Some of our clients got the same email from PayPal, telling (most of the clients thought at first) that PayPal will no longer support old Magento stores and allow them to use the PayPal payments.
Therefore, Magento 1 store owners are getting worried and looking for any workarounds for this. And, as a result, we are having these conversations with merchants every day, so we decided to provide our feedback.
Many Magento store owners are in the same boat, as they have Magento 2 migration on their to-do list, but won’t be able to get done it by June.
Some of them use Nexcess Safe Harbor to put their M1 sites into a little bubble for the transitional period.
Meanwhile, others even start thinking about migrating to an alternative platform (e.g. Shopify or WooCommerce).
In June 2020, the Magento 1.x eCommerce platform will reach its End of Life (EOL).
Since mid-2014, Magento 1 hasn’t had any new major releases. Magento and Adobe’s priority has been on creating the newer Magento 2 framework, so it’s understandable that Magento wouldn’t be able to support two platforms indefinitely.
When support ends, Magento 1 sites will become increasingly vulnerable to security threats and no further features or innovations will be added. This means the continued security of your customers and your business would be at risk.
The threat of Magecart (e-skimming) hackers targeting Magento 1.x sites post-EOL adds a degree of urgency to the situation.
In short, this Paypal email concerning Magento EOL doesn’t say PayPal will no longer allow them to be used, just that there are lots of risks and need to upgrade. This is much the same message as Visa put out a month ago.
Well, let’s clear up that confusion.
Our clients contacted PayPal Technical support and as we can see, PayPal will not turn off your compliance because you’re on an EOL platform.
According to PCI Council Compensating Controls guidelines, if you can demonstrate that you are doing everything within your power to protect your storefront, putting good security protocols in place, doing more scanning, more monitoring, documenting a clear and concise action plan in the event of an attack, and work with reputable patch providers, you can and will retain PCI DSS compliance.
And here is our video feedback on the issue ⬇️⬇️⬇️
Thanks for watching! We hope, this video will straighten you out!
We know that COVID-19 might really adjust or change your plans. We hope, not that much!
And if you are still on Magento 1 and were just planning to migrate to Magento 2 in the near future, probably it’s not the right time yet. Moreover, there are better ways to go.
Web hosting experts Nexcess in the US has launched an interesting hosting product called Magento 1 Safe Harbor. The product provides malware detection and threat monitoring for your store after Magento 1 reaches End of Life in June 2020.
To sum up, you can stay on M1 as long as you can demonstrate to the PCI Council that you take your customers’ security seriously and that you have put every possible measure in place to secure your storefront.
There are plenty of open-source platforms in the world that are secure enough to warrant PCI compliance. Like M1, they have a community around them that builds these patches.
Some useful links for you as you research this further + Magento community offers:
If you need a hand maintaining your Magento 1 website, please click the button below to start discussing your requirements.
Don’t sweat it! And, please, take care of yourself! 🙏