Guest post, by Joshua Grant, Director of Digital at Absolute Design
In the UK alone, there are almost 3,000 live Magento 1 websites that are not compliant with PCI DSS (Payment Card Information Data Security Standard) rules - could yours be one of them?
If you’re still using Magento 1, your website may not PCI compliant. Read on to understand what that means for merchants.
As of 30th June 2020, Magento 1 was no longer supported for updates and patches, which could mean you’re unprotected when it comes to taking card payments from your customers. As part of the PCI compliance rules, you must be using a currently supported platform to ensure customer payment data is handled safely and sensitively. Regardless of your payments plugin(s).
PCI compliance is not just the responsibility of your service provider - the merchant must be compliant too - since you’ve probably agreed to maintain security on your site when self certifying via a third party payment gateway. So what does this mean for your Magento 1 website?
Best case scenario - you’re vulnerable to hackers who could gain access to your customers’ credit card data. Worst case - you could end up paying huge fines issued by the credit card companies if you’re found to be non-compliant in this area - as much as 10% of your group annual turnover, and that’s not factoring in GDPR breaches which have additional sanctions. And as Magento 1 fades further into history, the risk of breaches and hacks increases as the code becomes more antiquated.
“But I’m using a third party security support.”
Magento 1 x PCI compliance
Unfortunately, because Adobe isn't supporting Magento 1 with security patches, any unofficial third party add-ons are likely to be ineffective when it comes to meeting the PCI Data Security Standards, the guidelines which determine whether your website is compliant. You won’t know whether these solutions work until a breach happens and they primarily deal with known vulnerabilities, so the sensible thing to do is avoid taking the risk in the first place.
Migrating your website can be a daunting prospect. It’s not a small task and there are more options than ever for where to go. Magento 2 might seem like the obvious choice, but there’s also Shopify, among others. Site turnover and future growth projections will play a big part in this decision so do your research, or speak to one of the experts at Absolute Design to see where you might fit best.
Not only will you benefit from becoming PCI compliant by migrating to a newer platform, you’ll also ensure any other areas of your site are as up-to-date as possible. With new plugins and widgets being developed all the time, it pays to stay fresh.
If you’re worried about site disruption during the changeover, we hear you. It’s a big change and can take anything from a few weeks to a few months, but there are steps you can take to mitigate this.
What does this mean for merchants?
Absolute Design has already helped many businesses switch platforms and we can offer an accurate estimate based on our extensive knowledge of ecommerce platform migration. We’re Adobe Bronze Solution Partners and Shopify Partners so the chances are, any issues that may arise will already be in our knowledge base.
Remember, the cost to your business of a breach in data security can be much more than just the loss of customer trust. PCI non-compliance can be sanctioned with fines of up to 10% of your group annual turnover. Relationships with service providers and customers could be eroded, and in the midst of all this you’ll have to migrate anyway. A proactive approach now could save your reputation, along with a lot of money. Speak to Absolute today to discuss how we can help make this process as seamless as possible. We also provide ongoing support to keep your site, and your business, ahead of the curve.
Mollie x Absolute Design
Absolute Design are an expert ecommerce agency and an Adobe Bronze Solutions Partner. Their team is certified in Adobe Commerce, Magento Open Source and Shopify and specialise in development and strategy for SMEs.