What Were Mentioned In The Announcement?
Many Magento 1 store owners have recently received an email notifying them of Magento 1.x Platform End of Life. Surprisingly, that email did not come from Magento but PayPal. It reminds merchants about Magento 1 EOL date, mentions its related risks, and recommends timely Magento 2 migration:
At the same time, PayPal pointed out the consequences of not migrating to Magento 2 on its website. Then, urged merchants to take proper actions:
Why Should We Care?
Although PayPal did not reveal whether they will stop providing support for Magento stores, its announcement emphasized threats of Magento 1 EOL to help the merchants know what they are going to face and how to deal with it.
1. PCI DSS non-compliant Magento merchants can be fined up to $100,000 per month
Due to Magento 1 EOL, there will be no more security patches for Magento 1’s vulnerabilities that may occur after June 2020. As a result, merchants are likely to fall out of PCI DSS compliance.
What is PCI DSS?
All e-commerce websites that allow credit card payments must comply with the requirements of Payment Card Industry Data Security Standards (PCI DSS).
Although PCI DSS is governed only by large credit card companies such as VISA, Mastercard, Discover, and American Express. We have to follow its requirements to ensure secure transmission, storage, and handling of cardholder information.
The requirements include general practices, such as restricting access to cardholder data and generating non-default passwords, along with in-depth techniques like the application of firewalls and encryption.
Which requirement of PCI DSS do Magento 1 stores violate?
As the PCI DSS’s Requirement 6, e-commerce stores are required to “develop and maintain secure systems and applications… by installing applicable vendor-supplied security patches.”:
Without essential security patches from July 2020, Magento 1 merchants can’t meet the above requirement!
What happens if Magento stores are not PCI DSS compliant?
No good will come from ignoring PCI DSS compliance.
Firstly, suppose the customer information (cardholder data) is leaked after making purchases on the website. In that case, Magento merchants could face heavy fines from $5,000 to $100,000, depending on the severity of the situation, the number of card transactions, and how long the stores have violated…
Secondly, those Magento 1 websites will even lose the ability to accept payment cards.
2. PayPal might end its support for Magento 1 stores anytime
As we already know, PayPal is the leader in providing a fast and secure way for customers to make online payments worldwide. This payment gateway is integrated with the Magento platform by default to allow the customers to pay online using their debit or credit cards. Therefore, over 50% of Magento stores now are using PayPal as their primary payment gateway.
How terrible would it be if PayPal ended its service for Magento 1 stores?
It’s worth noting that not only Magento merchants but also all of the payment processors have to be PCI DSS compliant. Owing to that, if PayPal continues making concessions to Magento 1 websites after Magento 1 EOL, it might negatively affect its reputation.
Moreover, since PayPal is in close partnership with Magento, it will help Magento encourage the platform users to migrate from Magento 1 to Magento 2.
For the above reasons, PayPal will likely cease supporting Magento 1 websites sooner or later, which might result in a lot of hazards:
In the first case, assuming that the Magento stores did not timely update PayPal’s policy and still offering the payment method via PayPal on their website. Consequently, shoppers couldn’t process their payments and abandoned their carts.
In the second case, on the assumption that the Magento merchants quickly replaced PayPal with another payment gateway; however, the buyers did not find their familiar and reliable payment method, and then they left the store.
3. Not only PayPal gave warnings to Magento stores
There is a high possibility that other credit card companies may also revoke the right of Magento 1 stores to process credit card transactions.
Latterly, VISA calls upon Magento merchants to carry out Magento migration from 1 to 2 or from Magento to another e-commerce platform to remain PCI compliant. In addition, they indicated five consequences of the remaining Magento 1 platform:
How could Magento stores survive when being declined by all payment gateway providers?
4. Data breaches will damage Magento stores’ reputation
In addition to the penalties and fines, Magento stores might confront a dramatic decrease in the number of visitors and suffering in revenue.
Some reports showed that nearly 70% of online purchasers would stay away from e-businesses related to non-compliant security standards and data breaches.
Furthermore, Magento 1 merchants should prepare for even worse situations when being sued by the buyers whose information has been stolen. Also, they probably have to compensate the cardholders with credit monitoring or identity theft insurance, which is not cheap.
5. More risks are coming…
Magento 1 EOL can lead to worse situations than what the stores can imagine.
For example, it creates “favorable” conditions for hackers to track the insecure holes in Magento websites. Now, they are able to steal the customers’ credit card and order details, as well as other confidential business information. Additionally, if the hacker successfully deletes the website’s data, the Magento stores may experience a lengthy website downtime.
Furthermore, most of the Magento development companies now have switched their attention to Magento 2 development. As a repercussion, if the website is hacked, it would be challenging for Magento store owners to find help from those firms. In other words, they will have to figure out how to fix the issues themselves.
Don’t Panic. There is a solution!
As suggested by both PayPal and VISA, Magento stores should start Magento 2 migration or alter to another e-commerce platform as soon as possible.
Compared to changing the website to an entirely different platform, moving up with Magento’s latest version is more recommended. In essence, Magento 1 and Magento 2 work are similar; only the interface and functionality are improved.
If you want to migrate Magento 1 to 2, choosing Tigren’s Magento 2 Migration Services will help you do it at the most affordable price. Contact us now ([email protected]) to get a perfect plan and free quote for your migration!
Magento 1 EOL is unavoidable. Up to now, only PayPal and VISA have warned Magento stores to be careful of Magento 1 end of support. However, there might be many payment processing companies that will close their doors to those stores. Therefore, all Magento merchants should take prompt actions to rescue their stores from a wide range of dangers.