Magento 1 eCommerce websites are not PCI compliant - what does this mean for merchants?

In the UK alone, there are almost 3,000 live Magento 1 websites that are not compliant with PCI DSS (Payment Card Information Data Security Standard) rules – if this affects your website, you have options to get it resolved.

As of 30th June 2020, Magento 1 was no longer supported for updates and patches, which could mean you’re unprotected when it comes to taking card payments from your customers. As part of the PCI compliance rules, you must be using a currently supported platform to ensure customer payment data is handled safely and sensitively, regardless of your payments plugin(s).

A quick recap of the PCI compliance guidelines.

Online shops must offer secure payment methods for their customers. This can be achieved by adding integration modules for payment providers into your site, such as Mollie, Stripe or Worldpay. A comprehensive overview of these rules is available here.

Merchants have the same responsibilities as payment providers.

However, PCI compliance is not just the responsibility of your service provider - the merchant must be compliant too. Payment providers will guarantee compliance with PCI standards, but this is reliant on your web hosting platform being secure. With Magento 1 no longer being supported by Adobe for patches and updates, this automatically puts you at risk.

Best case scenario - you’re vulnerable to hackers who could gain access to your customers’ credit card data. Worst case - you could end up paying huge fines issued by the credit card companies if you’re found to be non-compliant in this area - as much as 10% of your group annual turnover, with additional sanctions for GDPR breaches which would be handled separately. As Magento 1 fades further into history, the risk of breaches and hacks increases as the code becomes more outdated.

What about third party security support/plugins?

Unfortunately, because Adobe isn't supporting Magento 1 with security patches, any unofficial third party add-ons are likely to be ineffective when it comes to meeting the PCI Data Security Standards, the guidelines which determine whether your website is compliant. You won’t know whether these solutions work until a breach happens and they primarily deal with known vulnerabilities, so the sensible thing to do is avoid taking the risk in the first place.

Migrating your website is no small task – but we can help.

Migrating your website can be a daunting prospect. It’s not a small task and there are more options than ever for where to go. Magento 2 might seem like the obvious choice, but there’s also Shopify, among others. Site turnover and future growth projections will play a big part in this decision so do your research, or speak to one of the experts at Absolute Design to see where you might fit best.

Not only will you benefit from becoming PCI compliant by migrating to a newer platform, you’ll also ensure any other areas of your site are as up-to-date as possible. With new plugins and widgets being developed all the time, it pays to stay fresh.

If you’re worried about site disruption during the changeover, we hear you. It’s a big change and can take anything from a few weeks to a few months, but there are steps you can take to mitigate this. Absolute Design has already helped many businesses switch platforms. and we can offer an accurate estimate based on our extensive knowledge of ecommerce platform migration. We’re Adobe Bronze Solution Partners and Shopify Partners so the chances are, any issues that may arise will already be in our knowledge base.

Not acting soon could be a costly mistake.

Remember, the cost to your business of a breach in data security can be much more than just the loss of customer trust. PCI non-compliance can be sanctioned with fines of up to 10% of your group annual turnover. Relationships with service providers and customers could be eroded, and during all this you’ll have to migrate anyway. A proactive approach now could save your reputation, along with a lot of money. Speak to Absolute today to discuss how we can help make this process as seamless as possible. We also provide ongoing support to keep your site, and your business, ahead of the curve.