REPLATFORMING

Magento | Google ReCAPTCHA V3

Verifying Customers’ Identities

The goal of great digital commerce is to make the customer journey as simple and easy as possible from the time the customer enters your site to the moment a customer purchases your products.

Rather than having multiple points of verification, Adobe Commerce merchants are encouraged to implement configurations that allow a single validation for the whole shopping session. This creates a better customer experience where the focus is on purchasing your products.

Our recommendation is to enable Google ReCAPTCHA, this is a free tool available to all Adobe Commerce merchants. Due to the ease of use and advanced security, our recommendation is to enable Google ReCAPTCHA in your checkout process. This is the best way to impede “carding” attacks and other brute force attacks during checkout.

We’ve all tried to log into a website only to be challenged to click all the boxes containing traffic lights or storefronts or bridges in a frantic attempt to persuade the computer that we’re not a bot. Last fall, Google launched version 3 of the tool, an “invisible” version of ReCAPTCHA, with the goal of eliminating the annoying customer experience. Google ReCAPTCHA V3, is invisible to your customers, they won’t see the “I’m not a robot” checkbox, nor will they have to prove they can identify a traffic light. Behind the scenes, ReCAPTCHA is still conducting a risk assessment of that customer based on their activity and behavior on your site and as a result, preventing “carding” attacks and malicious actors access.

Google ReCAPTCHA V3 | Magento

If you are not using Google ReCAPTCHA V3, it is possible that you are seeing a higher rate of cart abandonment than you would with “invisible” ReCAPTCHA V3. Google ReCAPTCHA V3 is available in Adobe Commerce 2.4 (also known as Magento).

Recommended forms where you can enable Google ReCAPTCHA include:

• Admin Login
• User Login
• Create Account
• Newsletter Sign up
• Forgot/Reset Password
• Checkout

If you have any questions, you can contact us via the options on the Crimson Agility contact page.

Interested in learning more about “Adobe Commerce Security Best Practices” or for a Security Assessment contact us today.

Impact of Coronavirus on E-Commerce

Who would have figured, at the start of 2020, that people all over the globe would be sequestered to their homes? This is a time that affects things that we once thought were simple and easy are taken away from us. Even access to everyday necessities, such as toilet paper and bottled water, were stripped from the shelves in the blink of an eye. This did not only disturb our day to day lives but the economy as a whole. “Due to recent events, e-commerce has become almost a necessity. People are quarantined at home and spending more time shopping online. To maintain a competitive advantage this year and beyond, you may need to create and grow your digital presence.”

How has this affected the world of B2B and B2C e-commerce?

The World of E-Commerce Post Coronavirus

This year, e-commerce is expected to be a vital part of the economy at approximately 12% of all retail sales. Although this is good to hear from a business standpoint, this demand can be difficult for supply chains to keep up. For example, countries, like China, which were affected by COVID-19 earlier than most states, may need time to ramp up production, causing delays and shortages. This may be an opportunity to diversify traditional supply chain flows. 

According to Digital Commerce 360, “The coronavirus resulted in a surge in web sales for such merchandise categories as groceries, while at the same time bringing online orders to a trickle in segments that depend on discretionary consumer spendings, such as for luxury goods and jewelry.” With pandemic fever making millions run into the store and gobble up all the toilet paper in a twenty-mile vicinity. The shift moved away from typical markets both out of necessity and safety. Resulting in, once-solid markets, such as the cruise and airline industry, near collapse. 

How E-Commerce is Going to be the Solution

It has never been more vital to the world of e-commerce to provide a hands-free approach. With customer fears of entering public places such as stores, an omnichannel option has been even more appealing to customers. The industry has, temporarily, transformed because of the demand of people shifting from sales at traditional brick-and-mortar to online shopping. Does this shift have staying power and permanence – we’ll see.

COVID-19 has resulted in significant strain on some industries, but they are “Bending not Breaking.” This resulted in smart businesses to get innovative. Only around, “7.7% of the 208 store-based retailers in the Top 1000 had that capability as of the end of 2019.” Still, many stores such as Best Buy and Micheals have added curbside pick-up (6 ways the coronavirus pandemic will impact eCommerce). Curbside pick-up has been paired with the convenience of mobile apps. According to Walmart, its app that allows for mobile ordering and curbside pick-ups has had a download growth of 460% by the end of March 2020. 

