What Were Mentioned In The Announcement?
Recently, many Magento 1 store owners have received an email notifying them of Magento 1.x Platform End of Life. Surprisingly, that email did not come from Magento but from PayPal. It reminds merchants about Magento 1 EOL date, mentions its related risks, and recommends timely Magento 2 migration:
At the same time, PayPal pointed out the consequences of not migrating to Magento 2 on its website and urged merchants to take proper actions:
Why Should We Care?
Although PayPal did not reveal whether they will stop providing support for Magento stores or not, its announcement emphasized threats of Magento 1 EOL to help the merchants know what they are going to face and how to deal with it.
1. PCI DSS non-compliant Magento merchants can be fined up to $100,000 per month
Due to Magento 1 EOL, there will be no more security patches for Magento 1’s vulnerabilities that may occur after June 2020. As a result, merchants are likely to fall out of PCI DSS compliance.
What is PCI DSS?
Not only Magento stores but also all e-commerce websites in the world that allows credit card payments must comply with the requirements of Payment Card Industry Data Security Standards (PCI DSS).
Although PCI DSS is governed only by large credit card companies (VISA, Mastercard, Discover, and American Express), you have to follow its requirements regardless of your selected payment services to ensure secure transmission, storage, and handling of cardholder information.
The requirements include general practices, such as restricting access to cardholder data and generating non-default passwords, along with in-depth practices like the application of firewalls and encryption.
Which requirement of PCI DSS do Magento 1 stores violate?
As the PCI DSS’s Requirement 6, e-commerce stores are required to “develop and maintain secure systems and applications… by installing applicable vendor-supplied security patches.”:
Without important security patches from July 2020, it’s impossible for Magento 1 merchants to meet the above requirement!
What happens if Magento stores are not PCI DSS compliant?
No good will come from ignoring PCI DSS compliance.
Firstly, if the customer information (cardholder data) is leaked after making purchases on the website, Magento merchants could face heavy fines from $5,000 to $100,000, depending on the severity of the situation, the number of card transactions, and how long the stores have violated…
Secondly, those Magento 1 websites will even lose the ability to accept payment cards.
2. PayPal might end its support for Magento 1 stores anytime
As we already know, PayPal is the leader in providing a fast and secure way for customers to make online payments worldwide. This payment gateway is integrated with the Magento platform by default to allow the customers to pay online using their debit or credit cards. Therefore, over 50% of Magento stores now are using PayPal as their major payment gateway.
How terrible would it be if PayPal ended its service for Magento 1 stores?
It’s worth noting that not only Magento merchants but also all of the payment processors have to be PCI DSS compliant. Owing to that, if PayPal continues making concessions to Magento 1 websites after Magento 1 EOL, it might negatively affect its reputation.
What is more, since PayPal is in close partnership with Magento, it will help Magento to encourage the platform users to migrate from Magento 1 to Magento 2.
For the above reasons, it’s likely that PayPal will cease supporting Magento 1 websites sooner or later, which might result in a lot of hazards:
In the first case, assuming that the Magento stores did not timely update PayPal’s policy and still offering the payment method via PayPal on their website. Consequently, shoppers couldn’t process their payments and abandoned their carts.
In the second case, on the assumption that the Magento merchants quickly replace PayPal by another payment gateway; however, the buyers did not find their familiar and reliable payment method and then they left the store.
3. Not only PayPal gave warnings to Magento stores
There is a high possibility that other credit card companies may also revoke the right of Magento 1 stores to process credit card transactions.
Latterly, VISA calls upon Magento merchants to carry out Magento migration from 1 to 2 or from Magento to another e-commerce platform to remain PCI compliant. In addition, they indicated 5 consequences of remaining Magento 1 platform:
How could Magento stores survive when being declined by all payment gateway providers?
4. Data breaches will damage Magento stores’ reputation
In addition to the penalties and fines, Magento stores might confront a dramatic decrease in the number of visitors and suffering in revenue.
Some reports showed that nearly 70% of online purchasers would stay away from e-businesses that are related to non-compliant security standards and data breaches.
Furthermore, Magento 1 merchants should prepare for even worse situations when being sued by the buyers whose information has been stolen. Also, they probably have to compensate the cardholders with credit monitoring or identity theft insurance, which are definitely not cheap.
5. More risks are coming…
Magento 1 EOL can lead to worse situations than what the stores can imagine.
For example, it creates “favorable” conditions for hackers to track the insecure holes in Magento websites. Now, they are able to steal the customers’ credit card and order details, as well as other confidential business information. Additionally, if the hacker successfully deletes the website’s data, the Magento stores may experience a lengthy website downtime.
Furthermore, most of the Magento development companies now have switched their attention to Magento 2 development. As a repercussion, if the website is hacked, it would be challenging for Magento store owners to find help from those firms. In other words, they will have to figure out how to fix the issues themselves.
Don’t Panic. There is a solution!
As suggested by both PayPal and VISA, Magento stores should start Magento 2 migration or alter to another e-commerce platform as soon as possible.
Compared to changing the website to an entirely different platform, moving up with Magento’s latest version is more recommended. In essence, the way Magento 1 and Magento 2 work are similar, only the interface and functionality are improved.
If you want to migrate Magento 1 to 2, choosing one of our Magento 2 Migration Packages will help you to do it at the most affordable price. In June 2020, we are offering an attractive discount – 10% off the total cost for all Magento 2 migration projects. Contact us now (firstname.lastname@example.org) to get a perfect plan and free quote for your migration!
Magento 1 EOL is unavoidable. Up to now, only PayPal and VISA have warned Magento stores to be careful of Magento 1 end of support. However, there might be many payment processing companies that will close their doors to those stores. Therefore, all Magento merchants should take prompt actions to rescue their stores from a wide range of dangers.