MasterCard, Visa and PayPal warn of Magento 1.x EOL

Blog

Connect, Educate, Learn, Collaborate...

29Jun
2020

MasterCard joins Visa, PayPal, Adobe and the FBI to warn merchants of Magento 1.x EOL

You can’t say no one told you. Magento 1.x store owners you have been warned! 

Visa and MasterCard, the payment processors, along with Adobe and PayPal have all tried last-ditch efforts to get legacy Magento 1.x store owners to update their platforms.

As of June 30, the Magento 1.x platform will reach its End-of-Life (EOL) date, after which Adobe will not offer any security updates.

Magento stores that haven’t updated to the latest 2.x version and are still running on Magento 1.x will become highly vulnerable to attacks from hackers.

“The danger is considered high as for the past three years, hackers have been heavily exploiting Magento bugs to breach stores and insert payment card-stealing code in checkout forms — in a form of attack known as web skimming or Magecart.” Per the security experts at ZDNet

Still debating IF you should Migrate? 

Here are some sobering reasons to make up your mind and start the migration process  

(1) MasterCard

 MasterCard has begun to notify acquiring banks to ensure they are aware of their merchants using end of life software such as Magento 1.

 (2) VISA

In April 2020, Visa announced urgent action is required to migrate from Magento 1 and prevent the loss of payment card data, as well as what the penalties would cost for that breach of data.

(3)PayPal

PayPal stated if you are currently integrated with Magento 1. You must migrate to Magento 2 or another platform before June 30, 2020, to Maintain PCI compliance, not just with PayPal but with all credit card processors.

(4) The FBI

In May 2020 the FBI (Federal Bureau of Investigation, Cyber Division) sent a Magento plugin vulnerability alert.

FBI in a flash security alert said that hackers are exploiting a three-year-old vulnerability in MAGMI (Magento Mass Import) plugin, for Magento 1.x stores. The hackers are using this vulnerability to take full control of the targeted Magento 1 stores and plant a malicious script to record and steal the payment card data of buyers.
FBI advised that store owners should update their Magento 1.x stores, not just the MAGMI plugin, to version 2.x to continue receiving security updates.

As per Requirement 6 of the PCI DSS, merchants need to “develop and maintain secure systems and applications by installing applicable vendor-supplied security patches.”  Magento 1 stores will not be able to meet this requirement after Magento 1 End of Life, June 2020.

What will happen if you run your store on Magento 1.x after June 2020:

  • High risk of data breaches, which could lead to fines, penalties as well as damage to your brand and reputation.
  • Your store becomes an easy target for hackers as there won’t be any upgrade or security patches.
  • Your store will fall out of Payment Card Industry Data Security Standards (PCI DSS) compliance.

We are here to help as a leading e-commerce agency with industry experience of more than 16 years. ioVista ensures that the Migration of your e-commerce platform will not only safeguard your store from risks of payment data security and PCI non-compliance but also enhance the UI and performance of your store.

Book a free consultation session with one of our e-commerce specialists to learn how easy and secure it is to migrate from Magento 1.x.

Mike Patel
Mike Patel

Archive