How Crimson Agility can Help

Crimson Agility provides a range of services for your e-commerce needs. We know these times can be tough on your business, but let us help you try to get ahead in this post Coronavirus world. Magento allows for a wide range of potential, company enhancing, opportunities to upgrade your site or break into the e-commerce market. Please contact us to find out more details about how we can help at Crimson Agility Contact Us

Magento 1 End-Of-Life

The Impact of the Magento 1 End-Of-Life on PCI Compliance

What it means to be PCI Compliant and why it is important.

PCI Compliance is an essential component of any credit card companies security protocol. Being PCI compliant means consistently adhering to a set of guidelines set forth by the PCI Standards Council, an organization formed in 2006 for the purpose of managing the security of credit cards for online and offline transactions.

All companies that process credit card information are required to maintain PCI compliance as directed by their card processing agreements. PCI compliance is an industry-standard and requirement. Businesses that do not adhere to these standards can be held accountable for agreement violations and negligence.

Magento 1 EOL and the impact to PCI Compliance

As of June 30, 2020, Magento is ending support for all versions of its Magento 1 e-commerce platform. This means that Magento/Adobe will no longer be providing bug fixes, upgrades, and most importantly security patches. It is assumed that without Magento/Adobe’s oversight of Magento 1’s security, that no one will be monitoring or detecting any future vulnerabilities.  Actually, malicious characters will continue to look for vulnerabilities and exploits to attack.  The versions of Magento 1 that are impacted include Magento Commerce 1 (formerly known as Enterprise Edition) and Magento Open Source 1 (formerly known as Community Edition).

PCI Non-ComplianceGlobal PCI DSS standards require each entity to “develop and maintain secure systems and applications by installing applicable vendor-supplied security patches.” If you continue to use Magento 1 after June 30, 2020, your Magento instance is at risk for being out of compliance with Payment Card Industry Data Security Standards (PCI DSS). Your payment processors and merchant banks may view your Magento instance as no longer being secure and consequently non-compliant. Here are a few announcements from major payment processors related to Magento 1 end-of-life and PCI compliance. 

PayPal is indicating that you have one month after June 30, 2020 to get PCI Compliant.  They also indicate that all payment processors have the same obligations and requirements under PCI DSS.

What are your options?

Magento 1 merchants must take immediate action and should be actively planning and pursuing migration to Magento 2 or a modern actively-maintained e-commerce platform. Simply put, the risk and opportunity cost of maintaining a Magento 1 instance will increase over time the technology becomes more obsolete, and nefarious characters look for opportunities to exploit Magento 1.

  • Migrate to the Magento 2 Platform or migrate to another vendor-supported platform as soon as possible.  
  • PayPal and Crimson Agility are partnering to provide loans to help small businesses to help with the migration costs of migrating to Magento 2.
  • Companies like Webscale Networks and Nexcess also offer a safe harbor hosting for your Magento 1 sites if you are unable to migrate off of Magento 1 before the end-of-life.  This is a short-term solution, but Crimson Agility can help you understand these options and migrate to these experienced Magento hosting partners.  These options are short-term solutions and it is unlikely they address PCI compliance concerns fully.

We can help! 

Crimson Agility’s MAGENTO RAPID DEPLOYMENT PACKAGES are fixed-cost implementation solutions. Our packages are great for small to large businesses wanting to move to Magento Commerce® or Magento Cloud Edition®. Crimson Agility’s MAGENTO EXPRESS PACKAGES are available for merchants migrating from Magento 1 or any other e-commerce platform.

At Crimson Agility, we value trust, accountability, best practices, being responsive, and high-quality work. Our ability to provide rapid high-quality implementations of Magento 2 is grounded in our experience, methodology, commit to training, and by our US-based staff of certified Magento professionals.

We are ready to provide a free estimate to upgrade your site