains important functional updates such as official support for PHP 7.0.2, which should reduce memory consumption as well as provide other dramatic improvements to performance. The patch is available for Magento versions 1.4.0.0 – 1.9.2.2 and 2.0.0.0 – 2.0.1.0.

The SUPEE-7616 patch addresses several changes USPS recently made to their services, rates and package names in all new releases for Enterprise and Community Editions. It is only applicable to customers using USPS as a shipping method and is non-critical.

Security updates and patches are essential for maintaining the security of your website and preventing hackers from being able to access important databases. If you’re currently running an older Magento version, you should definitely upgrade as soon as possible, as there are security issues, performance improvements, and a wealth of usability options that you’re missing out on.

Some of these upgrades will simply make your life a lot easier, but others are absolutely mission-critical. Crimson Agility has a 100% success rate with upgrading Magento platforms, and given our proven methodology and state-of-the-art development environments, we eliminate any risks that come with upgrading your Magento platform.

If you’re interested in upgrading to the latest version of Magento, we invite you to schedule a complimentary upgrade assessment and estimate with one of our Certified Magento Professionals.